服务器列表
192.168.68.1
192.168.68.2
192.168.68.3
二、下载es安装包
mkdir /app
上传包到/app
tar -zxvf elasticsearch-7.14.1-linux-x86_64.tar.gz
cd elasticsearch-7.14.1
vim elasticsearch-7.14.1/config/elasticsearch.yml
三台服務器都操作
cluster.name: xxx-cluster
node.name: node-1
path.data: /app/elasticsearch-7.14.1/data
path.logs: /app/elasticsearch-7.14.1/logs
network.host: 0.0.0.0
http.port: 9200
discovery.seed_hosts: ["192.168.68.1", "192.168.68.2","192.168.68.3"]
cluster.initial_master_nodes: ["192.168.68.1", "192.168.68.2","192.168.68.3"]
discovery.zen.fd.ping_timeout: 120s
discovery.zen.fd.ping_retries: 6
discovery.zen.fd.ping_interval: 30s
#bootstrap.mlockall: true #默认为false. 表示锁住内存.当JVM进行内存转换时,es性能会降低, 设置此参数值为true即可锁住内存
由于elasticsearch不允许root用户启动 需创建elasticsearch 用户
useradd elasticsearch -g elasticsearch
chwon -R elasticsearch:elasticsearch /app/
su - elasticsearch
cd /app/elasticsearch-7.14.1/bin/
./elasticsearch -d (后台启动)
可以查看log下日志查看启动状态或者查看9200端口是否开启
查看集群健康状态
curl http://192.168.68.1:9200/_cluster/health?pretty
下一步开启认证
vim /app/elasticsearch-7.14.1/config/elasticsearch.yml
添加以下配置
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /app/elasticsearch-7.14.1/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /app/elasticsearch-7.14.1/config/elastic-certificates.p12
node.ingest: true
获取elastic-certificates.p12认证文件
cd /app/elasticsearch-7.14.1/bin/
./elasticsearch-certutil cert -out ../config/elastic-certificates.p12 -pass ""
只需一台服务器执行就行 然后将生成的文件elastic-certificates.p12 拷贝到其他2台服务器
添加用户
#自动生成账号密码
./elasticsearch-setup-passwords auto
#手动生成账号密码
./elasticsearch-setup-passwords interactive