Ubuntu elasticsearch集群搭建

1.安装jdk
export JAVA_HOME=/home/yun/jdk1.8.0_191
export JRE_HOME=/home/yun/jdk1.8.0_191/jre
export CLASSPATH=.:$JAV{A}_{H}OME/lib:$JRE_HOME/lib:$CLASSPATHexportPATH=$JAVA_HOME/bin:$JR{E}_{H}OME/bin:$JAVA_HOME:$PATH
source /etc/profile 保存

2.配置 /etc/hosts
172.168.101.6 es1
172.168.101.7 es2

3.配置es
sudo apt-get unzip
unzip elasticsearch-5.4.0.zip

4.修改elasticsearch.yml
#集群名称
cluster.name: jz_elastic
#节点名称
node.name: node_1
#是否为主节点
node.master: true
#是否为数据节点
node.data: true
#数据文件路径
path.data: /home/yun/elasticsearch-5.4.0/data
#日志文件路径
path.logs: /home/yun/elasticsearch-5.4.0/logs
#注意配置0.0.0.0
network.host: 0.0.0.0
#http端口
http.port: 13000
#节点列表
discovery.zen.ping.unicast.hosts: [“172.168.101.6”, “172.168.101.7”]
#最小主节点数
discovery.zen.minimum_master_nodes: 1
###开始恢复的最小节点数
gateway.recover_after_nodes: 2

问题：
（1）org.elasticsearch.bootstrap.StartupException: java.lang.RuntimeException: can not run elasticsearch as root，不能以root用户的身份运行elasticsearch
解决方法：新建用户组和用户，并赋予其elasticsearch文件夹的权限
groupadd jiuzhang
useradd jiuzhang -g jiuzhang
chown -R jiuzhang:jiuzhang elasticsearch

(2) ERROR[1]：无法创建本地文件问题，用户最大可创建文件数太小
修改 /etc/security/limits.conf
添加以下内容：

•    soft    data            10485760
  

•    soft    fsize           104857600
  

•    soft    memlock         10485760
  

•    soft    nofile          65536
  

•    hard    nofile          131072
  

•    soft    rss             1048576
  

•    soft    nproc           40960
  

•    soft    maxlogins       64
  

(3) 最大虚拟内存太小
修改 /etc/sysctl.conf
添加
vm.max_map_count=655360
sudo sysctl -p 生效

5.安装hanlp中文分词插件

1.下载hanlp的插件， 将压缩包解压到/elasticsearch-5.4.0/plugins目录下，重命名为hanlp
2. 下载hanlp数据包，已有在/home/yun/hanlp_dic,
修改 修改/elasticsearch-5.4.0/plugins/hanlp目录下的hanlp.properties文件，修改根路径root=/home/yun/hanlp_dic/为数据包所在目录
给运行elasticsearch的用户分配权限

chown -R yun:yun hanlp
修改/elasticsearch-5.4.0/bin目录下elasticsearch.in.sh文件 ES_CLASSPATH=“$E{S}_{H}OME/lib/\ast :$ES_HOME/plugins/hanlp/”

问题
（1）java.security.AccessControlException: access denied (“java.util.PropertyPermission” “*” “read,write”)
看上去是权限的问题，这就用到hanlp目录下的plugin-security.policy文件，修改/elasticsearch-5.4.0/config/jvm.options文件，在末尾添加
-Djava.security.policy=/home/elasticsearch/plugins/hanlp/plugin-security.policy

6.开启elasticsearch服务
bin/elasticsearch
sudo ps -e |grep ssh
sudo ufw version
默认的用户名和密码
elastic changeme
curl -XGET -u elastic ‘localhost:13000/_xpack/security/user’

{“elastic”:{“username”:“elastic”,“roles”:[“superuser”],“full_name”:null,“email”:null,“metadata”:{"_reserved":true},“enabled”:true},“kibana”:{“username”:“kibana”,“roles”:[“kibana_system”],“full_name”:null,“email”:null,“metadata”:{"_reserved":true},“enabled”:true},“logstash_system”:{“username”:“logstash_system”,“roles”:[“logstash_system”],“full_name”:null,“email”:null,“metadata”:{"_reserved":true},“enabled”:true}}

7.常用操作
（1）查看某一用户：curl -XGET -u elastic ‘localhost:13000/_xpack/security/user/elastic’
curl -XGET -u elastic ‘localhost:13000/_xpack/security/user’
（2）查看所有的角色
curl -XGET -u elastic ‘localhost:13000/_xpack/security/role’
curl -XGET -u elastic ‘localhost:13000/_xpack/security/role/superuser’
（3）添加用户
curl -XPOST -u elastic ‘localhost:13000/_xpack/security/role/superuser’ -H “Content-Type: application/json” -d ‘{“cluster”:[“all”],“indices”:[{“names”:["*"],“privileges”:[“all”]}]}’
curl -XPOST -u jz_elastic ‘localhost:13000/_xpack/security/user/jz_elastic’ -H “Content-Type: application/json” -d ‘{
“password” : “!@#elasticKaTeX parse error: Expected 'EOF', got '}' at position 119: …gence" : 7 } }̲' （4）修改elastic用…%^”
}’

curl -XPUT -u elastic ‘localhost:13000/_xpack/security/user/elastic/_password’ -d ‘{
“password” : “123elastic$%^”
}’

（5） 修改kibana密码： 修改之前需要在kibana.yml中配置elasticsearch的用户名和密码后才能需改密码，否则会报错。
#If your Elasticsearch is protected with basic authentication, these settings provide # the username and password that the Kibana server uses to perform maintenance on the Kibana # index at startup. Your Kibana users still need to authenticate with Elasticsearch, which # is proxied through the Kibana
server. elasticsearch.username: “elastic”
elasticsearch.password: “your password”
curl -XPUT -u elastic ‘localhost:13000/_xpack/security/user/kibana/_password’ -d ‘{
“password” : “!@#kibana$%^”
}’

curl -XPUT -u elastic ‘localhost:13000/_xpack/security/user/kibana/_password’ -d ‘{
“password” : “123kibana$%^”
}’

8.开启kibana服务
bin/kibana
注：在搭建ELK平台时，因为我一般使用CRT进行SSH连接，但是因为Kibana是解压安装，所以当我们关闭SSH连接后程序就结束了，要想让程序在后台运行，我们可以使用nohup命令
[root@hdp5 kibana-4.1.2]# nohup /root/Apps/kibana-4.1.2/bin/kibana &
[1] 3266
[root@hdp5 kibana-4.1.2]# nohup: ignoring input and appending output to `nohup.out’
exit
logout