一、環境准備
1>准備三台centos7.2(本次實驗環境),
192.168.105.55
192.168.105.56
192.168.105.57
並按裝JDK1.8
創建用戶和組 elastic
groupadd elastic
adduser -g elastic -d /home/elastic elastic
2>必須要的系統配置:
/etc/security/limits.conf
* - nofile 65535
/etc/sysctl.conf
vm.max_map_count = 262144
要執行sysctl -p 持久化配置,不然切換用戶后,可能沒有生效
二、安裝配置
1、上傳elasticsearch-6.8.1.tar.gz包只三台服務器/home/elastic目錄下,並創建目錄/elastic/data 和/elastic/log
2、解壓安裝包 tar -xzvf elasticsearch-6.8.1.tar.gz,並將文件夾重命名為elasticsearch
3、修改配置文件elasticsearch/config/elasticsearch.yml
三台分別的node-1,node-2,node-3;
network.host分別為三台機器的ip
cluster.name: appEsCls
node.name: node-1
path.data: /home/elastic/elastic/data
path.logs: /home/elastic/elastic/log
network.host: 192.168.105.55
http.port: 9200
discovery.zen.ping.unicast.hosts: ["192.168.105.55", "192.168.105.56","192.168.105.57"]
gateway.recover_after_nodes: 3
然后啟動集群
三台機器分別執行elasticsearch/bin/elasticsearch -d (-d表示后台執行,可以不用)
啟動成功后查看日志: /home/elastic/log/appEsCls.log
分別有[node-X] started
然后查看集群狀態及節點狀態(可以分別查看各個節點的情況)
curl http://192.168.105.55:9200/_cat/health?v
curl http:/192.168.105.57:9200/_cat/nodes?v
master下面的*表示該節點為master節點
三、x-pack設置elasticsearch安全訪問
1.任意一台服務器上執行命令
./elasticsearch-certgen
#####################################
Please enter the desired output file [certificate-bundle.zip]: cert.zip (壓縮包名稱)
Enter instance name: appEsCls(實例名)
Enter name for directories and files [p4mES]: elasticsearch(文件夾名)
Enter IP Addresses for instance (comma-separated if more than one) []: 192.168.105.55,192.168.105.56,192.168.105.57(實例ip,多個ip用逗號隔開)
Enter DNS names for instance (comma-separated if more than one) []: node-1,node-2,node-3(節點名,多個節點用逗號隔開)
Would you like to specify another instance? Press 'y' to continue entering instance information: (到達這一步,不需要按y重新設置,按空格鍵就完成了)
Certificates written to /home/elastic/elasticsearch/bin/cert.zip(這個是生成的文件存放地址,不用填寫)
2. 將壓縮文件cert.zip分別拷貝紙三台機器的 /home/elastic/elasticsearch/config文件夾下並解壓,
生成ca和elasticsearch並修改配置文件elasticsearch.yml
增加如下配置:
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.ssl.key: elasticsearch/elasticsearch.key
xpack.ssl.certificate: elasticsearch/elasticsearch.crt
xpack.ssl.certificate_authorities: ca/ca.crt
3. 重啟三台節點
執行elasticsearch/bin/elasticsearch-setup-passwords interactive
自定義設置elastic、kibana....等所有工具的登錄密碼 最高級賬號elastic 可以登錄所有組件
然后再重啟三台節點
這時,執行curl命令則需要驗證密碼了
curl http://192.168.105.57:9200?pretty
curl -u elastic:123456 http://192.168.105.57:9200
四、Java客戶端編寫
1、普通客戶端程序
pom.xml:
<dependency>
<groupId>org.elasticsearch</groupId>
<artifactId>elasticsearch</artifactId>
<version>${elasticsearch.version}</version>
</dependency>
<dependency>
<groupId>org.elasticsearch.client</groupId>
<artifactId>transport</artifactId>
<version>${elasticsearch.version}</version>
</dependency>
<dependency>
<groupId>org.elasticsearch.plugin</groupId>
<artifactId>transport-netty4-client</artifactId>
<version>${elasticsearch.version}</version>
</dependency>
code:
@Configuration
public class ElasticSearchClientConfig {
@Value("${elasticsearch.cluster-nodes}")
private String clusterNodes;
@Value("${elasticsearch.cluster-name}")
private String clusterName;
@Bean
public Client client() {
Settings settings = Settings.builder().put("cluster.name", clusterName)
.put("client.transport.sniff", true).build();
TransportClient client = new PreBuiltTransportClient(settings);
try {
if (clusterNodes != null && !"".equals(clusterNodes)) {
for (String node : clusterNodes.split(",")) {
String[] nodeInfo = node.split(":");
client.addTransportAddress(new TransportAddress(InetAddress.getByName(nodeInfo[0]), Integer.parseInt(nodeInfo[1])));
}
}
} catch (UnknownHostException e) {
}
return client;
}
}
2、帶X-PACK授權控制的客戶端編寫
pom.xml:
<dependency>
<groupId>org.elasticsearch</groupId>
<artifactId>elasticsearch</artifactId>
<version>${elasticsearch.version}</version>
</dependency>
<dependency>
<groupId>org.elasticsearch.client</groupId>
<artifactId>x-pack-transport</artifactId>
<version>${elasticsearch.version}</version>
</dependency>
<dependency>
<groupId>org.elasticsearch.plugin</groupId>
<artifactId>transport-netty4-client</artifactId>
<version>${elasticsearch.version}</version>
</dependency>
注意:version 為6.8.1的x-pack-transport的jar可能無法下載,需要添加repository:
https://artifacts.elastic.co/maven
<profiles>
<profile>
<id>dev</id>
<repositories>
<repository> <!-- 增加elastic倉庫 -->
<id>elasticsearch-releases</id>
<url>https://artifacts.elastic.co/maven</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
</repositories>
<pluginRepositories>
</pluginRepositories>
</profile>
</profiles>
code:
@Configuration
public class ElasticSearchClientConfig{
@Value("${elasticsearch.cluster-nodes}")
private String clusterNodes;
@Value("${elasticsearch.cluster-name}")
private String clusterName;
@Value("${elasticsearch.user-password}")
private String userPwd;
@Bean
public Client client() {
Settings settings = Settings.builder().put("cluster.name", clusterName)
.put("xpack.security.user", userPwd)
.put("xpack.ssl.key", "E:/elasticsearch/elasticsearch.key")
.put("xpack.ssl.certificate", "E:/elasticsearch/elasticsearch.crt")
.put("xpack.ssl.certificate_authorities", "E:/ca/ca.crt")
.put("xpack.security.transport.ssl.enabled", "true").build();
TransportClient client = new PreBuiltXPackTransportClient(settings);
try {
if (clusterNodes != null && !"".equals(clusterNodes)) {
for (String node : clusterNodes.split(",")) {
String[] nodeInfo = node.split(":");
client.addTransportAddress(new TransportAddress(InetAddress.getByName(nodeInfo[0]), Integer.parseInt(nodeInfo[1])));
}
}
} catch (UnknownHostException e) {
}
return client;
}
}