1.下載
# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.6.2-linux-x86_64.tar.gz
2.解壓並重命名
# tar -zvxf elasticsearch-7.6.2-linux-x86_64.tar.gz -C /data/elastic/ # mv /data/elastic/elasticsearch-7.6.2 /dat/elastic/node1
實例一:
3.由於es不允許root用戶啟動,因此需要創建普通用戶,並把更改目錄權限 # useadd es # groupadd es # chown -R es:es /data/elastic/node1
4.編輯配置文件
# vim /data/elastic/node1/config/elasticsearch.yml bootstrap.system_call_filter: false processors: 4 node.master: true node.data: true cluster.name: rizhiyi_security network.host: ip bootstrap.memory_lock: true path.data: data path.logs: logs http.port: 9200 transport.tcp.port: 9300 node.name: ip_9300 discovery.seed_hosts: ["ip:9300", "ip:9301", "ip:9302"] cluster.initial_master_nodes: ["ip:9300", "ip:9301", "ip:9302"]
5.配置JVM
# vim /data/elastic/node1/config/jvm.options -Xms1g -Xmx1g -XX:+UseG1GC -XX:G1ReservePercent=25
6.配置好后切換到普通用戶啟動
# su - es # cd/data/elastic/node1 # ./bin/elasticsearch -d
7.啟動的時候如果遇到問題可以考慮一下java環境是否配置好,elasticsearch的權限是否為普通用戶,內存是否足夠。
實例二、三:
復制一份實例一的node1,命令為node2,node3,只需要把http.port:9200,transport.tcp.port:9300端口號更改即可其他步驟一樣。。
至此一個多實例es集群搭完
elasticsearch x-pack安全認證登錄/tcp啟用TLS
1. 生成CA證書,使用elasticsearch內部命令# bin/elasticsearch-certutil ca
2.為集群中每個節點生成證書和私鑰
# bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
將產生新文件 elastic-certificates.p12。系統還會提示你輸入密碼,你可以輸入證書和密鑰的密碼,也可以按Enter鍵將密碼留空。默認情況下 elasticsearch-certutil 生成沒有主機名信息的證書,這意味着你可以將證書用於集群中的每個節點,另外要關閉主機名驗證。(elastic-certificates.p12生成后移動到config目錄下)
3. 在所有節點elasticsearch.yml文件添加如下配置
xpack.security.enabled:true xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: ./elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: ./elastic-certificates.p12
4. 啟動主節點,建議用bin/elasticsearch運行,可以直觀查看運行情況
5. 主節點運行后,為集群設置密碼。注:需要所有集群節點啟動
# bin/elasticsearch-setup-passwords auto #或者將auto替換為interactive進行手動修改
6. 復制文件elasic-certificates.p12到其他節點
7. 啟動其他節點,可以在主節點運行中看到有其他節點加入
8. 查看集群狀態,因為啟動x-pack功能,故查看集群狀態時需要指定es用戶# curl -u elastic IP:9200/_cat/nodes -u指定用戶名,回車需要輸入密碼
9.在http啟用TLS在所有節點elasticsearch.yml文件添加如下配置
xpack.security.http.ssl.enabled: true xpack.security.http.ssl.keystore.path: ./elastic-certificates.p12 xpack.security.http.ssl.truststore.path: ./elastic-certificates.p12
10.重啟所有節點配置生效
完整elasticsearch.yml文件
botstrap.system_call_filter: false processors: 4 node.master: true node.data: true cluster.name: rizhiyi_security network.host: ip bootstrap.memory_lock: true path.data: data path.logs: logs http.port: 9200 transport.tcp.port: 9300 node.name: ip_9300 discovery.seed_hosts: ["ip:9300", "ip:9301", "ip:9302"] cluster.initial_master_nodes: ["ip:9300", "ip:9301", "ip:9302"] #開啟安全認證登錄 xpack.security.enabled: true ##tcp啟用TSL xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: ./elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: ./elastic-certificates.p12 #http啟用TLS xpack.security.http.ssl.enabled: true xpack.security.http.ssl.keystore.path: ./elastic-certificates.p12 xpack.security.http.ssl.truststore.path: ./elastic-certificates.p12