es部署

 

部署單機版es

tar xf elasticsearch-7.16.0-linux-x86_64.tar.gz
./bin/elasticsearch -d
can not run elasticsearch as root

su - machangwei
./bin/elasticsearch -d #切換用戶后沒有權限訪問jdk目錄
warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME
could not find java in JAVA_HOME at /opt/jdk/bin/java

ls: cannot open directory /opt/jdk/: Permission denied

退回到root
vim bin/elasticsearch-env
JAVA_HOME=/application/elasticsearch-7.16.0/jdk
chown -R machangwei.machangwei elasticsearch-7.16.0
su - machangwei

[machangwei@mcw1 ~]$ cd /application/elasticsearch-7.16.0/bin/
[machangwei@mcw1 /application/elasticsearch-7.16.0/bin]$ ./elasticsearch -d
warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME
warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME

 

只能本機訪問：

[root@mcw1 /application]$ curl http://127.0.0.1:9200/
{
"name" : "mcw1",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "00voBHA3RUKvKy_Wl-VyEQ",
"version" : {
"number" : "7.16.0",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "6fc81662312141fe7691d7c1c91b8658ac17aa0d",
"build_date" : "2021-12-02T15:46:35.697268109Z",
"build_snapshot" : false,
"lucene_version" : "8.10.1",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
[root@mcw1 /application]$

[root@mcw1 /application]$ curl http://10.0.0.131:9200/
curl: (7) Failed connect to 10.0.0.131:9200; Connection refused

添加配置，重啟es報錯，

[machangwei@mcw1 /application/elasticsearch-7.16.0/config]$ grep network.host elasticsearch.yml
network.host: 10.0.0.131
====錯誤信息：
ERROR: [3] bootstrap checks failed. You must address the points described in the following [3] lines before starting Elasticsearch.
bootstrap check failure [1] of [3]: max number of threads [3827] for user [machangwei] is too low, increase to at least [4096]
bootstrap check failure [2] of [3]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
bootstrap check failure [3] of [3]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured
ERROR: Elasticsearch did not exit normally - check the logs at /application/elasticsearch-7.16.0/logs/elasticsearch.log

添加配置啟動
[machangwei@mcw1 /application/elasticsearch-7.16.0]$ vim config/elasticsearch.yml
[machangwei@mcw1 /application/elasticsearch-7.16.0]$ tail config/elasticsearch.yml
# To protect your data, we strongly encourage you to enable the Elasticsearch security features.
# Refer to the following documentation for instructions.
#
# https://www.elastic.co/guide/en/elasticsearch/reference/7.16/configuring-stack-security.html
discovery.seed_hosts: ["10.0.0.131"]
cluster.initial_master_nodes: ["esmcw1"]
cluster.name: escluster
node.name: esmcw1
network.host: 0.0.0.0
http.port: 9200

啟動后還是報錯：最大線程數太少，最大虛擬內存太少

ERROR: [2] bootstrap checks failed. You must address the points described in the following [2] lines before starting Elasticsearch.
bootstrap check failure [1] of [2]: max number of threads [3827] for user [machangwei] is too low, increase to at least [4096]
bootstrap check failure [2] of [2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
ERROR: Elasticsearch did not exit normally - check the logs at /application/elasticsearch-7.16.0/logs/escluster.log ls^C
[root@mcw1 /application]$ tail /application/elasticsearch-7.16.0/logs/escluster.log
[2021-12-22T09:26:13,015][ERROR][o.e.b.Bootstrap ] [esmcw1] node validation exception
[2] bootstrap checks failed. You must address the points described in the following [2] lines before starting Elasticsearch.
bootstrap check failure [1] of [2]: max number of threads [3827] for user [machangwei] is too low, increase to at least [4096]
bootstrap check failure [2] of [2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

 

[root@mcw1 /application]$ tail -1 /etc/sysctl.conf #添加系統配置vm.max_map_count，解決了虛擬內存問題，但是還有報錯
vm.max_map_count=655360
==還報錯：
[2021-12-22T09:41:48,876][ERROR][o.e.b.Bootstrap ] [esmcw1] node validation exception
[1] bootstrap checks failed. You must address the points described in the following [1] lines before starting Elasticsearch.
bootstrap check failure [1] of [1]: max number of threads [3827] for user [machangwei] is too low, increase to at least [4096]

 

設置/etc/security/limits.conf

* soft nproc 5000
* hard nproc 5000
root soft nproc 5000
root hard nproc 5000
重啟服務器生效.應該有不需要重啟服務器的方法，回頭研究

這次再啟動就不報錯退出進程了。並且可以使用這個ip進行訪問了

[root@mcw1 ~]$ curl http://10.0.0.131:9200/
{
"name" : "esmcw1",
"cluster_name" : "escluster",
"cluster_uuid" : "00voBHA3RUKvKy_Wl-VyEQ",
"version" : {
"number" : "7.16.0",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "6fc81662312141fe7691d7c1c91b8658ac17aa0d",
"build_date" : "2021-12-02T15:46:35.697268109Z",
"build_snapshot" : false,
"lucene_version" : "8.10.1",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}

 

瀏覽器也可以訪問了

 

安裝訪問客戶端工具

谷歌添加插件

 

 添加es-head插件：連接es訪問：

命令行訪問es集群狀況

curl -XGET  -H "Content-Type: application/json" http://10.0.0.131:9200/_cat/health?v

 

python調用es

導入使用es

 

 查詢出來剛剛插入的數據

 

 

 Elasticsearch 安全配置

 vi elasticsearch.yml

添加配置:

 

xpack.security.enabled: true

xpack.security.transport.ssl.enabled: true

xpack.security.transport.ssl.verification_mode: certificate

xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12

xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12

 

生成證書文件

 

生成證書文件，執行以下指令，將生成的文件復制到 elasticsearch-7.16.0/config/certs目錄下. 這個不需要es運行即可以操作

cd elasticsearch-7.16.0

bin/elasticsearch-certutil ca 

輸入證書文件名：elastic-certificates.p12

輸入密碼：mcw_es_passwd123

mkdir -p config/certs

    cp elastic-certificates.p12  config/certs/elastic-certificates.p12

3.將文件elastic-certificates.p12 提交到其他節點elasticsearch-7.16.0/config/certs下。在其他節點執行以下指令，設置生成p12文件時輸入的密碼.

bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password

輸入密碼：mcw_es_passwd123

bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password

輸入密碼：mcw_es_passwd123 

4.啟動各個節點的es。

cd elasticsearch-7.16.0/bin

elasticsearch -d

 

5.添加訪問賬戶和密碼,執行指令, 需要為4個用戶分別設置密碼，

 

默認用戶設置密碼

elasticmcw_es_passwd123

kibana,mcw_es_passwd123

logstash_system,mcw_es_passwd123

beats_systemmcw_es_passwd123

 

cd elasticsearch-7.16.0

./bin/elasticsearch-setup-passwords interactive

//輸入密碼

//輸入密碼 

…

 

總是報錯，重試了很多次生成證書文件，后來沒報錯，啟動成功后，設置密碼也可以了

 

[machangwei@mcw1 /application/elasticsearch-7.16.0]$ ./bin/elasticsearch-setup-passwords interactive

warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME

Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.

You will be prompted to enter passwords as the process progresses.

Please confirm that you would like to continue [y/N]y

 

 

Enter password for [elastic]: 

Reenter password for [elastic]: 

Enter password for [apm_system]: 

Reenter password for [apm_system]: 

Enter password for [kibana_system]: 

Reenter password for [kibana_system]: 

Enter password for [logstash_system]: 

Reenter password for [logstash_system]: 

Enter password for [beats_system]: 

Reenter password for [beats_system]: 

Enter password for [remote_monitoring_user]: 

Reenter password for [remote_monitoring_user]: 

Changed password for user [apm_system]

Changed password for user [kibana_system]

Changed password for user [kibana]

Changed password for user [logstash_system]

Changed password for user [beats_system]

Changed password for user [remote_monitoring_user]

Changed password for user [elastic]

 

帶用戶密碼的curl命令查看集群狀態

[machangwei@mcw1 /application/elasticsearch-7.16.0]$ curl -XGET -u elastic:mcw_es_passwd123 -H "Content-Type: application/json" http://10.0.0.131:9200/_cat/health?v

epoch      timestamp cluster   status node.total node.data shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent

1640213613 22:53:33  escluster yellow          1         1      5   5    0    0        1             0                  -                 83.3%

 

帶用戶密碼的瀏覽器和es-head訪問：

 

 

 

 帶密碼的python訪問：

from elasticsearch import Elasticsearch
es = Elasticsearch(['10.0.0.131:9200'],http_auth=('elastic', 'mcw_es_passwd123'))
#print(es.index(index='mcw', doc_type='doc', id='1', body={"name":"小馬過河", "age": 18}))
print(es.search(index='mcw', doc_type='doc'))


方法二：

from elasticsearch import Elasticsearch
es = Elasticsearch(['10.0.0.131'],http_auth=('elastic', 'mcw_es_passwd123'), port=9200, timeout=50000)
#print(es.index(index='mcw', doc_type='doc', id='1', body={"name":"小馬過河", "age": 18}))
print(es.search(index='mcw', doc_type='doc'))

 

 

 

 

 

 

 

問題

剛剛配置了xpack沒有重啟

[machangwei@mcw1 /application/elasticsearch-7.16.0]$ ./bin/elasticsearch-setup-passwords interactive

warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME

 

Unexpected response code [500] from calling GET http://10.0.0.131:9200/_security/_authenticate?pretty

It doesn't look like the X-Pack security feature is enabled on this Elasticsearch node.

Please check if you have enabled X-Pack security in your elasticsearch.yml configuration file.

 

 

ERROR: X-Pack Security is disabled by configuration.

 

Caused by: java.io.IOException: keystore password was incorrect

 

ElasticsearchSecurityException[failed to load SSL configuration [xpack.security.transport.ssl]]; nested: ElasticsearchException[failed to initialize SSL TrustManager]; nested: IOException[keystore password was incorrect]; nested: UnrecoverableKeyException[failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.];

Likely root cause: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.

 

部署單機版estar xf elasticsearch-7.16.0-linux-x86_64.tar.gz./bin/elasticsearch -dcan not run elasticsearch as root
su - machangwei./bin/elasticsearch -d  #切換用戶后沒有權限訪問jdk目錄warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOMEcould not find java in JAVA_HOME at /opt/jdk/bin/java
ls: cannot open directory /opt/jdk/: Permission denied
退回到rootvim bin/elasticsearch-envJAVA_HOME=/application/elasticsearch-7.16.0/jdkchown -R machangwei.machangwei elasticsearch-7.16.0su - machangwei
[machangwei@mcw1 ~]$ cd /application/elasticsearch-7.16.0/bin/[machangwei@mcw1 /application/elasticsearch-7.16.0/bin]$ ./elasticsearch -dwarning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOMEwarning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME

只能本機訪問：[root@mcw1 /application]$ curl http://127.0.0.1:9200/{  "name" : "mcw1",  "cluster_name" : "elasticsearch",  "cluster_uuid" : "00voBHA3RUKvKy_Wl-VyEQ",  "version" : {    "number" : "7.16.0",    "build_flavor" : "default",    "build_type" : "tar",    "build_hash" : "6fc81662312141fe7691d7c1c91b8658ac17aa0d",    "build_date" : "2021-12-02T15:46:35.697268109Z",    "build_snapshot" : false,    "lucene_version" : "8.10.1",    "minimum_wire_compatibility_version" : "6.8.0",    "minimum_index_compatibility_version" : "6.0.0-beta1"  },  "tagline" : "You Know, for Search"}[root@mcw1 /application]$ 

[root@mcw1 /application]$ curl http://10.0.0.131:9200/curl: (7) Failed connect to 10.0.0.131:9200; Connection refused
添加配置，重啟es報錯，[machangwei@mcw1 /application/elasticsearch-7.16.0/config]$ grep network.host elasticsearch.yml network.host: 10.0.0.131====錯誤信息：ERROR: [3] bootstrap checks failed. You must address the points described in the following [3] lines before starting Elasticsearch.bootstrap check failure [1] of [3]: max number of threads [3827] for user [machangwei] is too low, increase to at least [4096]bootstrap check failure [2] of [3]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]bootstrap check failure [3] of [3]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configuredERROR: Elasticsearch did not exit normally - check the logs at /application/elasticsearch-7.16.0/logs/elasticsearch.log

添加配置啟動[machangwei@mcw1 /application/elasticsearch-7.16.0]$ vim config/elasticsearch.yml [machangwei@mcw1 /application/elasticsearch-7.16.0]$ tail config/elasticsearch.yml# To protect your data, we strongly encourage you to enable the Elasticsearch security features. # Refer to the following documentation for instructions.## https://www.elastic.co/guide/en/elasticsearch/reference/7.16/configuring-stack-security.htmldiscovery.seed_hosts: ["10.0.0.131"]cluster.initial_master_nodes: ["esmcw1"]cluster.name: esclusternode.name: esmcw1network.host: 0.0.0.0http.port: 9200

啟動后還是報錯：最大線程數太少，最大虛擬內存太少ERROR: [2] bootstrap checks failed. You must address the points described in the following [2] lines before starting Elasticsearch.bootstrap check failure [1] of [2]: max number of threads [3827] for user [machangwei] is too low, increase to at least [4096]bootstrap check failure [2] of [2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]ERROR: Elasticsearch did not exit normally - check the logs at /application/elasticsearch-7.16.0/logs/escluster.log                                               ls^C[root@mcw1 /application]$ tail  /application/elasticsearch-7.16.0/logs/escluster.log [2021-12-22T09:26:13,015][ERROR][o.e.b.Bootstrap          ] [esmcw1] node validation exception[2] bootstrap checks failed. You must address the points described in the following [2] lines before starting Elasticsearch.bootstrap check failure [1] of [2]: max number of threads [3827] for user [machangwei] is too low, increase to at least [4096]bootstrap check failure [2] of [2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]


[root@mcw1 /application]$ tail -1 /etc/sysctl.conf  #添加系統配置vm.max_map_count，解決了虛擬內存問題，但是還有報錯vm.max_map_count=655360==還報錯：[2021-12-22T09:41:48,876][ERROR][o.e.b.Bootstrap          ] [esmcw1] node validation exception[1] bootstrap checks failed. You must address the points described in the following [1] lines before starting Elasticsearch.bootstrap check failure [1] of [1]: max number of threads [3827] for user [machangwei] is too low, increase to at least [4096]


設置/etc/security/limits.conf
* soft nproc 5000* hard nproc 5000root soft nproc 5000root hard nproc 5000重啟服務器生效.應該有不需要重啟服務器的方法，回頭研究
這次再啟動就不報錯退出進程了。並且可以使用這個ip進行訪問了[root@mcw1 ~]$ curl http://10.0.0.131:9200/{  "name" : "esmcw1",  "cluster_name" : "escluster",  "cluster_uuid" : "00voBHA3RUKvKy_Wl-VyEQ",  "version" : {    "number" : "7.16.0",    "build_flavor" : "default",    "build_type" : "tar",    "build_hash" : "6fc81662312141fe7691d7c1c91b8658ac17aa0d",    "build_date" : "2021-12-02T15:46:35.697268109Z",    "build_snapshot" : false,    "lucene_version" : "8.10.1",    "minimum_wire_compatibility_version" : "6.8.0",    "minimum_index_compatibility_version" : "6.0.0-beta1"  },  "tagline" : "You Know, for Search"}


=========== Elasticsearch 安全配置 vi elasticsearch.yml添加配置:
xpack.security.enabled: truexpack.security.transport.ssl.enabled: truexpack.security.transport.ssl.verification_mode: certificatexpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
生成證書文件，執行以下指令，將生成的文件復制到 elasticsearch-7.16.0/config/certs目錄下. 這個不需要es運行即可以操作cd elasticsearch-7.16.0bin/elasticsearch-certutil ca 輸入證書文件名：elastic-certificates.p12輸入密碼：mcw_es_passwd123mkdir -p config/certs    cp elastic-certificates.p12  config/certs/elastic-certificates.p123.將文件elastic-certificates.p12 提交到其他節點elasticsearch-7.16.0/config/certs下。在其他節點執行以下指令，設置生成p12文件時輸入的密碼.bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password輸入密碼：mcw_es_passwd123bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password輸入密碼：mcw_es_passwd123 4.啟動各個節點的es。cd elasticsearch-7.16.0/binelasticsearch -d5.添加訪問賬戶和密碼,執行指令, 需要為4個用戶分別設置密碼，
默認用戶設置密碼elasticmcw_es_passwd123kibana,mcw_es_passwd123logstash_system,mcw_es_passwd123beats_systemmcw_es_passwd123
cd elasticsearch-7.16.0./bin/elasticsearch-setup-passwords interactive//輸入密碼//輸入密碼 …
總是報錯，重試了很多次生成證書文件，后來沒報錯，啟動成功后，設置密碼也可以了
[machangwei@mcw1 /application/elasticsearch-7.16.0]$ ./bin/elasticsearch-setup-passwords interactivewarning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOMEInitiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.You will be prompted to enter passwords as the process progresses.Please confirm that you would like to continue [y/N]y

Enter password for [elastic]: Reenter password for [elastic]: Enter password for [apm_system]: Reenter password for [apm_system]: Enter password for [kibana_system]: Reenter password for [kibana_system]: Enter password for [logstash_system]: Reenter password for [logstash_system]: Enter password for [beats_system]: Reenter password for [beats_system]: Enter password for [remote_monitoring_user]: Reenter password for [remote_monitoring_user]: Changed password for user [apm_system]Changed password for user [kibana_system]Changed password for user [kibana]Changed password for user [logstash_system]Changed password for user [beats_system]Changed password for user [remote_monitoring_user]Changed password for user [elastic]
curl命令查看集群狀態
剛剛配置了xpack沒有重啟[machangwei@mcw1 /application/elasticsearch-7.16.0]$ ./bin/elasticsearch-setup-passwords interactivewarning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME
Unexpected response code [500] from calling GET http://10.0.0.131:9200/_security/_authenticate?prettyIt doesn't look like the X-Pack security feature is enabled on this Elasticsearch node.Please check if you have enabled X-Pack security in your elasticsearch.yml configuration file.

ERROR: X-Pack Security is disabled by configuration.
Caused by: java.io.IOException: keystore password was incorrect
ElasticsearchSecurityException[failed to load SSL configuration [xpack.security.transport.ssl]]; nested: ElasticsearchException[failed to initialize SSL TrustManager]; nested: IOException[keystore password was incorrect]; nested: UnrecoverableKeyException[failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.];Likely root cause: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.