1. 下載elasticsearch
curl -L -O https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.11.1-linux-x86_64.tar.gz tar -xzvf elasticsearch-7.11.1-linux-x86_64.tar.gz cd elasticsearch-7.11.1 ./bin/elasticsearch
2.啟動elasticsearch
2.1 創建專用用戶組和用戶,root無法啟動
groupadd es useradd esuser -g es passwd esuser
2.2更改文件夾及內部文件的所屬用戶及組
chown -R esuser:es /usr/local/elasticsearch-7.11.1
2.3 切換用戶 到esuser
su esuser
2.4 elasticsearch 配置
vim /usr/local/elasticsearch-7.11.1/config/elasticsearch.yml
添加兩行,注意:冒號后面要帶一個空格
network.host: 0.0.0.0
cluster.initial_master_nodes: ["node-1"]
2.5 設置elasticsearch用戶擁有的內存權限,至少需要262144
su root
vim /etc/sysctl.conf
末尾添加一行:
vm.max_map_count=262144
/sbin/sysctl -p
2.6 jvm內存調小一些
vim /usr/local/elasticsearch-7.11.1/config/jvm.options
新增兩行,將內存調整至512m
-Xms512m
-Xmx512m
2.7 自定義管理腳本
vim /etc/init.d/elasticsearch在其中輸入下方的腳本代碼
#chkconfig: 2345 80 90
#description:elasticsearch
export ES_HOME=/usr/local/elasticsearch-7.11.1
case $1 in
start)
su esuser<<!
cd $ES_HOME
./bin/elasticsearch -d -p pid
exit
!
echo "elasticsearch is started"
;;
stop)
pid=`cat $ES_HOME/pid`
kill -9 $pid
echo "elasticsearch is stopped"
;;
restart)
pid=`cat $ES_HOME/pid`
kill -9 $pid
echo "elasticsearch is stopped"
sleep 1
su esuser<<!
cd $ES_HOME
./bin/elasticsearch -d -p pid
exit
!
echo "elasticsearch is started"
;;
*)
echo "start|stop|restart"
;;
esac
exit 0
#在命令行執行下面命令,賦予腳本執行權限
chmod +x elasticsearch
命令:
#啟動 /etc/init.d/elasticsearch start #停止 /etc/init.d/elasticsearch stop #重啟 /etc/init.d/elasticsearch restart
啟動后,命令行輸入curl -XGET http://localhost:9200,得到以下響應說明啟動成功
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
{
"name"
:
"localhost.localdomain"
,
"cluster_name"
:
"elasticsearch"
,
"cluster_uuid"
:
"_na_"
,
"version"
: {
"number"
:
"7.11.1"
,
"build_flavor"
:
"default"
,
"build_type"
:
"tar"
,
"build_hash"
:
"ff17057114c2199c9c1bbecc727003a907c0db7a"
,
"build_date"
:
"2021-02-15T13:44:09.394032Z"
,
"build_snapshot"
:
false
,
"lucene_version"
:
"8.7.0"
,
"minimum_wire_compatibility_version"
:
"6.8.0"
,
"minimum_index_compatibility_version"
:
"6.0.0-beta1"
},
"tagline"
:
"You Know, for Search"
}
|
4、kibana安裝
curl -L -O https://artifacts.elastic.co/downloads/kibana/kibana-7.11.1-linux-x86_64.tar.gz tar xzvf kibana-7.11.1-linux-x86_64.tar.gz cd kibana-7.11.1-linux-x86_64/ ./bin/kibana
都是開箱即用,建議手動移動目錄到/usr/local/下
啟動kibana
4.1 創建專用用戶組和用戶,root無法啟動
Kibana should not be run as root. Use --allow-root to continue.
useradd kibana -g es passwd kibana
4.2更改文件夾及內部文件的所屬用戶及組
chown -R esuser:es /usr/local/kibana-7.11.1-linux-x86_64
仿照搞一個kibana的啟動腳本
#!/bin/bash
#chkconfig: 2345 80 90
#description:kibana
export KB_HOME=/usr/local/kibana-7.11.1-linux-x86_64
case $1 in
start)
su kibana<<!
cd $KB_HOME
nohup ./bin/kibana &
exit
!
echo "kibana is started"
;;
stop)
pid=`cat $KB_HOME/pid`
kill -9 $pid
echo "kibana is stopped"
;;
restart)
pid=`cat $KB_HOME/pid`
kill -9 $pid
echo "kibana is stopped"
sleep 1
su kibana<<!
cd $KB_HOME
nohup ./bin/kibana &
exit
!
echo "kibana is started"
;;
*)
echo "start|stop|restart"
;;
esac
exit 0
賦予權限:
#在命令行執行下面命令,賦予腳本執行權限
chmod +x elasticsearch
腳本啟動命令
#啟動
/etc/init.d/kibana start
#停止
/etc/init.d/kibana stop
#重啟
/etc/init.d/kibana restart
此處停止、重啟命令都不好使,需要使用查找進程、殺死進程的方法,不然運行停止、重啟命令不好使還找不到哪里的問題!!
至此,本可以通過/etc/init.d/kibana運行,但是報錯,所以修改上面腳本中的啟動命令為:
nohup ./bin/kibana &
至此,可以啟動kibana了 ,然后需要開放5601端口
在瀏覽器中輸入ip:5601顯示無法打開,應該是端口沒開放的原因,查看端口狀態命令:firewall-cmd --query-port=5601/tcp 開啟端口命令:firewall-cmd --zone=public --add-port=5601/tcp --permanent 重新加載防火牆:firewall-cmd --reload 再輸入地址端口號,可以正確顯示頁面
5
Setting built-in user passwords
You must set the passwords for all built-in users.
The elasticsearch-setup-passwords tool is the simplest method to set the built-in users' passwords for the first time. It uses the elastic user’s bootstrap password to run user management API requests. For example, you can run the command in an "interactive" mode, which prompts you to enter new passwords for the elastic, kibana_system, logstash_system, beats_system, apm_system, and remote_monitoring_user users:
elasticsearch-setup-passwords tool 命令只能輸入一次,設置過密碼再次輸入會報錯,Alternatively, you can set the initial passwords for the built-in users by using the Management > Users page in Kibana or the Change Password API. These methods are more complex. You must supply the elastic user and its bootstrap password to log into Kibana or run the API. This requirement means that you cannot use the default bootstrap password that is derived from the keystore.seed setting. Instead, you must explicitly set a bootstrap.password setting in the keystore before you start Elasticsearch. For example, the following command prompts you to enter a new bootstrap password:
我們剛剛部署的Kibana是不需要密碼就可以登錄的,這樣誰都可以kibana訪問並且更改索引數據,在生產環境中為了保證數據的安全,我們必須得給kibana加上密碼,保證用戶登錄后可進行操作。
主要是利用elasticsearch自帶的xpack作為權限驗證功能。操作步驟如下:
5.1. 修改ES配置開啟 X-PACK
修改ElasticSearch的配置文件,/app/elasticsearch/elasticsearch-7.13.4/config/elasticsearch.yml,開啟x-pack
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
5.2. 重啟ElasticSearch
./bin/elasticsearch -d
5.3. 初始化用戶密碼
cd /app/elasticsearch/elasticsearch-7.13.4/bin
./elasticsearch-setup-passwords interactive
執行后會出現下面的內容,讓你設置對應的密碼,輸入 y 繼續
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
...
Changed password for user [apm_system]
Changed password for user [kibana_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
5.4. 設置證書
啟用x-pack后ElasticSearch的啟動日志會報Caused by: javax.net.ssl.SSLHandshakeException: No available authentication scheme的異常,原因是因為缺少CA證書,所以我們需要給其生成一個。
./bin/elasticsearch-certutil ca
看到提示后直接回車即可,不用設置密碼
If you elect to generate PEM format certificates (the -pem option), then the output will
be a zip file containing individual files for the CA certificate and private key
Please enter the desired output file [elastic-stack-ca.p12]: # 直接回車
Enter password for elastic-stack-ca.p12 : # 直接回車
之后我們在ElasticSearch的安裝目錄下會看到這個證書文件elastic-stack-ca.p12現在我們借助生成的這個證書文件生成p12秘鑰
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
看到提示后還是直接回車,不設置密碼
Enter password for CA (elastic-stack-ca.p12) : # 直接回車
Please enter the desired output file [elastic-certificates.p12]: # 回車
Enter password for elastic-certificates.p12 : # 回車
# 文件路徑
Certificates written to /app/elasticserach/elasticsearch-7.13.4/elastic-certificates.p12
此時文件如下:在config目錄下創建certs目錄,並將生成的秘鑰文件拷貝進去
mkdir certs
cp ../elastic-certificates.p12 certs/elastic-certificates.p12
再次修改ElasticSearch的配置文件elasticsearch.yml中xpack相關配置
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
接着再次重啟ElasticSearch,報錯
uncaught exception in thread [main] ElasticsearchSecurityException[failed to load SSL configuration [xpack.security.transport.ssl]]; nested: ElasticsearchException[failed to initialize SSL TrustManager
- not permitted to read truststore file [/usr/local/elasticsearch-7.11.1/config/certs/elastic-certificates.p12]]; nested: AccessDeniedException
[/usr/local/elasticsearch-7.11.1/config/certs/elastic-certificates.p12]; Likely root cause: java.nio.file.AccessDeniedException: /usr/local/elasticsearch-7.11.1/config/certs/elastic-certificates.p12
給該文件授權 chmod 777 /usr/local/elasticsearch-7.11.1/config/certs/elastic-certificates.p12
再次重啟elasticsearch,不再報錯。
但是登陸時候登不上,報錯,登陸命令curl -u esuser http://localhost:9200/
報錯信息:
Enter host password for user 'esuser':
{"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [esuser] for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"unable to authenticate user [esuser] for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}[root@localhost bin]# curl -u esuser http://localhost:9200/
查看日志報錯信息如下:】
[2022-02-25T08:14:11,003][WARN ][o.e.t.TcpTransport ] [localhost.localdomain] exception caught on transport layer [Netty4TcpChannel{localAddress=0.0.0.0/0.0.0.0:9300, remoteAddress=/0:0:0:0:0:0:0:1:43658}], closing connection
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: No available authentication scheme
搞不定了,去官網再看看
Getting started with the Elastic Stack | Getting Started [7.11] | Elastic
Security overview | Elasticsearch Guide [7.11] | Elastic
文檔講有默認內置用戶,elastic就是,那就用elastic用戶來登陸試試,這個地方的密碼就是上面interactive命令設置的密碼,居然成功了,說明自己添加的esuser用戶沒有權限啊,看看怎么擴大權限。
curl -u elastic localhost:9200
Enter host password for user 'elastic':
{
"name" : "node-1",
"cluster_name" : "elk-application",
"cluster_uuid" : "xsAt7B-HQC29uS4bgcSw8Q",
"version" : {
"number" : "7.11.1",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "ff17057114c2199c9c1bbecc727003a907c0db7a",
"build_date" : "2021-02-15T13:44:09.394032Z",
"build_snapshot" : false,
"lucene_version" : "8.7.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
重新來一遍吧!!!!!!!!!!!