1、安裝
方式一:
#導入密鑰 wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg #將存儲庫定義保存到 /etc/apt/sources.list.d/elastic-7.x.list: echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list #安裝 sudo apt-get update && sudo apt-get install elasticsearch
方式二:
#手動下載安裝 wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.1-amd64.deb wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.1-amd64.deb.sha512 shasum -a 512 -c elasticsearch-7.17.1-amd64.deb.sha512 sudo dpkg -i elasticsearch-7.17.1-amd64.deb #刪除下載文件 sudo rm -r elasticsearch-7.17.1-amd64.deb && sudo rm -r elasticsearch-7.17.1-amd64.deb.sha512 #運行 Elasticsearch systemd sudo /bin/systemctl daemon-reload
2、啟動Elasticsearch
sudo systemctl enable elasticsearch.service && sudo systemctl start elasticsearch.service
3、驗證Elasticsearch是否正常
curl -X GET "localhost:9200/"
也可查看官方安裝文檔:https://www.elastic.co/guide/en/elasticsearch/reference/7.17/deb.html
4、安裝ik和pinyin分詞插件
查看es安裝的版本,然后找到對應ik分詞版本,要對應喲,將下載的ik包解壓到es對應的目錄下,然后重新啟動es即可;
ik安裝:
ik下載地址:https://github.com/medcl/elasticsearch-analysis-ik/releases
ubuntu@VM-0-3-ubuntu:~$ cd /usr/share/elasticsearch/plugins && sudo mkdir ik ubuntu@VM-0-3-ubuntu:/usr/share/elasticsearch/plugins$ cd ik ubuntu@VM-0-3-ubuntu:/usr/share/elasticsearch/plugins/ik$ sudo wget https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v7.17.1/elasticsearch-analysis-ik-7.17.1.zip ubuntu@VM-0-3-ubuntu:/usr/share/elasticsearch/plugins/ik$ sudo unzip elasticsearch-analysis-ik-7.17.1.zip ubuntu@VM-0-3-ubuntu:/usr/share/elasticsearch/plugins/ik$ sudo rm -r elasticsearch-analysis-ik-7.17.1.zip ubuntu@VM-0-3-ubuntu:/usr/share/elasticsearch/plugins/ik$ ls commons-codec-1.9.jar config httpclient-4.5.2.jar plugin-descriptor.properties commons-logging-1.2.jar elasticsearch-analysis-ik-7.17.1.jar httpcore-4.4.4.jar plugin-security.policy
pinyin安裝:
pinyin下載地址:https://github.com/medcl/elasticsearch-analysis-pinyin/releases
ubuntu@VM-16-8-ubuntu:/usr/share/elasticsearch/plugins$ sudo mkdir pinyin ubuntu@VM-16-8-ubuntu:/usr/share/elasticsearch/plugins$ cd pinyin ubuntu@VM-16-8-ubuntu:/usr/share/elasticsearch/plugins/pinyin$ sudo wget https://github.com/medcl/elasticsearch-analysis-pinyin/releases/download/v7.17.1/elasticsearch-analysis-pinyin-7.17.1.zip ubuntu@VM-16-8-ubuntu:/usr/share/elasticsearch/plugins/pinyin$ sudo unzip elasticsearch-analysis-pinyin-7.17.1.zip ubuntu@VM-16-8-ubuntu:/usr/share/elasticsearch/plugins/pinyin$ sudo rm -r elasticsearch-analysis-pinyin-7.17.1.zip ubuntu@VM-16-8-ubuntu:/usr/share/elasticsearch/plugins/pinyin$ ls elasticsearch-analysis-pinyin-7.17.1.jar nlp-lang-1.7.jar plugin-descriptor.properties
STConvert安裝:
STConvert下載地址:https://github.com/medcl/elasticsearch-analysis-stconvert/releases
#重啟后插件生效 sudo systemctl restart elasticsearch #查看已安裝的插件 sudo /usr/share/elasticsearch/bin/elasticsearch-plugin list
5、其它
Elasticsearch 有三個配置文件:
elasticsearch.yml用於配置 Elasticsearch
jvm.options用於配置 Elasticsearch JVM 設置
log4j2.properties用於配置 Elasticsearch 日志記錄
這些文件位於 config 目錄中
Elasticsearch數據和日志目錄
數據目錄位於
/var/lib/elasticsearch 日志目錄位於 /var/log/elasticsearch 配置文件目錄位於 /etc/elasticsearch
打開配置文件
sudo vim /etc/elasticsearch/elasticsearch.yml
修改配置
更改數據和日志目錄 1、先停止實例 sudo kill -9458 pid 2、創建目錄 sudo mkdir -p /home/d/elasticsearch/data sudo mkdir -p /home/d/elasticsearch/log 3、授權為es用戶 sudo chown -R elasticsearch:elasticsearch /home/d/elasticsearch/data sudo chown -R elasticsearch:elasticsearch /home/d/elasticsearch/log 4、修改es配置文件 path.data: /home/d/elasticsearch/data path.logs: /home/d/elasticsearch/log 5、重啟es sudo systemctl restart elasticsearch
開啟遠程訪問
打開es配置文件 sudo vim /etc/elasticsearch/elasticsearch.yml 修改以下節點 network.host: 0.0.0.0 discovery.seed_hosts: ["172.17.0.3"] 重啟生效 sudo systemctl restart elasticsearch 訪問測試 curl -X GET "172.17.0.3:9200/"
network.host:https://www.elastic.co/guide/en/elasticsearch/reference/7.17/important-settings.html#network.host
開啟安全驗證
開啟最低安全驗證 打開es配置文件 sudo vim /etc/elasticsearch/elasticsearch.yml 添加以下設置 xpack.security.enabled: true 如果是單節點,添加以下設置可確保您的節點不會無意中連接到可能在您的網絡上運行的其他集群 discovery.type: single-node 重啟es sudo systemctl restart elasticsearch 隨機生成密碼 sudo /usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto 使用自己的密碼 sudo /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive 重啟es sudo systemctl restart elasticsearch 例如: ubuntu@VM-0-3-ubuntu:/$ sudo /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user. You will be prompted to enter passwords as the process progresses. Please confirm that you would like to continue [y/N]y Enter password for [elastic]: Reenter password for [elastic]: Enter password for [apm_system]: passwords must be at least [6] characters long Try again. Enter password for [apm_system]: Reenter password for [apm_system]: Passwords do not match. Try again. Enter password for [apm_system]: Reenter password for [apm_system]: Enter password for [kibana_system]: Reenter password for [kibana_system]: Enter password for [logstash_system]: Reenter password for [logstash_system]: Enter password for [beats_system]: Reenter password for [beats_system]: Enter password for [remote_monitoring_user]: Reenter password for [remote_monitoring_user]: Changed password for user [apm_system] Changed password for user [kibana_system] Changed password for user [kibana] Changed password for user [logstash_system] Changed password for user [beats_system] Changed password for user [remote_monitoring_user] Changed password for user [elastic] #測試驗證 curl -X GET "172.17.0.3:9200/" -u username:password #修改密碼 curl -XPOST -u elastic "172.17.0.3:9200/_security/user/賬號/_password" -H 'Content-Type: application/json' -d'{"password" : "舊密碼"}' #回車后輸入新密碼,返回{}表示設置成功
安全相關說明:https://www.elastic.co/guide/en/elasticsearch/reference/7.17/setup-xpack.html
生產優化
1、更改資源限制
通過編輯文件為特定用戶設置持久限制。將elasticsearch用戶的最大打開文件數設置為65,535:
sudo vim /etc/security/limits.conf 在打開的文件中加入 elasticsearch - nofile 65535
2、禁用所有交換文件編輯
通常 Elasticsearch 是在一個盒子上運行的唯一服務,它的內存使用由 JVM 選項控制。應該不需要啟用交換。
在 Linux 系統上,您可以通過運行以下命令臨時禁用交換:
sudo swapoff -a
配置swappiness
Linux 系統上可用的另一個選項是確保將 sysctl 值 vm.swappiness設置為1. 這減少了內核交換的傾向,並且在正常情況下不應該導致
臨時調整,會在機器重啟后恢復原先設置的值 sysctl vm.swappiness=1 永久調整 sudo vim /etc/sysctl.conf 在打開的文件中加入 vm.swappiness =1 生效激活 sudo sysctl -p
3、虛擬內存編輯
Elasticsearchmmapfs默認使用一個目錄來存儲它的索引。默認操作系統對 mmap 計數的限制可能太低,這可能會導致內存不足異常。
臨時設置 sysctl -w vm.max_map_count=262144 永久設置 sudo vim /etc/sysctl.conf 在打開的文件中加入 vm.max_map_count=262144 生效激活 sudo sysctl -p
4、TCP重傳超時編輯
每對 Elasticsearch 節點通過多個 TCP 連接進行通信,這些連接 保持打開狀態,直到其中一個節點關閉或節點之間的通信因底層基礎設施故障而中斷。大多數 Linux 發行版默認重新傳輸任何丟失的數據包 15 次。重傳呈指數級下降,因此這 15 次重傳需要 900 多秒才能完成。這意味着使用這種方法檢測網絡分區或故障節點需要很多分鍾。Windows 默認只重傳 5 次,對應的超時時間約為 6 秒,默認設置過多,甚至對大多數 Elasticsearch 安裝使用的高質量網絡有害,可以將TCP重新傳輸的最大次數減少到5次,五次重傳對應的超時時間約為6秒。
臨時設置 sysctl -w net.ipv4.tcp_retries2=5 永久設置 sudo vim /etc/sysctl.conf 在打開的文件中加入 net.ipv4.tcp_retries2 = 5 生效激活 sudo sysctl -p ubuntu@VM-0-3-ubuntu:~$ sudo vim /etc/sysctl.conf ubuntu@VM-0-3-ubuntu:~$ sudo sysctl -p kernel.sysrq = 1 net.ipv6.conf.all.disable_ipv6 = 0 net.ipv6.conf.default.disable_ipv6 = 0 net.ipv6.conf.lo.disable_ipv6 = 0 kernel.printk = 5 vm.swappiness = 1 vm.max_map_count = 262144 net.ipv4.tcp_retries2 = 5
#查看索引設置 #查看所有 curl -X GET "172.17.0.3:9200/_all/_settings" -u username:password #查看單個 curl -X GET "172.17.0.3:9200/my-index/_settings" -u username:password
參考文獻:https://www.elastic.co/guide/en/elasticsearch/reference/7.17/important-settings.html
https://www.elastic.co/guide/en/elasticsearch/reference/7.17/system-config.html