一,
版本问题
elasticsearch的高低版本划分标准为6.3,该版本之前的为低版本,6.3版本之后的包括6.3为高版本,这么划分主要是在安全性方面也就是x-pack插件的使用部署方面,低版本需要手动安装该安全插件,而高版本无需安装。另一方面,高版本的es漏洞会少一些,而本例中使用的是低版本的最后一个版本6.2.4版本
Java环境使用的是openjdk,版本是1.8.0_392-b08, 在此版本下通过es部署的测试:
[es@node1 bin]$ java -version openjdk version "1.8.0_392" OpenJDK Runtime Environment (Temurin)(build 1.8.0_392-b08) OpenJDK 64-Bit Server VM (Temurin)(build 25.392-b08, mixed mode)
二,
环境问题
本例计划使用四个VMware的虚拟机服务器,操作版本都是centos7,IP分别为192.168.123.11/12/13/14,共计四台服务器,每个服务器的内存都是8G
由于elasticsearch是Java项目,比较吃内存的,因此,内存建议不低于8G,CPU4核即可,要求不太多
还一个关键的环境是时间服务器,这个必须一定要有,不管是实验性质还是生产上使用,时间服务器都不要忽略,本例中由于是在互联网 web环境下,因此,使用的是阿里云的时间服务器
ntp服务中关于时间服务器的配置:
server ntp.aliyun.com iburst
时间服务器正确配置后的验证:
[root@node1 es]# ntpstat synchronised to NTP server (203.107.6.88) at stratum 3 time correct to within 74 ms polling server every 1024 s
其次,还有一些常规的设置,例如selinux的关闭,这里就不重复提了
jdk的安装:
vim /etc/profile 在此文件末尾增加:
export JAVA_HOME=/usr/local/jdk export JRE_HOME=${JAVA_HOME}/jre export CLASSPATH=.:${JAVA_HOME}/lib:${JRE_HOME}/lib export PATH=${JAVA_HOME}/bin:$PATH
tar xvf OpenJDK8U-jdk_x64_linux_hotspot_8u392b08.tar.gz mv jdk8u392-b08 /usr/local/jdk ##激活变量 source /etc/profile ###测试jdk是否安装成功 [root@node1 ~]# java -version openjdk version "1.8.0_392" OpenJDK Runtime Environment (Temurin)(build 1.8.0_392-b08) OpenJDK 64-Bit Server VM (Temurin)(build 25.392-b08, mixed mode)
三,
软件资源的下载
es的下载:
x-pack插件的下载:
https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-6.2.4.zip
openjdk的下载:
Index of /Adoptium/8/jdk/x64/linux/ | 清华大学开源软件镜像站 | Tsinghua Open Source Mirror
四,
elasticsearch集群的部署
新建目录 /data 并将上面下载的es解压后更改名称放置在/data目录下,每个服务器都执行:
mkdir /data unzip elasticsearch-6.2.4.zip mv elasticsearch-6.2.4 /data/es scp -r /data/es 192.168.123.12:/data/ scp -r /data/es 192.168.123.13:/data/ scp -r /data/es 192.168.123.14:/data/
新建用户es,该用户可以不设置密码,后期仅使用su命令切换即可
useradd es
离线方式安装x-pack插件:
期间需要输入两次y 确认安装
[root@node1 bin]# /data/es/bin/elasticsearch-plugin install file:///data/es/bin/x-pack-6.2.4.zip -> Downloading file:///data/es/bin/x-pack-6.2.4.zip [=================================================] 100% @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: plugin requires additional permissions @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ * java.io.FilePermission \\.\pipe\* read,write * java.lang.RuntimePermission accessClassInPackage.com.sun.activation.registries * java.lang.RuntimePermission getClassLoader * java.lang.RuntimePermission setContextClassLoader * java.lang.RuntimePermission setFactory * java.net.SocketPermission * connect,accept,resolve * java.security.SecurityPermission createPolicy.JavaPolicy * java.security.SecurityPermission getPolicy * java.security.SecurityPermission putProviderProperty.BC * java.security.SecurityPermission setPolicy * java.util.PropertyPermission * read,write See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html for descriptions of what these permissions allow and the associated risks. Continue with installation? [y/N]y @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: plugin forks a native controller @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ This plugin launches a native controller that is not subject to the Java security manager nor to system call filters. Continue with installation? [y/N]y Elasticsearch keystore is required by plugin [x-pack-security], creating... -> Installed x-pack with: x-pack-core,x-pack-deprecation,x-pack-graph,x-pack-logstash,x-pack-ml,x-pack-monitoring,x-pack-security,x-pack-upgrade,x-pack-watcher [root@node1 bin]# echo $? 0
安装完毕后会看到bin目录以及config等等目录下都有x-pack了
修改elasticsearch的主配置文件:
这两个配置在哪个服务器上执行就以实际的情况为准,例如,在192.168.123.12上执行,就是node-2,192.168.123.12
node.name: node-1
network.host: 192.168.123.11
cat >/data/es/config/elasticsearch.yml <<EOF # ======================== Elasticsearch Configuration ========================= # # NOTE: Elasticsearch comes with reasonable defaults for most settings. # Before you set out to tweak and tune the configuration, make sure you # understand what are you trying to accomplish and the consequences. # # The primary way of configuring a node is via this file. This template lists # the most important settings you may want to configure for a production cluster. # # Please consult the documentation for further information on configuration options: # https://www.elastic.co/guide/en/elasticsearch/reference/index.html # # ---------------------------------- Cluster ----------------------------------- # # Use a descriptive name for your cluster: # cluster.name: myes # # ------------------------------------ Node ------------------------------------ # # Use a descriptive name for the node: # node.name: node-1 # # Add custom attributes to the node: # #node.attr.rack: r1 # # ----------------------------------- Paths ------------------------------------ # # Path to directory where to store the data (separate multiple locations by comma): # path.data: /data/es/data # # Path to log files: # path.logs: /var/log/es/ # # ----------------------------------- Memory ----------------------------------- # # Lock the memory on startup: # #bootstrap.memory_lock: true # # Make sure that the heap size is set to about half the memory available # on the system and that the owner of the process is allowed to use this # limit. # # Elasticsearch performs poorly when the system is swapping the memory. # # ---------------------------------- Network ----------------------------------- # # Set the bind address to a specific IP (IPv4 or IPv6): # network.host: 192.168.123.11 # # Set a custom port for HTTP: # http.port: 19200 # # For more information, consult the network module documentation. # # --------------------------------- Discovery ---------------------------------- # # Pass an initial list of hosts to perform discovery when new node is started: # The default list of hosts is ["127.0.0.1", "[::1]"] # discovery.zen.ping.unicast.hosts: ["node-1", "node-2"] # # Prevent the "split brain" by configuring the majority of nodes (total number of master-eligible nodes / 2 + 1): # #discovery.zen.minimum_master_nodes: # # For more information, consult the zen discovery module documentation. # # ---------------------------------- Gateway ----------------------------------- # # Block initial recovery after a full cluster restart until N nodes are started: # #gateway.recover_after_nodes: 3 # # For more information, consult the gateway module documentation. # # ---------------------------------- Various ----------------------------------- # # Require explicit names when deleting indices: # #action.destructive_requires_name: true xpack.security.enabled: true xpack.security.transport.ssl.enabled: false http.cors.enabled: true http.cors.allow-origin: "*" http.cors.allow-methods : OPTIONS, HEAD, GET, POST, PUT, DELETE http.cors.allow-headers : X-Requested-With,X-Auth-Token,Content-Type,Content-Length EOF
根据配置文件,创建日志文件写入目录,并赋属组 es 给/data/es 这个目录,递归赋属组:
mkdir /var/log/es chown -Rf es. /data/es/ chown -Rf es. /var/log/es/
创建启动脚本:
cat >/etc/init.d/es<<EOF #!/bin/bash #chkconfig:2345 60 12 #description: elasticsearch es_path=/data/es es_pid=`ps aux|grep elasticsearch | grep -v 'grep elasticsearch' | awk '{print $2}'` case "$1" in start) su - es -c "$es_path/bin/elasticsearch -d" echo "elasticsearch startup" ;; stop) kill -9 $es_pid echo "elasticsearch stopped" ;; restart) kill -9 $es_pid su - es -c "$es_path/bin/elasticsearch -d" echo "elasticsearch startup" ;; *) echo "error choice ! please input start or stop or restart" ;; esac exit $? EOF
启动脚本赋权:
chown -Rf es. /etc/init.d/es
启动elasticsearch后,查看日志,可以看到13 14 服务器加入了集群,但这些日志并不直观:
[root@node1 bin]# tail -f /var/log/es/myes.log [2023-12-10T00:52:34,441][INFO ][o.e.c.m.MetaDataUpdateSettingsService] [node-1] [.monitoring-es-6-2023.12.09/4GLFZLlsRH6nj4ZKIUsxvw] auto expanded replicas to [1] [2023-12-10T00:52:34,441][INFO ][o.e.c.m.MetaDataUpdateSettingsService] [node-1] [.watcher-history-7-2023.12.09/_WVuCnwrSlGtYaLbSAfbLg] auto expanded replicas to [1] [2023-12-10T00:52:35,028][INFO ][o.e.x.w.WatcherService ] [node-1] paused watch execution, reason [no local watcher shards found], cancelled [0] queued tasks [2023-12-10T00:52:35,305][INFO ][o.e.x.w.WatcherService ] [node-1] paused watch execution, reason [new local watcher shard allocation ids], cancelled [0] queued tasks [2023-12-10T00:52:35,982][INFO ][o.e.c.r.a.AllocationService] [node-1] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.monitoring-es-6-2023.12.09][0]] ...]). [2023-12-10T00:52:40,831][INFO ][o.e.c.s.MasterService ] [node-1] zen-disco-node-join[{node-3}{kZxWJkP1Tjqo1DkDLcKg0w}{uZU4sePKSkuDZaxFl8_J_A}{192.168.123.13}{192.168.123.13:9300}{ml.machine_memory=8370089984, ml.max_open_jobs=20, ml.enabled=true}], reason: added {{node-3}{kZxWJkP1Tjqo1DkDLcKg0w}{uZU4sePKSkuDZaxFl8_J_A}{192.168.123.13}{192.168.123.13:9300}{ml.machine_memory=8370089984, ml.max_open_jobs=20, ml.enabled=true},} [2023-12-10T00:52:41,494][INFO ][o.e.c.s.ClusterApplierService] [node-1] added {{node-3}{kZxWJkP1Tjqo1DkDLcKg0w}{uZU4sePKSkuDZaxFl8_J_A}{192.168.123.13}{192.168.123.13:9300}{ml.machine_memory=8370089984, ml.max_open_jobs=20, ml.enabled=true},}, reason: apply cluster state (from master [master {node-1}{Ihs-2_jwTte3q7zd82z9cg}{XX2DgvdSR_yGZ886Ao2n4w}{192.168.123.11}{192.168.123.11:9300}{ml.machine_memory=8975544320, ml.max_open_jobs=20, ml.enabled=true} committed version [34] source [zen-disco-node-join[{node-3}{kZxWJkP1Tjqo1DkDLcKg0w}{uZU4sePKSkuDZaxFl8_J_A}{192.168.123.13}{192.168.123.13:9300}{ml.machine_memory=8370089984, ml.max_open_jobs=20, ml.enabled=true}]]]) [2023-12-10T00:52:46,046][INFO ][o.e.c.s.MasterService ] [node-1] zen-disco-node-join[{node-4}{xBsEmrIhSQWgLauziJ-YTg}{YUChKHGFTPWJQy8m0HANQA}{192.168.123.14}{192.168.123.14:9300}{ml.machine_memory=8370089984, ml.max_open_jobs=20, ml.enabled=true}], reason: added {{node-4}{xBsEmrIhSQWgLauziJ-YTg}{YUChKHGFTPWJQy8m0HANQA}{192.168.123.14}{192.168.123.14:9300}{ml.machine_memory=8370089984, ml.max_open_jobs=20, ml.enabled=true},} [2023-12-10T00:52:46,691][INFO ][o.e.c.s.ClusterApplierService] [node-1] added {{node-4}{xBsEmrIhSQWgLauziJ-YTg}{YUChKHGFTPWJQy8m0HANQA}{192.168.123.14}{192.168.123.14:9300}{ml.machine_memory=8370089984, ml.max_open_jobs=20, ml.enabled=true},}, reason: apply cluster state (from master [master {node-1}{Ihs-2_jwTte3q7zd82z9cg}{XX2DgvdSR_yGZ886Ao2n4w}{192.168.123.11}{192.168.123.11:9300}{ml.machine_memory=8975544320, ml.max_open_jobs=20, ml.enabled=true} committed version [36] source [zen-disco-node-join[{node-4}{xBsEmrIhSQWgLauziJ-YTg}{YUChKHGFTPWJQy8m0HANQA}{192.168.123.14}{192.168.123.14:9300}{ml.machine_memory=8370089984, ml.max_open_jobs=20, ml.enabled=true}]]]) [2023-12-10T00:52:46,747][INFO ][o.e.x.w.WatcherService ] [node-1] paused watch execution, reason [no local watcher shards found], cancelled [0] queued tasks
OK,现在可以设置密码了:
[root@node1 bin]# /data/es/bin/x-pack/setup-passwords interactive Initiating the setup of passwords for reserved users elastic,kibana,logstash_system. You will be prompted to enter passwords as the process progresses. Please confirm that you would like to continue [y/N]y Enter password for [elastic]: Reenter password for [elastic]: Enter password for [kibana]: Reenter password for [kibana]: Enter password for [logstash_system]: Reenter password for [logstash_system]: Changed password for user [kibana] Changed password for user [logstash_system] Changed password for user [elastic]
下面用直观点的方法:
可以看到,集群是绿色的健康状态,当然,因为我们设置了密码,因此,需要输入上面步骤设置的密码,这一下安全有保证了
[root@node1 bin]# curl -XGET http://192.168.123.11:19200/_cat/health -uelastic Enter host password for user 'elastic': 1702141169 00:59:29 myes green 4 4 12 5 0 0 0 0 - 100.0%
可以看到集群是四个节点,node-1是主节点,集群搭建成功!!!!!
[root@node1 bin]# curl -XGET http://192.168.123.11:19200/_cat/nodes -uelastic Enter host password for user 'elastic': 192.168.123.11 32 58 2 0.24 0.26 0.26 mdi * node-1 192.168.123.12 39 73 1 0.32 0.24 0.25 mdi - node-2 192.168.123.13 31 59 1 0.37 0.34 0.32 mdi - node-3 192.168.123.14 34 84 2 1.21 0.65 0.36 mdi - node-4
浏览器输入IP+端口,输入账号密码后可以看到节点状态:
五,
密码的删除和重置
通过api修改密码:
低版本的es修改密码只有通过api来修改了,高版本是有修改密码的工具elasticsearch-reset-password,下面讲述一下如何通过api修改elastic这个用户的密码
用户权限说明:
其中,用户权限分别如下:
elastic 账号:拥有 superuser 角色,是内置的超级用户。
kibana 账号:拥有 kibana_system 角色,用户 kibana 用来连接 elasticsearch 并与之通信。Kibana 服务器以该用户身份提交请求以访问集群监视 API 和 .kibana 索引。不能访问 index。
logstash_system 账号:拥有 logstash_system 角色。用户 Logstash 在 Elasticsearch 中存储监控信息时使用。
[root@node1 bin]# curl -H "Content-Type:application/json" -XPOST -u elastic 'http://192.168.123.11:19200/_xpack/security/user/elastic/_password' -d '{ "password" : "123456" }' Enter host password for user 'elastic': {}
修改密码的时候需要校验一下原密码,修改成功后会返回一个空值,如上所示,密码就修改为123456了
重置密码
删除security索引即可再次通过命令/data/es/bin/x-pack/setup-passwords interarchive生成密码,例如下图,通过es-head删除索引
六,
es-head的部署和使用
下载地址:
https://github.com/liufengji/es-head
本例使用的是1.0.8和0.1.2
安装步骤:
打开谷歌浏览器的插件管理页面,或者直接在浏览器输入chrome://extensions/
上面下载的文件elasticsearch-head-master.zip解压,如果发现有crx后缀的文件,修改后缀为rar解压
点击左上角的加载已解压的扩展程序,定位到解压后的目录
开始使用:
点击连接,然后会弹出要求输入账号和密码的窗口,输入后即可进入head的界面
OK,低版本的es集群安装和安全增强(密码设置)以及es-head插件安装就好了
