安装elasticsearch

elasticsearch 目录结构

type	description	location
home	Home of elasticsearch installation	/usr/share/elasticsearch
bin	Binary scripts including elasticsearch to start a node	/usr/share/elasticsearch/bin
conf	Configuration files elasticsearch.yml and logging.yml	/etc/elasticsearch
conf	Environment variables including heap size,file descriptors	/etc/default/elasticsearch
data	The location of the data files	/var/lib/elasticsearch/
logs	Log files location	/var/log/elasticsearch
plugins	Plugin files location	/usr/share/elasticsearch/plugins

下载地址

2.4.1

window7

bin目录执行安装

F:\ELK\elasticsearch-2.4.1\bin>service install
Installing service      :  "elasticsearch-service-x64"
Using JAVA_HOME (64-bit):  "F:\java\jdk8"
The service 'elasticsearch-service-x64' has been installed.

安装成功，如果启动失败（进logs目录，查看错误信息）

[error] [ 6376] Failed creating java %JAVA_HOME%\jre\bin\server\jvm.dll
 [error] [ 6376] 系统找不到指定的路径。

直接利用管理服务

 #运行 service manager 会弹出服务管理界面 修改jvm指定路径
F:\ELK\elasticsearch-2.4.1\bin>service manager

debian8

sudo dpkg -i  elasticsearch-2.4.2.deb
bin$> ./elasticsearch   #启动提示没有权限

需要授权执行命令 chmod +x bin/elasticsearch
再次执行 ./elasticsearch -d 即可后台启动
使用 ps aux|grep elasticsearch 可以查看是否启动

设置开机启动
创建脚本 start.sh

#!bin/bash
export JAVA_HOME=/usr/bin/java
export JRE_HOME=${JAVA_HOME}/jre
export CLASSPATH=.:${JAVA_HOME}/lib:${JRE_HOME}/lib
export PATH=${JAVA_HOME}/bin:$PATH
 #切换到cs用户（带环境变量）
su -cs<<!
cd /opt/elasticsearch/bin
./elasticsearch &
exit
!

修改启动文件 mousepad /etc/init.d/elasticsearch

#!bin/bash
### BEGIN INIT INFO
# Provides:          elasticsearch
# Required-Start:    $all
# Required-Stop:     $all
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-De.ion: starts the elasticsearch  server
# De.ion:       starts elasticsearch using start-stop-daemon
### END INIT INFO
sh /opt/elasticsearch/start.sh

7.17.1

elasticsearch-env

https://www.elastic.co/guide/en/elasticsearch/reference/7.17/security-basic-setup-https.html

证书doc https://www.elastic.co/guide/en/elasticsearch/reference/current/security-basic-setup.html#encrypt-internode-communication

根证书ca

❯ ./bin/elasticsearch-certutil ca 

节点证书

❯ ./bin/elasticsearch-certutil cert --ca ./config/cert/elastic-stack-ca.p12

Enter password for CA (config/cert/elastic-stack-ca.p12) : pwd
Please enter the desired output file [elastic-certificates.p12]:
Enter password for elastic-certificates.p12 : pwd

ssl

ssl.yml

instances:
  - name: "es"
    dns: ['es.org']   
  - name: 'kibana'
    dns: ['kibana.es.org']
  - name: 'logstash'
    dns: ['l.es.org']
  - name: 'fluentd'
    dns: ['fluentd.es.org']
  - name: 'fluent'
    dns: ['fluent.es.org']

./bin/elasticsearch-certutil cert ca --pem --in ssl.yml --out certs.zip

❯ ./bin/elasticsearch-setup-passwords  interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y

https://www.elastic.co/guide/en/elasticsearch/reference/7.16/security-basic-setup.html

#配置集群密码
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true

xpack.security.http.ssl.key: /opt/ELK/elasticsearch-7.17.1/config/es/es.key
xpack.security.http.ssl.certificate: /opt/ELK/elasticsearch-7.17.1/config/es/es.crt
xpack.security.http.ssl.certificate_authorities: /opt/ELK/elasticsearch-7.17.1/config/ca/ca.crt

xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /opt/ELK/elasticsearch-7.17.1/config/es/es.key
xpack.security.transport.ssl.certificate: /opt/ELK/elasticsearch-7.17.1/config/es/es.crt
xpack.security.transport.ssl.certificate_authorities: /opt/ELK/elasticsearch-7.17.1/config/ca/ca.crt

#用HTTPS方式访问es  先设置❯ ./bin/elasticsearch-setup-passwords  interactive
xpack.security.http.ssl.enabled: true

elastic-stack-ca.p12 包含 cakey （java.lang.IllegalArgumentException: you cannot specify a truststore and ca files）

❯ ./elasticsearch-certutil ca
warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME
/opt/jdk/jdk-11.0.12/bin/java -Xshare:auto -cp /opt/ELK/elasticsearch-7.17.1/lib/* org.elasticsearch.tools.java_version_checker.JavaVersionChecker
This tool assists you in the generation of X.509 certificates and certificate
signing requests for use with SSL/TLS in the Elastic stack.

The ‘ca’ mode generates a new ‘certificate authority’
This will create a new X.509 certificate and private key that can be used
to sign certificate when running in ‘cert’ mode.

Use the ‘ca-dn’ option if you wish to configure the ‘distinguished name’
of the certificate authority

By default the ‘ca’ mode produces a single PKCS#12 output file which holds:

• The CA certificate
• The CA’s private key

If you elect to generate PEM format certificates (the -pem option), then the output will
be a zip file containing individual files for the CA certificate and private key

Please enter the desired output file [elastic-stack-ca.p12]: 此位置设置文档输出地址和名称。默认名称为elastic-stack-ca.p12
Enter password for elastic-stack-ca.p12 : cs123456

#等价配置yaml内的xpack.security.http.ssl.keystore.password:
❯ ./bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME
/opt/jdk/jdk-11.0.12/bin/java -Xshare:auto -cp /opt/ELK/elasticsearch-7.17.1/lib/* org.elasticsearch.tools.java_version_checker.JavaVersionChecker
Enter value for xpack.security.transport.ssl.keystore.secure_password: cs123456
❯ ./bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME
/opt/jdk/jdk-11.0.12/bin/java -Xshare:auto -cp /opt/ELK/elasticsearch-7.17.1/lib/* org.elasticsearch.tools.java_version_checker.JavaVersionChecker
Enter value for xpack.security.transport.ssl.truststore.secure_password: cs123456

❯ ./bin/elasticsearch-keystore add xpack.security.http.ssl.truststore.secure_password
warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME
/opt/jdk/jdk-11.0.12/bin/java -Xshare:auto -cp /opt/ELK/elasticsearch-7.17.1/lib/* org.elasticsearch.tools.java_version_checker.JavaVersionChecker
Enter value for xpack.security.http.ssl.truststore.secure_password:
❯ ./bin/elasticsearch-keystore add xpack.security.http.ssl.keystore.secure_password
warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME
/opt/jdk/jdk-11.0.12/bin/java -Xshare:auto -cp /opt/ELK/elasticsearch-7.17.1/lib/* org.elasticsearch.tools.java_version_checker.JavaVersionChecker
Enter value for xpack.security.http.ssl.keystore.secure_password:

密码

重置 或设置新密码

./bin/elasticsearch-setup-passwords interactive

error

No subject

安全证书的一个错误消息 No subject alternative names present 的解决办法

重新创建，添加该ip到证书里

CertPathValidatorException

Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors

license

current license is non-compliant for [jdbc]

https://es.org/_license

https://www.elastic.co/guide/en/elasticsearch/reference/master/start-trial.html

plugin

elasticsearch-prometheus-exporter

7.xx https://github.com/vvanholl/elasticsearch-prometheus-exporter/releases

8.xx https://github.com/mindw/elasticsearch-prometheus-exporter/releases/download/8.15.0.0/prometheus-exporter-8.15.0.0.zip

./bin/elasticsearch-plugin install -b https://github.com/vvanholl/elasticsearch-prometheus-exporter/releases/download/7.17.7.0/prometheus-exporter-7.17.7.0.zip

#方式二
#将离线包解压到ElasticSearch 安装目录下的 plugins 目录下
#重启es。新装插件必须要重启es

https://github.com/prometheus-community/elasticsearch_exporter

elasticsearch-sql

https://github.com/NLPchina/elasticsearch-sql/releases

elasticsearch-analysis-ik

https://github.com/infinilabs/analysis-ik/releases/tag/Latest