Centos8.2安装Elasticsearch-7.11.1

1. 下载elasticsearch


 

curl -L -O https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.11.1-linux-x86_64.tar.gz
tar -xzvf elasticsearch-7.11.1-linux-x86_64.tar.gz
cd elasticsearch-7.11.1
./bin/elasticsearch

2.下载kibana(配套UI)


 

curl -L -O https://artifacts.elastic.co/downloads/kibana/kibana-7.11.1-linux-x86_64.tar.gz
tar xzvf kibana-7.11.1-linux-x86_64.tar.gz
cd kibana-7.11.1-linux-x86_64/
./bin/kibana

都是开箱即用,建议手动移动目录到/usr/local/下

3.启动elasticsearch

   3.1 创建专用用户组和用户,root无法启动


 

groupadd es
useradd esuser -g es
passwd esuser

  3.2更改文件夹及内部文件的所属用户及组


 

chown -R esuser:es /usr/local/elasticsearch-7.11.1

  3.3 切换用户 到esuser


 

su esuser

  3.4 elasticsearch 配置


 

vim /usr/local/elasticsearch-7.11.1/config/elasticsearch.yml

添加两行,注意:冒号后面要带一个空格

network.host: 0.0.0.0

cluster.initial_master_nodes: ["node-1"]

 

  3.5 设置elasticsearch用户拥有的内存权限,至少需要262144


 

su root
vim /etc/sysctl.conf

 末尾添加一行:
 vm.max_map_count=262144


 

#立即生效
/sbin/sysctl -p

 3.6 jvm内存调小一些


 

vim /usr/local/elasticsearch-7.11.1/config/jvm.options

新增两行,将内存调整至512m

  -Xms512m
  -Xmx512m

3.7 自定义管理脚本

 

vim /etc/init.d/elasticsearch在其中输入下方的脚本代码

 

#!/bin/bash
#chkconfig: 2345 80 90
#description:elasticsearch

 

export ES_HOME=/usr/local/elasticsearch-7.11.1
case $1 in
        start)
                su esuser<<!        
                cd $ES_HOME
                ./bin/elasticsearch -d -p pid
                exit
!
                echo "elasticsearch is started"
                ;;
        stop)
                pid=`cat $ES_HOME/pid`
                kill -9 $pid
                echo "elasticsearch is stopped"
                ;;
        restart)
                pid=`cat $ES_HOME/pid`
                kill -9 $pid
                echo "elasticsearch is stopped"
                sleep 1
                su esuser<<!    
                cd $ES_HOME
                ./bin/elasticsearch -d -p pid
                exit
!
                echo "elasticsearch is started"
        ;;
    *)
        echo "start|stop|restart"
        ;;  
esac
exit 0

 


 

#在命令行执行下面命令,赋予脚本执行权限
chmod +x elasticsearch

 

 命令:

 

 

#启动
/etc/init.d/elasticsearch start
#停止
/etc/init.d/elasticsearch stop
#重启
/etc/init.d/elasticsearch restart

 

启动后,命令行输入curl -XGET http://localhost:9200,得到以下响应说明启动成功

{
  "name" : "localhost.localdomain",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "_na_",
  "version" : {
    "number" : "7.11.1",
    "build_flavor" : "default",
    "build_type" : "tar",
    "build_hash" : "ff17057114c2199c9c1bbecc727003a907c0db7a",
    "build_date" : "2021-02-15T13:44:09.394032Z",
    "build_snapshot" : false,
    "lucene_version" : "8.7.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

  

 4.安装ik分词器


 

cd /usr/local/elasticsearch-7.11.1/plugins

  4.1 新建一个ik目录

  4.2 下载与ES版本对于的分词器压缩包,下载地址:https://github.com/medcl/elasticsearch-analysis-ik/releases

  4.3 解压压缩包到ik目录

  4.4 重启ES

 5.ElasticSearch设置用户名密码访问


 

vim /usr/local/elasticsearch-7.11.1/config/elasticsearch.yml

 添加如下:

 

 

http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true

安装分词器并设置用户名和密码后,在输入curl -XGET http://localhost:9200,显示无法访问了

{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],
"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}

应该使用用户名和密码登录curl -u esuser -XGET http://localhost:9200会提示输入密码,结果输入密码后还是不行

{"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [esuser] for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""
}}],"type":"security_exception","reason":"unable to authenticate user [esuser] for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}

不知道哪里的事了,把那些安全配置全删了 

vim /usr/local/elasticsearch-7.11.1/config/elasticsearch.yml,再重启elasticsearch,显示启动后接着输入curl -XGET http://localhost:9200显示拒绝连接,
因为是上下键滚动输入命令,速度非常快,所以原因应该是,虽然显示启动了,但是还没完全启动的事,过个一分钟左右,再输入就可以正常显示了
又把步骤5的内容加上,之后显示的还是不行,重启接着访问,拒绝,过一会,就显示没有授权了

带上用户名,输入密码也不行,难道是密码不对???

centos安装ruby失败_centos安装ruby失败

再去日志文件具体看看啥错误,显示Caused by: javax.net.ssl.SSLHandshakeException: No available authentication scheme错误

centos安装ruby失败_vim_02

 必须要生成认证文件,且ES配置文件里要引用这些生成的认证文件,否则启动ES的时候,日志会报错:Caused by: javax.net.ssl.SSLHandshakeException: No available authentication scheme。

 生成证书的时候不要输入密码,假如在生成证书的时候设置了密码,会导致无法启动ES,报错:

 

ElasticsearchSecurityException[failed to load SSL configuration [xpack.security.transport.ssl]]; nested: ElasticsearchException[failed to create trust manager]; nested: ElasticsearchException
[failed to initialize SSL TrustManager]; nested: IOException[keystore password was incorrect]; nested: UnrecoverableKeyException[failed to decrypt safe contents entry: javax.crypto.
BadPaddingException:
 Given final block not properly padded. Such issues can arise if a bad key is used during decryption.];

Likely root cause: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if
 a bad key is used during decryption.

所以把之前生成的证书删掉,重新生成,并且不输入密码。

ElasticsearchSecurityException[failed to load SSL configuration [xpack.security.transport.ssl]]; nested: ElasticsearchException[failed to initialize SSL TrustManager - not permitted to read
 truststore file [/usr/local/elasticsearch-7.11.1/config/certs/elastic-certificates.p12]]; nested: AccessDeniedException[/usr/local/elasticsearch-7.11.1/config/certs/elastic-certificates.p12];
Likely root cause: java.nio.file.AccessDeniedException: /usr/local/elasticsearch-7.11.1/config/certs/elastic-certificates.p12


  

先安装一下kibana看看情况吧
https://baijiahao.baidu.com/s?id=1708400591595011982&wfr=spider&for=pc

如果启动成功的话,会显示

log   [10:23:31.373] [info][plugins][watcher] 您的basic许可证不支持 watcher。请升级您的许可证。
  log   [10:23:31.381] [info][crossClusterReplication][plugins] 您的basic许可证不支持 crossClusterReplication。请升级您的许可证。
  log   [10:23:31.382] [info][kibana-monitoring][monitoring][monitoring][plugins] Starting monitoring stats collection
  log   [10:23:32.706] [info][listening] Server running at http://0.0.0.0:5601
  log   [10:23:33.737] [info][server][Kibana][http] http server running at http://0.0.0.0:5601
  log   [10:23:34.715] [warning][plugins][reporting] Enabling the Chromium sandbox provides an additional layer of protection.

  在浏览器中输入ip:5601显示无法打开,应该是端口没开放的原因,查看端口状态命令:firewall-cmd --query-port=5601/tcp

开启端口命令:firewall-cmd --zone=public --add-port=5601/tcp --permanent

重新加载防火墙:firewall-cmd --reload

再输入地址端口号,可以正确显示页面

centos安装ruby失败_vim_03

需要后台启动的形式运行kibana,命令:nohup ./kibana &

 

nohup ./kibana & 前台不输出日志,都输出到nohup.out文件中

./kibana & 命令后台启动,但是日志还是在前台输出,如果有错误的话会在前台不停的出现。

 

 

 

到这个地方又出现问题了:   ./elasticsearch-setup-passwords interactive

Future versions of Elasticsearch will require Java 11; your Java version from [/usr/local/jdk1.8.0_301/jre] does not meet this requirement. Consider switching to a distribution of Elasticsearch with a bundled JDK. If you are already using a distribution with a bundled JDK, ensure the JAVA_HOME environment variable is not set.

Failed to determine the health of the cluster running at http://172.16.2.98:9200
Unexpected response code [503] from calling GET http://172.16.2.98:9200/_cluster/health?pretty
Cause: master_not_discovered_exception

It is recommended that you resolve the issues with your cluster before running elasticsearch-setup-passwords.
It is very likely that the password changes will fail when run against an unhealthy cluster.

Do you want to continue with the password setup process [y/N]