OS:CentOS Linux release 7.5.1804 (Core)
| OS IP | 节点 | |
| 192.168.10.11 | master-1 | |
| 192.168.10.12 | master-2 | |
| 192.168.10.13 | master-3 | |
| 192.168.10.14 | data-1 | |
| 192.168.10.15 | data-2 | |
| 192.168.10.16 | data-3 |
vi /etc/security/limits.conf
# 添加内容 * soft nproc 262144 * hard nproc 262144 * soft nofile 262144 * hard nofile 262144 * hard memlock unlimited * soft memlock unlimited1.2 配置swap
vi /etc/fstab
# 注释如下行 /dev/mapper/VolGroup00-LVswap swap swap defaults 0 0
需重启OS
1.3 配置vm.max_map_countvi /etc/sysctl.conf
# 添加内容 vm.max_map_count=2621441.4 JDK配置
建议使用ES自带的JDK
ES版本对应JDK版本:https://www.elastic.co/cn/support/matrix#matrix_jvm
二、ES 配置 2.1 上传包解压cd /opt tar -zxvf elasticsearch-7.12.1-linux-x86_64.tar.gz mv elasticsearch-7.12.1-linux-x86_64.tar.gz elasticsearch2.2 配置jvm.options
vi config/jvm.options
-Xms4g -Xmx4g2.3 配置elasticsearch.yml
vi config/elasticsearch.yml
cluster.name: my-es node.name: master-1 node.master: true node.data: false path.data: /data path.logs: /opt/elasticsearch/logs bootstrap.memory_lock: true network.host: 192.168.10.11 http.port: 9200 discovery.seed_hosts: ["192.168.10.11", "192.168.10.12", "192.168.10.13"] cluster.initial_master_nodes: ["master-1", "master-2", "master-3"]
mkdir /data
三、ES 启动master节点建议为3个
# 创建ES用户,es不能用root启动 useradd elastic passwd elastic chown -R elastic:elastic /opt/elasticsearch chown -R elastic:elastic /data
su - elastic /opt/elasticsearch/bin/elasticsearch -d
# 验证 curl -XGET http://192.168.10.11:9200/_cluster/health?pretty四、ES 安全 4.1 生成证书
bin/elasticsearch-certutil ca -out config/certs/elastic-certificates.p12 -pass
4.2 修改elasticsearch.yml证书文件目录:config/certs
# 开启xpack xpack.security.enabled: true xpack.license.self_generated.type: basic xpack.security.transport.ssl.enabled: true # 证书配置 xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12 # 跨域配置 http.cors.enabled: true http.cors.allow-origin: "*" http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type4.3 配置账号
bin/elasticsearch-setup-passwords interactive
集群环境下则需要启动所有集群节点,再统一设置密码。
参数: interactive:手动设置密码,auto:自动生成密码。
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user. You will be prompted to enter passwords as the process progresses. Please confirm that you would like to continue [y/N]y Enter password for [elastic]: Reenter password for [elastic]: Enter password for [apm_system]: Reenter password for [apm_system]: Enter password for [kibana_system]: Reenter password for [kibana_system]: Enter password for [logstash_system]: Reenter password for [logstash_system]: Enter password for [beats_system]: Reenter password for [beats_system]: Enter password for [remote_monitoring_user]: Reenter password for [remote_monitoring_user]: Changed password for user [apm_system] Changed password for user [kibana_system] Changed password for user [kibana] Changed password for user [logstash_system] Changed password for user [beats_system] Changed password for user [remote_monitoring_user] Changed password for user [elastic]五、ES 维护
# 1 查看集群健康状态 GET /_cat/health?v GET /_cluster/health?pretty # 2 查看集群节点状态 GET /_cat/nodes?v # 3 查看节点存储状态 GET /_cat/allocation?v # 4 查看集群索引状态 GET /_cat/indices?v # 5 查看索引分片状态 GET /_cat/shards?v
