标签:mit sts org cdh author enabled home certutil service
#1新增用户es
useradd es
passwd es
#2调整系统参数
vi /etc/hosts
#ES_Cluster
192.168.0.51 ESNode1
192.168.0.52 ESNode2
192.168.0.53 ESNode3
修改机器名
vim /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=ESNode1
#执行命令
# hostname ESNode1
CentOS7要多执行以下这步:
hostnamectl set-hostname ESNode1
#配置系统最大打开文件描述符数
vi /etc/sysctl.conf
vm.max_map_count = 262144
#执行以下命令生效
sysctl -p
配置进程最大打开文件描述符
vim /etc/security/limits.conf //文件最后
* soft nofile 65536
* hard nofile 65536
#3上传elasticsearch-6.5.2.rpm并安装
rpm -ivh elasticsearch-6.5.2.rpm
#4编写ES Master节点配置文件
[root@esnode1 es]# vi /etc/elasticsearch/elasticsearch.yml
cluster.name: 51xf_cluster
node.name: ESNode1
network.host: 192.168.0.51
http.port: 9200
transport.tcp.port: 9300
discovery.zen.ping.unicast.hosts: ["192.168.0.51","192.168.0.52","192.168.0.53"]
discovery.zen.minimum_master_nodes: 2
#避免出现跨域问题
http.cors.enabled: true
http.cors.allow-origin: "*"
调整jvm大小
vi /etc/elasticsearch/jvm.options
-Xms2g
-Xmx2g
#启动ES
### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
### You can start elasticsearch service by executing
sudo systemctl start elasticsearch.service
###查看服务启动状态
sudo journalctl --unit elasticsearch
#查看集群状态
curl -XGET http://192.168.0.51:9200/_cluster/health?pretty
#6安装head相关组建
#安装node.js
[root@esnode1 app]# curl -sL -o /etc/yum.repos.d/khara-nodejs.repo https://copr.fedoraproject.org/coprs/khara/nodejs/repo/epel-7/khara-nodejs-epel-7.repo
[root@esnode1 app]# yum install -y nodejs nodejs-npm
#安装grunt
cd /usr/lib/node_modules/npm/
npm install grunt-cli
npm install grunt
#安装解压工具
yum install -y bzip2
#安装head
yum install -y git
cd /home/es
git clone git://github.com/mobz/elasticsearch-head.git
cd elasticsearch-head/
npm install
vim _site/app.js
# 修改 『http://192.168.0.51:9200』字段到本机ES端口与IP
#启动head并在后台运行
cd /home/deploy/elasticsearch/elasticsearch-head-master/node_modules/grunt/bin
nohup grunt server &exit
cd /home/es/elasticsearch-head/node_modules/grunt/bin
nohup ./grunt server 2>&1 &
cd /home/es/elasticsearch-head/node_modules/grunt/bin
nohup ./grunt server > /dev/null 2>&1 & exit
#7安装SQL插件
/usr/share/elasticsearch/bin/elasticsearch-plugin install file:./elasticsearch-sql-6.5.2.0.zip
cd es-sql-site-standalone/site-server
node node-server.js &
#8安装kibana
sudo rpm --install kibana-6.5.2-x86_64.rpm
sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable kibana.service
#修改配置/etc/kibana/kibana.yml
vi /etc/kibana/kibana.yml
server.port: 5601
server.host: "192.168.0.51"
server.name: "ESNode1"
elasticsearch.url: "http://192.168.0.51:9200"
kibana.index: ".kibana"
#启动与关闭
sudo systemctl start kibana.service
sudo systemctl stop kibana.service
#查看日志
sudo journalctl --unit kibana
#9 安装已破解的xpack
#关闭ES与kibana服务
sudo systemctl stop elasticsearch.service
sudo systemctl stop kibana.service
#生成密钥
[root@curl-backlist elasticsearch]# bin/elasticsearch-certutil ca
#设置密钥
[root@curl-backlist elasticsearch]# mv elastic-stack-ca.p12 ./config/certs/
[root@curl-backlist elasticsearch]# ll config/certs/
[root@curl-backlist elasticsearch]# bin/elasticsearch-certutil cert --ca ./config/certs/elastic-stack-ca.p12
#输入密钥生成elastic-certificates.p12
把密钥文件放到每个节点
/etc/elasticsearch/elastic-certificates.p12
#在每个节点上都执行
[root@curl-backlist elasticsearch]# bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
#输入密钥
[root@curl-backlist elasticsearch]# bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
#输入密钥
[root@curl-backlist elasticsearch]# mv config /etc/elasticsearch/
[root@curl-backlist elasticsearch]# chmod 775 /etc/elasticsearch/config/certs/*
[root@curl-backlist certs]# scp elastic-certificates.p12 root@192.168.0.51:/etc/elasticsearch/
[root@cdhagent2 elasticsearch]# mv elastic-certificates.p12 ./config/certs/
#上传已破解x-pack-core-6.5.2.jar
cd /usr/share/elasticsearch/modules/x-pack-core
mv x-pack-core-6.5.2.jar x-pack-core-6.5.2.jar_bak
#设置xpack验证
#[root@esnode1 x-pack-core]# vi /etc/elasticsearch/elasticsearch.yml
#xpack.security.enabled: false
#启动ES与kibana
sudo systemctl start elasticsearch.service
sudo systemctl start kibana.service
#上传授权文件hyxf.json
#修改ES配置
[root@esnode1 x-pack-core]# vi /etc/elasticsearch/elasticsearch.yml
#新增允许head访问
http.cors.enabled : true
http.cors.allow-origin : "*"
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
#开启xpack验证
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
#设置默认密码
[root@esnode1 x-pack-core]# cd /usr/share/elasticsearch/
bin/elasticsearch-setup-passwords interactive
#重启ES
sudo systemctl start elasticsearch.service
#修改kibana设置
[root@esnode1 elasticsearch]# vi /etc/kibana/kibana.yml
# 在kibana.yml下添加如下两行
elasticsearch.username: elastic
elasticsearch.password: {你修改的password}
重启kibana
#调整head登录方式
http://192.168.0.51:9100/?auth_user=elastic&auth_password=elastic
标签:mit sts org cdh author enabled home certutil service
原文地址:https://www.cnblogs.com/datacat/p/11233638.html