官網(wǎng) 可以查看詳細(xì)的安裝，安裝步驟比較簡單
https://www.elastic.co/guide/en/elasticsearch/reference/8.8/rpm.html#rpm-repo

直接安裝，需要配置倉庫
 cd  /etc/yum.repos.d/
 vielasticsearch.repo

[elasticsearch]
name=Elasticsearch repository for 8.x packages
baseurl=https://artifacts.elastic.co/packages/8.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=0
autorefresh=1
type=rpm-md

sudo yum install --enablerepo=elasticsearch elasticsearch  -y

開機(jī)啟動(dòng)
sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable elasticsearch.service
啟動(dòng)/停止
sudo systemctl start elasticsearch.service
sudo systemctl stop elasticsearch.service
查看狀態(tài)
sudo systemctl status elasticsearch.service

journalctl --unit elasticsearch

修改系統(tǒng)最大文件句柄數(shù)（修改后需要重啟系統(tǒng)才能生效）
# vi /etc/security/limits.conf
*       soft    nproc   65535
*       hard    nproc   65535
*       soft    nofile  65535
*       hard    nofile  65535

reboot

修改最大虛擬內(nèi)存
 vi /etc/sysctl.conf
vm.max_map_count=655360

訪問需要用https https://127.0.0.1:9200/
默認(rèn)用戶 elastic
密碼就是安裝的時(shí)候打印到屏幕上的密碼

配置集群

8.8 使用 創(chuàng)建token 這一招，沒有奏效，于是乎在官網(wǎng)各種爬。

第一步 修改配置文件

node1

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: es
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: node1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
network.host: 192.168.182.143
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
discovery.seed_hosts: ["192.168.182.142", "192.168.182.143","192.168.182.144"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes: ["node1", "node2", "node3"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Allow wildcard deletion of indices:
#
#action.destructive_requires_name: false

#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically      
# generated to configure Elasticsearch security features on 01-07-2023 14:38:29
#
# --------------------------------------------------------------------------------

# Enable security features
xpack.security.autoconfiguration.enabled : true
xpack.security.enabled: true


xpack.security.enrollment.enabled: true
xpack.security.transport.ssl.verification_mode: none

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/elastic-certificates.p12
  truststore.path: certs/elastic-certificates.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
#cluster.initial_master_nodes: ["localhost.localdomain"]

# Allow HTTP API connections from anywhere
# Connections are encrypted and require user authentication
http.host: 0.0.0.0

# Allow other nodes to join the cluster from anywhere
# Connections are encrypted and mutually authenticated
transport.host: 0.0.0.0
transport.port: 9300

#----------------------- END SECURITY AUTO CONFIGURATION -------------------------
node.roles: [master,data]

主要修改點(diǎn)：
····
cluster.name: es
node.name: node1
network.host: 192.168.182.143
添加如下兩個(gè)節(jié)點(diǎn)啟動(dòng)之后不會(huì)自動(dòng)創(chuàng)建集群
discovery.seed_hosts: [“192.168.182.142”, “192.168.182.143”,“192.168.182.144”]
cluster.initial_master_nodes: [“node1”, “node2”, “node3”]
transport.host: 0.0.0.0
transport.port: 9300
node.roles: [master,data]

····

配置文件修改完成之后，啟動(dòng)節(jié)點(diǎn)。報(bào)錯(cuò)如下：

[2023-07-08T00:24:27,553][WARN ][o.e.x.c.s.t.n.SecurityNetty4Transport] [node2] client did not trust this server's certificate, closing connection Netty4TcpChannel{localAddress=/192.168.182.143:9300, remoteAddress=/192.168.182.144:36500, profile=default}
[2023-07-08T00:24:28,420][WARN ][o.e.d.PeerFinder         ] [node2] address [192.168.182.142:9300], node [null], requesting [false] discovery result: [][192.168.182.142:9300] connect_exception: Failed execution: 

原因是因?yàn)闆]有配置通信證書。

找到一篇安全配置的文章
es安全配置

生成證書：
生成集群節(jié)點(diǎn)證書：

生成ca證書
./bin/elasticsearch-certutil ca
使用ca證書生成集群通信證書
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

把證書復(fù)制到其他節(jié)點(diǎn)/etc/elasticsearch/certs 目錄中

把證書密鑰添加至本地密鑰庫

./bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password


./bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password

節(jié)點(diǎn)更新完成之后重啟各個(gè)節(jié)點(diǎn)，查看節(jié)點(diǎn)狀態(tài)，集群創(chuàng)建成功。

狀態(tài)查詢
curl -XGET"http://localhost:9200/_cluster/health?pretty=true"
查詢Elasticsearch運(yùn)行狀態(tài)
curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200
查詢集群節(jié)點(diǎn)信息
curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200/_cluster/health?pretty=true

curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200/_cat/nodes

142 qvKpUo1_T1yqgkpn_KMk

生成token
/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node

/usr/share/elasticsearch/bin/elasticsearch-certutil cert

/usr/share/elasticsearch/bin/elasticsearch --enrollment-token eyJ2ZXIiOiI4LjguMiIsImFkciI6WyIxOTIuMTY4LjE4Mi4xNDI6OTIwMCJdLCJmZ3IiOiIxNDdjOWE5NGMwZDUwNTk2NWMwYWE0MmEyNDg3YzVkMjUyMWYzNjc5Y2QxZmMxOTBmYTg5ZDUxOTJlOTM1NjE4Iiwia2V5IjoibTkzMUZJa0JtRy1SVjJfNjZfYzk6M0hZN0Mxam5Uak9LWEVJQTJpN3BjUSJ9

常見問題匯總：

1.ERROR: Skipping security auto configuration because it appears that the node is not starting up for the first time. The node might already be part of a cluster and this auto setup utility is designed to configure Security for new clusters only

這個(gè)是因?yàn)榘惭b好之后啟動(dòng)過一次，之后注冊(cè)節(jié)點(diǎn)沒成功。

2.Skipping security auto configuration because this node is configured to bootstrap or to join a multi-node cluster, which is not supported

不能刪除安全項(xiàng)配置，

xpack.security.enabled: true

xpack.security.enrollment.enabled: true

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12

3. ERROR: Skipping security auto configuration because it appears that security is already configured

   安裝好之后配置了集群但是注冊(cè)失敗，具體原因還得繼續(xù)排除

4. java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors

   這種問題是開啟了安全模式，各個(gè)節(jié)點(diǎn)沒有配置證書的原因?qū)е?span toymoban-style="hidden">文章來源地址http://www.zghlxwxcb.cn/news/detail-542816.html

到了這里，關(guān)于es8.8 集群安裝筆記的文章就介紹完了。如果您還想了解更多內(nèi)容，請(qǐng)?jiān)谟疑辖撬阉鱐OY模板網(wǎng)以前的文章或繼續(xù)瀏覽下面的相關(guān)文章，希望大家以后多多支持TOY模板網(wǎng)！