1添加賬號

groupadd es

useradd es -g es -p es

2文件夾授權

mkdir -p /usr/local/apps/elasticsearch

mkdir -p /srv/elasticsearch/log

mkdir -p /srv/elasticsearch/data

chown -R es:es /usr/local/apps/elasticsearch

chown -R es:es /srv/elasticsearch

chown -R es:es /srv/elasticsearch/log

cd /usr/local/apps/elasticsearch

su es

3開始安裝

cd /usr/local/apps/elasticsearch/

下載包

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.12.1-linux-x86_64.tar.gz

(如果你已經有了的話直接拷貝過來elasticsearch-7.12.1-linux-x86_64.tar.gz)

解壓
max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

tar -xvf elasticsearch-7.12.1-linux-x86_64.tar.gz

將文件移到目錄下

將安裝包復制到其他節點上

rsync elasticsearch-7.12.1-linux-x86_64.tar.gz rd@172.20.3.36:/usr/local/apps/elasticsearch/

rsync elasticsearch-7.12.1-linux-x86_64.tar.gz rd@172.20.3.12:/usr/local/apps/elasticsearch/

[rd@localhost elasticsearch] mv * ../

刪除空的文件夾

rm -rf elasticsearch-7.12.1

如果服務器的內存不夠用的話需要修改內存大小

vi bin/elasticsearch 

找到xms項目

ES_JAVA_OPTS="-Xms500m -Xmx500m"

啟動

Option                Description            

-E <KeyValuePair> Configure a setting

-V, --version Prints Elasticsearch version information and exits

-d, --daemonize Starts Elasticsearch in the background

-h, --help Show help

-p, --pidfile <Path> Creates a pid file in the specified path on start

-q, --quiet Turns off standard output/error streams logging in console

-s, --silent Show minimal output

-v, --verbose Show verbose output

我們選擇 后臺線程模式

創建用戶

修改集群配置

vi config/elasticsearch.yml

cluster.name: search-center-es-cluster

#(每臺機器不同 36是 slave-node-1 12 是slave-node-2 35是 node.name: master-node-1)

node.name: slave-node-1

#從機是false

node.master: true

node.data: true

discovery.zen.minimum_master_nodes: 2

discovery.zen.ping_timeout: 120s

bootstrap.system_call_filter: false

path.data: /srv/elasticsearch/data

path.logs: /srv/elasticsearch/logs

bootstrap.memory_lock: true

#改成對應的ip地址

network.host: 172.20.3.35

http.port: 9200

則必須使用該 discovery.seed_hosts設置提供群集中其他節點的列表，這些節點符合主要條件且可能是實時且可聯系的，以便為發現過程設定種子

其實就是候選的主節點而已
discovery.seed_hosts: ["172.20.3.35:9300","172.20.3.12:9300"]

cluster.initial_master_nodes: ["master-node-1","master-node-2"]

xpack.security.enabled: true

xpack.license.self_generated.type: basic

xpack.security.transport.ssl.enabled: true

xpack.security.transport.ssl.verification_mode: certificate

xpack.security.transport.ssl.client_authentication: required

xpack.security.transport.ssl.keystore.path: /usr/local/apps/elasticsearch/config/ssl/elastic-certificates.p12

xpack.security.transport.ssl.truststore.path: /usr/local/apps/elasticsearch/config/ssl/elastic-certificates.p12

xpack.security.http.ssl.enabled: true

xpack.security.http.ssl.keystore.path: /usr/local/apps/elasticsearch/config/http.p12

刪除并創建es 的data 和log 目錄

如果有必要rm -rf /srv/elasticsearch/data/*

如果有必要rm -rf /srv/elasticsearch/log/*

mkdir -p /srv/elasticsearch/data/

mkdir -p /srv/elasticsearch/log/

生成ca證書

bin/elasticsearch-certutil ca

選擇默認路徑 文件名 填寫密碼 awifi@123

[root@ip-10-50-51-30 elasticsearch]# ls -l
total 318460
drwxr-xr-x.  2 root root      4096 Aug 26 17:06 bin
drwxr-xr-x.  3 root root       169 Aug 26 17:17 config
-rw-r--r--.  1 root root 325529336 Apr 28  2021 elasticsearch-7.12.1-linux-x86_64.tar.gz
-rw-------.  1 root root      2672 Aug 26 17:20 elastic-stack-ca.p12  看到這里已經生成好了
drwxr-xr-x.  9 root root       107 Apr 21  2021 jdk
drwxr-xr-x.  3 root root      4096 Apr 21  2021 lib
-rw-r--r--.  1 root root      3860 Apr 21  2021 LICENSE.txt
drwxr-xr-x.  2 root root         6 Apr 21  2021 logs
drwxr-xr-x. 60 root root      4096 Apr 21  2021 modules
-rw-r--r--.  1 root root    545323 Apr 21  2021 NOTICE.txt
drwxr-xr-x.  2 root root         6 Apr 21  2021 plugins
-rw-r--r--.  1 root root      2710 Apr 21  2021 README.asciidoc

生成憑證

bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

選擇默認路徑 文件名 填寫密碼

分發到集群的其他機器上

cp elastic-certificates.p12 config/ssl/

rsync config/ssl/elastic-certificates.p12 rd@172.20.3.12:/usr/local/apps/elasticsearch/config/ssl/

r4g9tj2z

rsync config/ssl/elastic-certificates.p12 rd@172.20.3.36:/usr/local/apps/elasticsearch/config/ssl/

r4g9tj2z

也可以在這一步的時候把elasticsearch 目錄打包 復制到其他機器上展開

每臺機器都得單獨執行以下操作(注意下面的這一步如果錯誤的話是不會報錯的 小心輸入你的密碼 保證和主機上輸入的一致)

為節點頒發證書

bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password

輸入上一步的密碼
bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password

sudo sh -c "ulimit -n 65535 && exec su $LOGNAME"

啟動每個服務

bin/elasticsearch -d

報錯

[2022-08-27T14:25:21,111][ERROR][o.e.b.Bootstrap ] [master-node-1] node validation exception
[2] bootstrap checks failed. You must address the points described in the following [2] lines before starting Elasticsearch.
bootstrap check failure [1] of [2]: memory locking requested for elasticsearch process but memory is not locked
bootstrap check failure [2] of [2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
[2022-08-27T14:25:21,116][INFO ][o.e.n.Node ] [master-node-1] stopping ...
[2022-08-27T14:25:21,138][INFO ][o.e.n.Node ] [master-node-1] stopped
[2022-08-27T14:25:21,139][INFO ][o.e.n.Node ] [master-node-1] closing ...
[2022-08-27T14:25:21,159][INFO ][o.e.n.Node ] [master-node-1] closed
^C

修改文件/etc/elasticsearch/elasticsearch.yml，上面那個報錯就是開啟后產生的，如果開啟還要修改其它系統配置文件
bootstrap.memory_lock: true
1
修改文件/etc/security/limits.conf，最后添加以下內容。

• soft nofile 65536

• hard nofile 65536

• soft nproc 32000

• hard nproc 32000

• hard memlock unlimited

• soft memlock unlimited
  1
  2
  3
  4
  5
  6
  7
  8
  9
  10
  11
  修改文件 /etc/systemd/system.conf ，分別修改以下內容。
  DefaultLimitNOFILE=65536

DefaultLimitNPROC=32000

DefaultLimitMEMLOCK=infinity
1
2
3
4
5
改好后重啟下系統。再啟動elasticsearch就沒報錯了 。

創建密碼

bin/elasticsearch-setup-passwords auto // 自動隨機生成并設置密碼

Changed password for user apm_system
PASSWORD apm_system = mzhAWtOQ2gWqRxsWHsRW

Changed password for user kibana_system
PASSWORD kibana_system = WbfKBnMBpFhSmDfpshco

Changed password for user kibana
PASSWORD kibana = WbfKBnMBpFhSmDfpshco

Changed password for user logstash_system
PASSWORD logstash_system = 3v0TSw37tRCKKT89XXlP

Changed password for user beats_system
PASSWORD beats_system = AgwwYr0cb0JcPFV7cDl4

Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = KrOzZf3FRP5csQuRfru1

Changed password for user elastic
PASSWORD elastic = i0INDDaOpldg0Bk4TP9h

Changed password for user apm_system
PASSWORD apm_system = QdXAj1VCFxr6sScc2lNK

Changed password for user kibana_system
PASSWORD kibana_system = SoersS5DIx8Z5endzk6l

Changed password for user kibana
PASSWORD kibana = SoersS5DIx8Z5endzk6l

Changed password for user logstash_system
PASSWORD logstash_system = RiFofyTXxeysjJvW7qkM

Changed password for user beats_system
PASSWORD beats_system = UXloMywJOQ61fpyzjCLm

Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = EYkFXKt9ZrovbJUOtVFX

Changed password for user elastic
PASSWORD elastic = tb355XlypevZWw7I9L35:

測試密碼是否都生效了

[rd@localhost elasticsearch]$ curl -u elastic http://172.20.3.35:9200/
Enter host password for user 'elastic': tb355XlypevZWw7I9L35
{
"name" : "master-node-1",
"cluster_name" : "search-center-es-cluster",
"cluster_uuid" : "7JdDyc5PQa61YsUV64JA0w",
"version" : {
"number" : "7.12.1",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "3186837139b9c6b6d23c3200870651f10d3343b7",
"build_date" : "2021-04-20T20:56:39.040728659Z",
"build_snapshot" : false,
"lucene_version" : "8.8.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}

curl -u elastic http://172.20.3.36:9200/

 curl -u elastic http://172.20.3.36:
Enter host password for user 'elastic':
{
  "name" : "slave-node-1",
  "cluster_name" : "search-center-es-cluster",
  "cluster_uuid" : "7JdDyc5PQa61YsUV64JA0w",
  "version" : {
    "number" : "7.12.1",
    "build_flavor" : "default",
    "build_type" : "tar",
    "build_hash" : "3186837139b9c6b6d23c3200870651f10d3343b7",
    "build_date" : "2021-04-20T20:56:39.040728659Z",
    "build_snapshot" : false,
    "lucene_version" : "8.8.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

curl -u elastic http://172.20.3.12:9200/

生成http證書 1:38(前面的一次失敗了)

停止所有的es服務

bin/elasticsearch-certutil http

第一個選擇N

第二個ca 選擇y

/usr/local/apps/elasticsearch/elastic-stack-ca.p12

Generate a CSR? [y/N]n

Use an existing CA? [y/N]y

For how long should your certificate be valid? [5y]5y

Enter all the IP addresses that you need, one per line.

When you are done, press <ENTER> once more to move on to the next step.

172.20.3.35

172.20.3.12

172.20.3.36

You entered the following IP addresses.

- 172.20.3.35

- 172.20.3.12

- 172.20.3.36

Is this correct [Y/n]y

Do you wish to change any of these options? [y/N]n

Provide a password for the "http.p12" file: [<ENTER> for none]

What filename should be used for the output zip file? [/usr/local/apps/elasticsearch1/elasticsearch-ssl-http.zip]

這里會生成一個 含有 kibana的連接證書 需要保留到后面使用
/usr/local/apps/elasticsearch/elasticsearch-ssl-http2.zip

unzip elasticsearch-ssl-http.zip

[rd@localhost elasticsearch1]$ unzip elasticsearch-ssl-http.zip

Archive: elasticsearch-ssl-http.zip

creating: elasticsearch/

inflating: elasticsearch/README.txt

inflating: elasticsearch/http.p12

inflating: elasticsearch/sample-elasticsearch.yml

creating: kibana/

inflating: kibana/README.txt

inflating: kibana/elasticsearch-ca.pem

inflating: kibana/sample-kibana.yml

cp elasticsearch/http.p12 config/

分發https證書和 憑證文件

rsync elasticsearch/http.p12 rd@172.20.3.12:/usr/local/apps/elasticsearch/config/

r4g9tj2z

rsync elasticsearch/http.p12 rd@172.20.3.36:/usr/local/apps/elasticsearch/config/

r4g9tj2z

每臺機器執行以下命令

bin/elasticsearch-keystore add xpack.security.http.ssl.keystore.secure_password

修改配置文件

找到http.p12部分 最后兩行

使用curl 命令測試https 接口

openssl pkcs12 -in http.p12 -out client.pem -nokeys

openssl pkcs12 -in http.p12 -out key.pem -nocerts -nodes

curl -k --cert client.pem --key key.pem -u elastic https://172.20.3.35:9200/

curl -k --cert client.pem --key key.pem -u elastic  https://172.20.3.35:9200/
curl: /lib64/libcrypto.so.10: no version information available (required by /lib64/libssh2.so.1)
curl: /lib64/libcrypto.so.10: no version information available (required by /lib64/libldap-2.4.so.2)
curl: /lib64/libcrypto.so.10: no version information available (required by /lib64/libldap-2.4.so.2)
curl: /lib64/libssl.so.10: no version information available (required by /lib64/libldap-2.4.so.2)
Enter host password for user 'elastic':
{
  "name" : "master-node-1",                                                                         wqs@172.30.1.230
  "cluster_name" : "search-center-es-cluster",
  "cluster_uuid" : "7JdDyc5PQa61YsUV64JA0w",
  "version" : {
    "number" : "7.12.1",
    "build_flavor" : "default",
    "build_type" : "tar",
    "build_hash" : "3186837139b9c6b6d23c3200870651f10d3343b7",
    "build_date" : "2021-04-20T20:56:39.040728659Z",
    "build_snapshot" : false,
    "lucene_version" : "8.8.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

測試

curl -u elastic http://172.20.3.12:9201

測試ok 即可

將整個文件打壓縮包 投放到每個節點上

tar cvf elasticsearch1.tar elasticsearch1

rsync elasticsearch1.tar rd@172.20.3.36:/usr/local/apps/

rsync elasticsearch1.tar rd@172.20.3.12:/usr/local/apps/

r4g9tj2z

rsync elasticsearch/http.p12 rd@172.20.3.12:/usr/local/apps/elasticsearch1/config/

rsync config/http.p12 rd@172.20.3.12:/usr/local/apps/elasticsearch1/config/

bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password

bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password

bin/elasticsearch-keystore add xpack.security.http.ssl.keystore.secure_password

日志查看

tail -fn 200 /srv/elasticsearch/logs/search-center-es-cluster.log

最常見問題是 主機啟動正常了 但是其余兩個拷貝過去的服務器啟動失敗

ElasticsearchSecurityException[failed to load SSL configuration [xpack.security.transport.ssl]]; nested: ElasticsearchException[failed to initialize SSL TrustManager]; nested: IOException[parseAlgParameters failed: ObjectIdentifier() -- data isn't an object ID (tag = 48)]; nested: IOException[ObjectIdentifier() -- data isn't an object ID (tag = 48)];

Likely root cause: java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 48)

at sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:285)

at sun.security.util.DerInputStream.getOID(DerInputStream.java:321)

at com.sun.crypto.provider.PBES2Parameters.engineInit(PBES2Parameters.java:267)

at java.security.AlgorithmParameters.init(AlgorithmParameters.java:293)

at sun.security.pkcs12.PKCS12KeyStore.parseAlgParameters(PKCS12KeyStore.java:815)

at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2027)

at java.security.KeyStore.load(KeyStore.java:1445)

at org.elasticsearch.xpack.core.ssl.TrustConfig.getStore(TrustConfig.java:98)

at org.elasticsearch.xpack.core.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:66)

at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:439)

at java.util.HashMap.computeIfAbsent(HashMap.java:1127)

at org.elasticsearch.xpack.core.ssl.SSLService.lambda$loadSSLConfigurations$5(SSLService.java:528)

at java.util.HashMap.forEach(HashMap.java:1289)

at java.util.Collections$UnmodifiableMap.forEach(Collections.java:1507)

at org.elasticsearch.xpack.core.ssl.SSLService.loadSSLConfigurations(SSLService.java:526)

at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:144)

at org.elasticsearch.xpack.core.XPackPlugin.createSSLService(XPackPlugin.java:462)

at org.elasticsearch.xpack.core.XPackPlugin.createComponents(XPackPlugin.java:292)

at org.elasticsearch.node.Node.lambda$new$17(Node.java:567)

at java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:267)

at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1384)

at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:482)

at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:472)

at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708)

at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)

at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499)

at org.elasticsearch.node.Node.<init>(Node.java:571)

at org.elasticsearch.node.Node.<init>(Node.java:278)

at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:217)

at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:217)

<<<truncated>>>

For complete error details, refer to the log at /srv/elasticsearch/logs/search-center-es-cluster.log

啟動服務

./elasticsearch -d

加密碼

[elastic@console bin]$ ./elasticsearch-setup-passwords interactive

future versions of Elasticsearch will require Java 11; your Java version from [/usr/java/jdk1.8.0_181/jre] does not meet this requirement

Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.

You will be prompted to enter passwords as the process progresses.

Please confirm that you would like to continue [y/N]y

Enter password for [elastic]:

Reenter password for [elastic]:

Passwords do not match.

Try again.

Enter password for [elastic]:

Reenter password for [elastic]:

Enter password for [apm_system]:

Reenter password for [apm_system]:

Enter password for [kibana]:

Reenter password for [kibana]:

Enter password for [logstash_system]:

Reenter password for [logstash_system]:

Enter password for [beats_system]:

Reenter password for [beats_system]:

Enter password for [remote_monitoring_user]:

Reenter password for [remote_monitoring_user]:

Changed password for user [apm_system]

Changed password for user [kibana]

Changed password for user [logstash_system]

Changed password for user [beats_system]

Changed password for user [remote_monitoring_user]

Changed password for user [elastic]

設置日志級別

機器學習 和 x pack不支持 arm

ElasticsearchException[X-Pack is not supported and Machine Learning is not available for [linux-arm]; you can use the other X-Pack features (unsupported) by setting xpack.ml.enabled: false in elasticsearch.yml]

at org.elasticsearch.xpack.ml.MachineLearningFeatureSet.isRunningOnMlPlatform(MachineLearningFeatureSet.java:125)

at org.elasticsearch.xpack.ml.MachineLearningFeatureSet.isRunningOnMlPlatform(MachineLearningFeatureSet.java:116)

at org.elasticsearch.xpack.ml.MachineLearning.createComponents(MachineLearning.java:666)

at org.elasticsearch.node.Node.lambda$new$17(Node.java:567)

at java.base/java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:271)

at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1654)

at jav

xpack.ml.enabled: false

修改日志目錄

path.data: /srv/elasticsearch/data

#

# Path to log files:

#

path.logs: /srv/elasticsearch/log

network 標記為0.0.0.0

es@awifi

啟動報錯

ERROR: [3] bootstrap checks failed. You must address the points described in the following [3] lines before starting Elasticsearch.

bootstrap check failure [1] of [3]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]

bootstrap check failure [2] of [3]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

bootstrap check failure [3] of [3]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured

ERROR: Elasticsearch did not exit normally - check the logs at /srv/elasticsearch/log/elasticsearch.log

編輯配置

vi /etc/security/limits.conf

es soft nofile 65535

es hard nofile 65537

max file descriptors [4096] for elasticsearch process is too low,

max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

elasticsearch啟動時遇到的錯誤

問題翻譯過來就是：elasticsearch用戶擁有的內存權限太小，至少需要262144；

解決：

切換到root用戶

執行命令：

sysctl -w vm.max_map_count=262144

查看結果：

sysctl -a|grep vm.max_map_count

顯示：

vm.max_map_count = 262144

上述方法修改之后，如果重啟虛擬機將失效，所以：

解決辦法：

在 /etc/sysctl.conf文件最后添加一行

vm.max_map_count=262144

即可永久修改

ERROR: [1] bootstrap checks failed. You must address the points described in the following [1] lines before starting Elasticsearch.

bootstrap check failure [1] of [1]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured

ERROR: Elasticsearch did not exit normally - check the logs at /srv/elasticsearch/log/elasticsearch.log

ps -ef | grep elasticsearch

查看是否啟動正常

/usr/local/apps/elasticsearch/bin/elasticsearch 啟動服務

bootstrap check failure [2] of [2]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured

修改配置

vi /usr/local/apps/elasticsearch/conf/elasticsearch.yml

放開 cluster.initial_master_nodes: ["node-1", "node-2"]

ERROR: [1] bootstrap checks failed. You must address the points described in the following [1] lines before starting Elasticsearch.

bootstrap check failure [1] of [1]: system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk

解決：

Centos6不支持SecComp，而ES5.2.0默認bootstrap.system_call_filter為true

禁用：在elasticsearch.yml中配置bootstrap.system_call_filter為false，注意要在Memory下面:

bootstrap.memory_lock: false

bootstrap.system_call_filter: false

終于啟動成功了

添加 ssl 和用戶名密碼

在elasticsearch 主目錄下bin下面執行命令

elasticsearch-certgen

Let's get started...

Please enter the desired output file [certificate-bundle.zip]: cert.zip

[圖片上傳失敗...(image-2d631f-1662713418849)]

Please enter the desired output file [certificate-bundle.zip]: cert.zip (最終生成文件的位置)

Enter instance name: bigdata

Enter name for directories and files [bigdata]: bigdata

Enter IP Addresses for instance (comma-separated if more than one) []: (ip地址 多個用逗號分割)192.168.211.117,192.168.211.118,192.168.211.119

Enter DNS names for instance (comma-separated if more than one) []: 192.168.211.117,192.168.211.118,192.168.211.119

Would you like to specify another instance? Press 'y' to continue entering instance information: n

Certificates written to /usr/local/apps/elasticsearch/elasticsearch-7.12.1/cert.zip (這里是告訴你生成的位置)

This file should be properly secured as it contains the private keys for all

instances and the certificate authority.

這里的enter instance name 的作用是

dns names for instance

啟動elasticsearch 報錯: 看來6.幾的版本和7.幾的版本不一樣

rd@hadoop-server-001 bin]$ uncaught exception in thread [main]

java.lang.IllegalArgumentException: unknown setting [xpack.ssl.key] did you mean [xpack.http.ssl.key]?

at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:533)

at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:478)

at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:449)

at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:420)

at org.elasticsearch.common.settings.SettingsModule.<init>(SettingsModule.java:138)

at org.elasticsearch.node.Node.<init>(Node.java:396)

at org.elasticsearch.node.Node.<init>(Node.java:278)

at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:217)

at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:217)

at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:397)

at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159)

at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150)

at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:75)

at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:116)

at org.elasticsearch.cli.Command.main(Command.java:79)

at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115)

at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:81)

For complete error details, refer to the log at /usr/local/apps/elasticsearch/elasticsearch-7.12.1/logs/elasticsearch.log

https://elasticstack.blog.csdn.net/article/details/105044365

[3] bootstrap checks failed. You must address the points described in the following [3] lines before starting Elasticsearch.

bootstrap check failure [1] of [3]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]

需要用root 執行以下命令

ulimit -n 65535

如果是非root 用戶需要退出重新登錄

[2] bootstrap checks failed. You must address the points described in the following [2] lines before starting Elasticsearch.

bootstrap check failure [1] of [2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

bootstrap check failure [2] of [2]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured

ERROR: [2] bootstrap checks failed. You must address the points described in the following [2] lines before starting Elasticsearch.

bootstrap check failure [1] of [2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

bootstrap check failure [2] of [2]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured

ERROR: Elasticsearch did not exit normally - check the logs at /usr/local/apps/elasticsearch/elasticsearch-7.12.1/logs/elasticsearch.log

elasticsearch啟動時遇到的錯誤

問題翻譯過來就是：elasticsearch用戶擁有的內存權限太小，至少需要262144；

解決：

切換到root用戶

執行命令：

sysctl -w vm.max_map_count=262144

查看結果：

sysctl -a|grep vm.max_map_count

顯示：

vm.max_map_count = 262144

上述方法修改之后，如果重啟虛擬機將失效，所以：

解決辦法：

在 /etc/sysctl.conf文件最后添加一行

vm.max_map_count=262144

即可永久修改

修改elasticsearch.yml 找到discovery那一塊，做如下修改

cluster.initial_master_nodes: ["node-1","node-2"]修改為：cluster.initial_master_nodes: ["node-1"]

sudo sh -c "ulimit -n 65535 && exec su $LOGNAME"

curl -k --cert client.pem --key key.pem -u elastic:tb355XlypevZWw7I9L35 https://172.20.3.35:9200/

補充

sudo sysctl -w vm.max_map_count=262144

報錯信息

[2022-08-28T06:13:36,789][ERROR][o.e.b.ElasticsearchUncaughtExceptionHandler] [slave-node-1] fatal error in thread [main], exiting
java.lang.OutOfMemoryError: unable to create native thread: possibly out of memory or process/resource limits reached
at java.lang.Thread.start0(Native Method) ~[?:?]
at java.lang.Thread.start(Thread.java:800) [?:?]
at java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:939) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor.execute(ThreadPoolExecutor.java:1345) ~[?:?]

2022-08-28T06:13:36,776][WARN ][i.n.c.AbstractChannel ] [slave-node-1] Force-closing a channel whose registration task was not accepted by an event loop: [id: 0x0fdf8c52]
java.lang.OutOfMemoryError: unable to create native thread: possibly out of memory or process/resource limits reached
at java.lang.Thread.start0(Native Method) ~[?:?]
at java.lang.Thread.start(Thread.java:800) ~[?:?]
at io.netty.util.concurrent.ThreadPerTaskExecutor.execute(ThreadPerTaskExecutor.java:32) ~[netty-common-4.1.49.Final.jar:4.1.49.Final]
at io.netty.util.internal.ThreadExecutorMap2}'`

Changed password for user apm_system
PASSWORD apm_system = gaGYokIPy6yRso6azRHU

Changed password for user kibana_system
PASSWORD kibana_system = Rfc9YT5gNFdATZeFJQnp

Changed password for user kibana
PASSWORD kibana = Rfc9YT5gNFdATZeFJQnp

Changed password for user logstash_system
PASSWORD logstash_system = cnK6lgEhlEkTougeOWNV

Changed password for user beats_system
PASSWORD beats_system = SSXUh9P4ZskGpIpLWQtU

Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = mjYDJeTyWvc7NrTRLQ5d

Changed password for user elastic
PASSWORD elastic = GN1eTGt39pimhSFiZua2

建立索引（表）

部署kibana

安裝docker

拉取kibana鏡像

docker pull kibana:7.6.2

啟動kibana鏡像

docker run --name kibana
-p 5601:5601
-e ELASTICSEARCH_HOSTS=https://10.50.51.30:9200
-d kibana:7.6.2

修改kibana配置

進入容器 vi config/kibana.yml
docker exec -it 7012502ac0fa /bin/bash

# Default Kibana configuration for docker target
server.name: kibana
server.host: "0"
server.port: 5601
elasticsearch.hosts: [ "https://10.50.51.30:9200","https://10.50.51.31:9200","https://10.50.51.35:9200" ]
xpack.monitoring.ui.container.elasticsearch.enabled: true
elasticsearch.username: "kibana"
elasticsearch.password: "Rfc9YT5gNFdATZeFJQnp"

#kibana訪轗?es轛~F群
elasticsearch.ssl.verificationMode: full
elasticsearch.ssl.certificateAuthorities: ["/usr/share/kibana/config/elasticsearch-ca.pem"]

xpack.monitoring.enabled: true
xpack.security.enabled: true
xpack.ml.enabled: true
xpack.watcher.enabled: true
xpack.graph.enabled: true

把elasticsearch-ca.pem文件拷貝到容器里
docker cp ../elasticsearch-ca.pem 7012502ac0fa:/usr/share/kibana/config/

重啟鏡像

docker restart 7012502ac0fa

docker logs -f --tail=200 7012502ac0fa

打開網頁

使用java進行連接