Lucene是一个高性能的java搜索引擎库,操作非常繁琐,需要具备Java开发经验。
Elasticsearch是基于Lucene之上包装一层外壳,屏蔽了Lucene的复杂操作,即使不会java语 ?也可以快速上?。
索引就好?书的目录,如果我们想快速查看某个章节,只需要找到目录里相应章节对应的页数即
可。
通过目录找到章节,通过章节找到页码这个过程就是索引的过程。
索引的目的就是加快数据搜索的效率。
先建?索引,再对索引进?搜索的过程就叫全文检索(Full-text Search)。
索引是根据章节找到页数,但是如果我并不知道我要找的内容属于哪个章节,?如我只知道?个
关键词,但是不知道这个关键词属于哪个章节。?家可以想?下,我们平时利用搜索引擎搜索的
时候是不是也是这种场景呢?
?如我们想知道?个电影的名字,但是记不起来具体的名字,只知道部分关键词或者剧情的内
容,那这种情景背后如何用技术解决呢?
这时候就不得不提到倒排索引了。
那么什么是倒排索引呢?还是拿书的目录举例?:
正常索引:
第1章 Elasticsearch介绍 第10页
第2章 Elasticsearch安装配置 第15页
第3章 Elasticsearch自定义配置 第20页
倒排索引:
关键词 章节
Elasticsearch 第1章 第2章 第3章
安装 第2章
配置 第2章 第3章
自定义 第3章
假设数据里里有以下新闻标题:
1.老男孩教育 1
2.老男孩教育linux学院 1 1
3.老男孩教育python学院 1 1
4.老男孩教育DBA学院 1 1
5.老男孩教育oldzhang 1 2
6.老男孩教育安全 1
Elasticsearch 内部分词,倒排索引,评分:
老男孩 1 2 3 4 5 6
教育 1 2 3 4 5 6
linux 2
python 3
DBA 4
oldzhang 5
学院 2 3 4
安全 6
用户输入:
老男孩 学院 oldzhang
分词:
老男孩
DBA
打分:
老男孩
DBA
返回给用户:
4.老男孩教育DBA学院 1 1
搜索: 电商,百科,app搜索,搜索结果?亮显示
日志分析和数据挖掘,数据展示
cat
skuid name
1 狗粮100kg
2 猫粮50kg
3 猫罐头200g
select * from cat where name 1ike ‘%狗粮%‘
Elasticsearch:
聚合运算之后得到SKUID:
1
2
拿到ID之后,mysq1就只需要简单地where查询即可
mysq1:
select xx from xxx where skuid = 1
主机名 | IP | 配置 |
---|---|---|
node-1 | 10.0.0.51 | 1C4G |
node-2 | 10.0.0.52 | 1C2G |
node-3 | 10.0.0.53 | 1C2G |
关闭:selinux
,firewalld
和NetworkManager
,postfix
(非必须)
修改IP地址、主机名
hostnamectl set-hostname node-1
sed -i ‘s/200/51/g‘ /etc/sysconfig/network-scripts/ifcfg-eth[01]
swapoff -a
sed -i ‘11d‘ /etc/fstab
mkdir -p /data/soft && cd /data/soft
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.9.1-x86_64.rpm
对于Elasticsearch7.0之后的版本不需要再独?的安装JDK了,软件包里已经自带了最新的JDK,所以直接启动即可。
rpm -ivh elasticsearch-7.9.1-x86_64.rpm
systemctl daemon-reload
systemctl enable elasticsearch.service
systemctl start elasticsearch.service
netstat -tupln | grep 9200
curl 127.0.0.1:9200
tail -f /var/log/elasticsearch/elasticsearch.log
[root@node-1 ~]# rpm -qc elasticsearch
/etc/elasticsearch/elasticsearch.yml # 主配置文件
/etc/elasticsearch/jvm.options # JVM配置文件
/etc/init.d/elasticsearch # init启动脚本
/etc/sysconfig/elasticsearch # 环境变量文件
/usr/lib/sysctl.d/elasticsearch.conf # 内核参数文件
/usr/lib/systemd/system/elasticsearch.service # systemd启动文件
cp /etc/elasticsearch/elasticsearch.yml /opt/
cat > /etc/elasticsearch/elasticsearch.yml << ‘EOF‘
node.name: node-1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
bootstrap.memory_lock: true
network.host: 127.0.0.1,10.0.0.51
http.port: 9200
discovery.seed_hosts: ["10.0.0.51"]
cluster.initial_master_nodes: ["10.0.0.51"]
EOF
bootstrap.memory_lock: true # 内存锁,最大堆内存=最小堆内存,启动时锁定内存 # /etc/elasticsearch/jvm.options -Xms1g -Xmx1g
systemctl restart elasticsearch.service
重启后,查看日志,发现提示内存锁定失败
[root@node-1 ~]# tail -f /var/log/elasticsearch/elasticsearch.log
[2020-12-17T19:34:38,132][ERROR][o.e.b.Bootstrap ] [node-1]
node validation exception
[1] bootstrap checks failed
[1]: memory locking requested for elasticsearch process but memory is
not locked
官?解决方案,解决:
systemctl edit elasticsearch
[Service]
LimitMEMLOCK=infinity
systemctl daemon-reload
systemctl restart elasticsearch.service
elasticsearch-head是?款用来管理Elasticsearch集群的第三方插件?具。
elasticsearch-Head插件在5.0版本之前可以直接以插件的形式直接安装,但是5.0以后安装方式发?了改变,需要nodejs环境?持,或者直接使用别?封装好的docker镜像,更推荐的是谷歌浏览器的插件。
elasticsearch-head的三种安装方式
elasticsearch-head编译安装
使用docker部署elasticsearch-head
docker pull alivv/elasticsearch-head
docker run --name es-head -p 9100:9100 -dit elivv/elasticsearch-head
使用nodejs编译安装elasticsearch-head
cd /opt/
wget https://nodejs.org/dist/v12.13.0/node-v12.13.0-linux-x64.tar.xz
tar xf node-v12.13.0-linux-x64.tar.xz
mv node-v12.13.0-linux-x64 node
echo ‘export PATH=$PATH:/opt/node/bin‘ >> /etc/profile
source /etc/profile
npm -v
node -v
git clone git://github.com/mobz/elasticsearch-head.git
unzip elasticsearch-head-master.zip
cd elasticsearch-head-master
npm install -g cnpm --registry=https://registry.npm.taobao.org
cnpm install
cnpm run start &
更多工具 --> 扩展程序 --> 开发者模式 --> 选择解压缩后的插件目录
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.9.1-x86_64.rpm
rpm -ivh kibana-7.9.1-x86_64.rpm
cat <<EOF >> /etc/kibana/kibana.yml
server.port: 5601
server.host: "10.0.0.51"
elasticsearch.hosts: ["http://10.0.0.51:9200"]
kibana.index: ".kibana"
EOF
systemctl enable kibana
systemctl start kibana
curl -XPUT ‘http://10.0.0.51:9200/linux/_doc/1‘ -H ‘Content-Type: application/json‘ -d ‘
{
"name": "zhang",
"age": "29"
}‘
粘贴API操作格式转变:
Relational DB | Elasticsearch |
---|---|
database | Indices |
Tables | Types |
rows | Documents |
columns | Fields |
POST Indices/Types/
{
"Fields": "Documents",
}
PUT linux/_doc/1
{
"name": "zhang",
"age": "29"
}
POST linux/_doc/
{
"name": "zhang",
"age": "29",
"address": "BJ"
}
mysql
id name age address job
1 zhang 27 BJ it
2 ya 22 SZ it
POST linux/_doc/
{
"id": "1",
"name": "zhang",
"age": "29",
"address": "BJ",
"job": "it"
}
POST linux/_doc/
{
"id": "2",
"name": "ya",
"age": "22",
"address": "SZ",
"job": "it"
}
POST linux/_doc/
{
"name": "zhang3",
"age": "22",
"address": "SZ",
"job": "ops"
}
POST linux/_doc/
{
"name": "li4",
"age": "30",
"address": "BJ",
"job": "dev"
}
POST linux/_doc/
{
"name": "wang5",
"age": "24",
"address": "BJ",
"job": "dev"
}
POST linux/_doc/
{
"name": "zhao6",
"age": "35",
"address": "SZ",
"job": "devops"
}
POST linux/_doc/
{
"name": "sun7",
"age": "21",
"address": "BJ",
"job": "ops"
}
POST linux/_doc/
{
"name": "jack",
"age": "27",
"address": "BJ",
"job": "devops"
}
POST linux/_doc/
{
"name": "scott",
"age": "25",
"address": "SZ",
"job": "dev"
}
GET linux/_search/
GET linux/_search
{
"query": {
"term": {
"name": {
"value": "zhang3"
}
}
}
}
GET linux/_search
{
"query": {
"term": {
"job": {
"value": "ops"
}
}
}
}
GET /linux/_search
{
"query": {
"bool": {
"must": [
{
"match": {
"address": "BJ"
}
},
{
"match": {
"job": "dev"
}
}
],
"filter": {
"range": {
"age": {
"gte": 27,
"lte": 30
}
}
}
}
}
}
PUT linux/info/1
{
"name": "zhang",
"age": 30,
"job": "it",
"id": 1
}
创建测试数据
PUT linux/_doc/1
{
"name": "zhang",
"age": "30",
"job": "it",
"id": 2
}
先根据自定义的Id字段查出数据的随机ID
GET linux/_search/
{
"query": {
"term": {
"id": {
"value": "2"
}
}
}
}
取到随机ID后更改数据
PUT linux/_doc/CVDdknIBq3aq7mPQaoWw
{
"name": "tony",
"age": 30,
"job": "it",
"id": 2
}
删除:DELETE linux/_doc/Iz0UqHYBKb3_fEmINvjQ
建议先关闭,等一段时间后,备份,最后删除
对运维友好:不需要太多java的知识也可以很方便的维护整个集群。
搭建方便:搭建副本?常简单,只需要将新节点加?已有集群即可,会自动同步数据。
自动故障转移:当节点出现故障时,会自动故障转移,将有数据复制到其他正常的节点。
主分片: 实际存储的数据,负责读写,粗框的是主分片
副本分片: 主分片的副本,提供读,同步主分片,细框的是副本分片
主分?的备份,副本数量可以自定义
7.x版本之前默认规则:1副本,5分?
7.x版本之后默认规则:1副本,1分?
主节点:负责调度数据分配到哪个节点
数据节点:实际负责处理数据的节点
默认:主节点也是?作节点
绿色:所有数据都完整,且副本数满?
黄色:所有数据都完整,但是副本数不满?
红色:?个或多个索引数据不完整
如果以前有单节点的数据,最好备份出来,然后再清空集群数据。
7.x版本之后不需要单独的安装JDK,软件包自带了JDK
rpm -ivh elasticsearch-7.9.1-x86_64.rpm
systemctl edit elasticsearch
[Service]
LimitMEMLOCK=infinity
systemctl daemon-reload
systemctl restart elasticsearch.service
cat > /etc/elasticsearch/elasticsearch.yml <<EOF
cluster.name: oldboy_linux
node.name: node-1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
bootstrap.memory_lock: true
network.host: 127.0.0.1,10.0.0.51
http.port: 9200
discovery.seed_hosts: ["10.0.0.51","10.0.0.52"]
cluster.initial_master_nodes: ["10.0.0.51"]
EOF
cat> /etc/elasticsearch/elasticsearch.yml <<EOF
cluster.name: oldboy_linux
node.name: node-2
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
bootstrap.memory_lock: true
network.host: 127.0.0.1,10.0.0.52
http.port: 9200
discovery.seed_hosts: ["10.0.0.51","10.0.0.52"]
cluster.initial_master_nodes: ["10.0.0.51"]
EOF
cluster.name: oldboy_linux # 集群名称 node.name: node-1 # 节点名称 path.data: /var/lib/elasticsearch # 数据目录 path.logs: /var/log/elasticsearch # 日志目录 bootstrap.memory_lock: true # 设置内存锁定 network.host: 127.0.0.1,10.0.0.51 # 本地监听地址 http.port: 9200 # 本地端? discovery.seed_hosts: ["10.0.0.51","10.0.0.52"] # 集群节点互相发现的地址,不需要把所有节点IP都写上。 cluster.initial_master_nodes: ["10.0.0.51"] # 集群初始化节点,只有创建集群的第?次有用,集群创建后参数失效。
systemctl stop elasticsearch.service
rm -rf /var/lib/elasticsearch/*
systemctl start elasticsearch
tail -f /var/log/elasticsearch/oldboy_linux.log
安装java
安装ES
配置内存锁定
node3集群配置文件
cat> /etc/elasticsearch/elasticsearch.yml <<EOF
cluster.name: oldboy_linux
node.name: node-3
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
bootstrap.memory_lock: true
network.host: 127.0.0.1,10.0.0.53
http.port: 9200
discovery.seed_hosts: ["10.0.0.51","10.0.0.53"]
EOF
添加节点注意
discovery.seed_hosts: ["10.0.0.51","10.0.0.53"]
数据分?颜?解释
集群故障转移实验
1.停掉主节点,观察集群是否正常
2.停掉主节点,是否还会选举出新的主节点
3.停掉主节点,数据分片的分布会不会发生变化,分片状态会不会发生变化
4.停掉主节点,然后在持续的写入数据,等节点恢复之后,会如何处理落后的数据
5.3个节点的Elasticsearch集群,极限情况下最多允许坏几台?
6.主节点故障,集群健康状态发生什么变化?
结论:
1.如果主节点坏掉了,会从活着的数据节点中选出一台新的主节点
2.如果主分片坏掉了,副本分片会升级为主分片
3.如果副本数不满足,会尝试在其他的节点上重新复制一份数据
4.修复上线只需要正常启动故障的节点即会自动加入到集群里,并且自动同步数据
5.7.x版本之前允许单个节点的集群运?。
7.x版本之后则必须至少2个节点存活集群才能正常工作
索引?旦建?完成,分?数就不可以修改了,但是副本数可以随时修改
PUT /linux2/
{
"settings": {
"number_of_shards": 3,
"number_of_replicas": 0
}
}
PUT /linux2/_settings/
{
"settings": {
"number_of_replicas": 2
}
}
PUT /_all/_settings/
{
"settings": {
"number_of_replicas": 0
}
}
2个节点: 默认就可以
3个节点: 重要的数据,2副本 不重要的默认
日志收集: 1副本3分?
1.不能只监控集群状态
2.监控节点数
3.监控集群状态
4.两者任意?个发?改变了都报警
GET _cat/nodes
GET _cat/health
GET _cat/master
GET _cat/fielddata
GET _cat/indices
GET _cat/shards
GET _cat/shards/linux
# zabbix监控:集群健康状态 OR 节点个数
# 查看集群健康状态
curl -s 127.0.0.1:9200/_cat/health|grep "green"|wc -l
# 查看节点个数
curl -s 127.0.0.1:9200/_cat/nodes|wc -l
点击kibana?板的监控按钮
GET /_cluster/settings
PUT /_cluster/settings
{
"persistent": {
"xpack": {
"monitoring": {
"collection": {
"enabled": "false"
}
}
}
}
}
POST /news/_doc/1
{"content":"美国留给伊拉克的是个烂摊?吗"}
POST /news/_doc/2
{"content":"公安部:各地校?将享最?路权"}
POST /news/_doc/3
{"content":"中韩渔警冲突调查:韩警平均每天扣1艘中国渔船"}
POST /news/_doc/4
{"content":"中国驻洛杉矶领事馆遭亚裔男?枪击 嫌犯已自?"}
POST /news/_search
{
"query": { "match": { "content": "中国" }},
"highlight": {
"pre_tags": ["<tag1>", "<tag2>"],
"post_tags": ["</tag1>", "</tag2>"],
"fields": {
"content": {}
}
}
}
未配置中文分词器时,查询中文会将词拆分成?个?个的汉字。
所有的ES节点都需要安装
所有的ES都需要重启才能?效
中文分词器的版本号要和ES版本号对应
https://github.com/medcl/elasticsearch-analysis-ik
/usr/share/elasticsearch/bin/elasticsearch-plugin install https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v7.9.1/elasticsearch-analysis-ik-7.9.1.zip
/usr/share/elasticsearch/bin/elasticsearch-plugin install file:///opt/elasticsearch-analysis-ik-7.9.1.zip
systemctl restart elasticsearch.service
PUT /news2
POST /news2/_doc/_mapping?include_type_name=true
{
"properties": {
"content": {
"type": "text",
"analyzer": "ik_max_word",
"search_analyzer": "ik_smart"
}
}
}
POST /news2/_doc/1
{"content":"美国留给伊拉克的是个烂摊?吗"}
POST /news2/_doc/2
{"content":"公安部:各地校?将享最?路权"}
POST /news2/_doc/3
{"content":"中韩渔警冲突调查:韩警平均每天扣1艘中国渔船"}
POST /news2/_doc/4
{"content":"中国驻洛杉矶领事馆遭亚裔男?枪击 嫌犯已自?"}
POST /news2/_search
{
"query" : { "match" : { "content" : "中国" }},
"highlight" : {
"pre_tags" : ["<tag1>", "<tag2>"],
"post_tags" : ["</tag1>", "</tag2>"],
"fields" : {
"content" : {}
}
}
}
根据字典拆,没有就拆到最小,因此需要更新中文分词库。
ll /etc/elasticsearch/analysis-ik/main.dic
yum install nginx -y
cat >>/usr/share/nginx/html/my_dic.txt<<EOF
北京
张亚
武汉
中国
深圳
EOF
nginx -t
systemctl start nginx
curl 127.0.0.1/my_dic.txt
cat <<EOF >/etc/elasticsearch/analysis-ik/IKAnalyzer.cfg.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
<properties>
<comment>IK Analyzer 扩展配置</comment>
<!--用户可以在这里配置自己的扩展字典 -->
<entry key="ext_dict"></entry>
<!--用户可以在这里配置自己的扩展停止词字典-->
<entry key="ext_stopwords"></entry>
<!--用户可以在这里配置远程扩展字典 -->
<entry key="remote_ext_dict">http://10.0.0.51/my_dic.txt</entry>
<!--用户可以在这里配置远程扩展停止词字典-->
<!-- <entry key="remote_ext_stopwords">words_location</entry> -->
</properties>
EOF
scp -rp /etc/elasticsearch/analysis-ik/IKAnalyzer.cfg.xml 10.0.0.52:/etc/elasticsearch/analysis-ik/
scp -rp /etc/elasticsearch/analysis-ik/IKAnalyzer.cfg.xml 10.0.0.53:/etc/elasticsearch/analysis-ik/
systemctl restart elasticsearch.service
tail -f /var/log/elasticsearch/oldboy_linux.log
[2020-12-18T10:27:08,126][INFO ][o.w.a.d.Dictionary ] [node-1]
start to reload ik dict.
[2020-12-18T10:27:08,127][INFO ][o.w.a.d.Dictionary ] [node-1] try
load config from /etc/elasticsearch/analysis-ik/IKAnalyzer.cfg.xml
[2020-12-18T10:27:08,538][INFO ][o.w.a.d.Dictionary ] [node-1]
[Dict Loading] http://10.0.0.51/my_dic.txt
[2020-12-18T10:27:08,540][INFO ][o.w.a.d.Dictionary ] [node-1] 北京
[2020-12-18T10:27:08,541][INFO ][o.w.a.d.Dictionary ] [node-1] 张亚
[2020-12-18T10:27:08,541][INFO ][o.w.a.d.Dictionary ] [node-1] 武汉
[2020-12-18T10:27:08,541][INFO ][o.w.a.d.Dictionary ] [node-1] 中国
[2020-12-18T10:27:08,541][INFO ][o.w.a.d.Dictionary ] [node-1] 深圳
[2020-12-18T10:27:08,541][INFO ][o.w.a.d.Dictionary ] [node-1]
reload ik dict finished.
echo "老男孩教育" >> /usr/share/nginx/html/my_dic.txt
POST /news2/_doc/7
{
"content":"学Linux来老男孩教育"
POST /news2/_search
{
"query" : { "match" : { "content" : "老男孩教育" }},
"highlight" : {
"pre_tags" : ["<tag1>", "<tag2>"],
"post_tags" : ["</tag1>", "</tag2>"],
"fields" : {
"content" : {}
}
}
}
如果是Elasticsearch集群想使用快照功能,则存储快照的目录必须是共享存储,并且所有节点都需要挂载这个目录。
yum install nfs-utils -y
cat > /etc/exports << ‘EOF‘
/data/backup 10.0.0.0/24(rw,sync,all_squash,anonuid=998,anongid=996)
EOF
mkdir /data/backup -p
systemctl start nfs
showmount -e 10.0.0.51
yum install nfs-utils -y
mkdir /data/backup -p
chown -R elasticsearch:elasticsearch /data/backup/
mount -t nfs 10.0.0.51:/data/backup /data/backup
df -h
cat <<EOF >>/etc/elasticsearch/elasticsearch.yml
path.repo: ["/data/backup"]
EOF
systemctl restart elasticsearch
PUT /_snapshot/my_fs_backup
{
"type": "fs",
"settings": {
"location": "/data/backup/my_fs_backup_location",
"compress": true
}
}
GET /_snapshot/my_fs_backup
PUT /_snapshot/my_fs_backup/snapshot_1?wait_for_completion=true
PUT /_snapshot/my_fs_backup/snapshot_2?wait_for_completion=true
{
"indices": "news1,news2",
"ignore_unavailable": true,
"include_global_state": false
}
GET /_snapshot/my_fs_backup/snapshot_1
GET /_snapshot/my_fs_backup/snapshot_2
GET /_snapshot/my_fs_backup/_current
DELETE /_snapshot/my_fs_backup/snapshot_2
DELETE /_snapshot/my_fs_backup
POST /_snapshot/my_fs_backup/snapshot_1/_restore
POST /_snapshot/my_fs_backup/snapshot_1/_restore
{
"indices": "news1,news2",
"ignore_unavailable": true,
"include_global_state": true,
"rename_pattern": "news(.+)",
"rename_replacement": "restored_news_$1"
}
POST /_snapshot/my_fs_backup/snapshot_1/_restore
{
"indices": "index_1",
"index_settings": {
"index.number_of_replicas": 0
},
"ignore_index_settings": [
"index.refresh_interval"
]
}
PUT /_snapshot/my_fs_backup/%3Csnapshot-%7Bnow%2Fd%7D%3E
GET /_snapshot/my_fs_backup/_all
wget https://nodejs.org/dist/v10.16.3/node-v10.16.3-linux-x64.tar.xz
tar xf node-v10.16.3-linux-x64.tar.xz -C /opt/
ln -s /opt/node-v10.16.3-linux-x64 /opt/node
echo ‘export PATH=/opt/node/bin:$PATH‘ >> /etc/profile
. /etc/profile
npm -v
node -v
npm install -g cnpm --registry=https://registry.npm.taobao.org
cnpm install elasticdump -g
elasticdump --input=http://10.0.0.51:9200/news2 --output=/data/news2.json --type=data
elasticdump --input=http://10.0.0.51:9200/news2 --output=$|gzip > /data/news2.json.gz
elasticdump --input=http://10.0.0.51:9200/news2 --output=/data/news2_mapping.json --type=mapping
elasticdump --input=http://10.0.0.51:9200/news2 --output=/data/news2.json --type=data
elasticdump --input=/data/news2.json --output=http://10.0.0.51:9200/news2
elasticdump --input=/data/news2_mapping.json --output=http://10.0.0.51:9200/news2 --type=mapping
elasticdump --input=/data/news2.json --output=http://10.0.0.51:9200/news2 --type=data
curl -s 10.0.0.52:9200/_cat/indices|awk ‘{print $3}‘|grep -v "^\."
注意
带密码认证的导出
--input=http://name:password@production.es.com:9200/my_index
/usr/share/elasticsearch/bin/elasticsearch-certutil ca
/usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
密码可以不填,全部回车即可。
mkdir /etc/elasticsearch/certs
cp /usr/share/elasticsearch/*.p12 /etc/elasticsearch/certs/
scp -r /etc/elasticsearch/certs 10.0.0.52:/etc/elasticsearch/
scp -r /etc/elasticsearch/certs 10.0.0.53:/etc/elasticsearch/
chown -R elasticsearch:elasticsearch /etc/elasticsearch/certs/
cat <<EOF >>/etc/elasticsearch/elasticsearch.yml
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-stack-ca.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-stack-ca.p12
EOF
systemctl restart elasticsearch
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user. You will be prompted to enter passwords as the process progresses. Please confirm that you would like to continue [y/N]y Enter password for [elastic]: Reenter password for [elastic]: Enter password for [apm_system]: Reenter password for [apm_system]: Enter password for [kibana_system]: Reenter password for [kibana_system]: Enter password for [logstash_system]: Reenter password for [logstash_system]: Enter password for [beats_system]: Reenter password for [beats_system]: Enter password for [remote_monitoring_user]: Reenter password for [remote_monitoring_user]: Changed password for user [apm_system] Changed password for user [kibana_system] Changed password for user [kibana] Changed password for user [logstash_system] Changed password for user [beats_system] Changed password for user [remote_monitoring_user] Changed password for user [elastic]
cat <<EOF >>/etc/kibana/kibana.yml
elasticsearch.username: "kibana_system"
elasticsearch.password: "elastic"
EOF
systemctl restart kibana
原文:https://www.cnblogs.com/backups/p/EBLK_1.html