ElasticSearch安装
Salted Fish 2023/6/20 Install
# 账号准备
# 1.新建用户
sudo useradd -m -d /home/包名 -s /bin/bash 用户名
1
# 2.设置密码
passwd 用户名
1
# 准备依赖
//8.7.1
链接:https://pan.baidu.com/s/1WIM9pt_bZ3ugcRm9EpYOow?pwd=abfm
提取码:abfm
//7.10.2
链接:https://pan.baidu.com/s/1-vLhxNlXU3Fjt9BgDDQ-Xw?pwd=nlea
提取码:nlea
1
2
3
4
5
6
7
2
3
4
5
6
7
# 执行部署
# 1.修改系统配置文件
sudo echo "vm.max_map_count=655360" >>/etc/sysctl.conf
sudo sysctl -p
sudo echo "* soft nofile 65536" >>/etc/security/limits.conf
sudo echo "* hard nofile 65536" >>//etc/security/limits.conf
sudo echo "* soft nproc 4096" >>/etc/security/limits.d/20-nproc.conf
sudo echo "* hard nproc 4096" >>/etc/security/limits.d/20-nproc.conf
1
2
3
4
5
6
2
3
4
5
6
# 2.解压安装包
tar -zxf elasticsearch-8.7.1-linux-x86_64.tar.gz
1
# 3.进入安装目录
cd elasticsearch-8.7.1/
1
# 4.修改 config 目录下的 [jvm.options]
# 设置内存大小为4g
-Xms4g
-Xmx4g
1
2
3
2
3
# 5.修改 config 目录下的 [elasticsearch.yml]
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
network.host: 0.0.0.0
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes: ["node-1"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Allow wildcard deletion of indices:
#
#action.destructive_requires_name: false
#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically
# generated to configure Elasticsearch security features on 16-06-2023 01:00:20
#
# --------------------------------------------------------------------------------
# Enable security features
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
enabled: false
keystore.path: certs/http.p12
# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
#----------------------- END SECURITY AUTO CONFIGURATION -------------------------
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# 6.启动ElasticSearch服务进程
bin/elasticsearch -d
1
# 7.修改初始密码
#-u 用户名
bin/elasticsearch-reset-password -u elastic -i
1
2
2
# 8.设置索引模板
#!/bin/bash
auth=elastic:Nssap@es
echo update template mobreq mobperf srvmonitor...
cd /home/nssap/elasticsearch-8.7.1/template
#threat_infos:代表模板的索引,-d:代表参数 @threat_infos:代表文件
curl -X PUT -H 'content-Type:application/json' -u $auth http://localhost:9200/_template/threat_infos -d @threat_infos
1
2
3
4
5
6
2
3
4
5
6
# 测试部署
# 1.查看ElasticSearch进程是否存在
curl -XGET http://localhost:9200/ -u 用户名:密码
1
{
"name" : "node-1",
"cluster_name" : "sdp",
"cluster_uuid" : "RZRm_A4lTRSEYxcNcKmGNQ",
"version" : {
"number" : "8.7.1",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "f229ed3f893a515d590d0f39b05f68913e2d9b53",
"build_date" : "2023-04-27T04:33:42.127815583Z",
"build_snapshot" : false,
"lucene_version" : "9.5.0",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"
}
#执行命令得到以上结果即说明安装成功。否则仔细检查安装步骤是否均成功,进行重试直至全部成功。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18