1、安装
方式一:
#导入密钥 wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg #将存储库定义保存到 /etc/apt/sources.list.d/elastic-7.x.list: echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list #安装 sudo apt-get update && sudo apt-get install elasticsearch
方式二:
#手动下载安装 wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.1-amd64.deb wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.1-amd64.deb.sha512 shasum -a 512 -c elasticsearch-7.17.1-amd64.deb.sha512 sudo dpkg -i elasticsearch-7.17.1-amd64.deb #删除下载文件 sudo rm -r elasticsearch-7.17.1-amd64.deb && sudo rm -r elasticsearch-7.17.1-amd64.deb.sha512 #运行 Elasticsearch systemd sudo /bin/systemctl daemon-reload
2、启动Elasticsearch
sudo systemctl enable elasticsearch.service && sudo systemctl start elasticsearch.service
3、验证Elasticsearch是否正常
curl -X GET "localhost:9200/"
也可查看官方安装文档:https://www.elastic.co/guide/en/elasticsearch/reference/7.17/deb.html
4、安装ik和pinyin分词插件
查看es安装的版本,然后找到对应ik分词版本,要对应哟,将下载的ik包解压到es对应的目录下,然后重新启动es即可;
ik安装:
ik下载地址:https://github.com/medcl/elasticsearch-analysis-ik/releases
ubuntu@VM-0-3-ubuntu:~$ cd /usr/share/elasticsearch/plugins && sudo mkdir ik ubuntu@VM-0-3-ubuntu:/usr/share/elasticsearch/plugins$ cd ik ubuntu@VM-0-3-ubuntu:/usr/share/elasticsearch/plugins/ik$ sudo wget https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v7.17.1/elasticsearch-analysis-ik-7.17.1.zip ubuntu@VM-0-3-ubuntu:/usr/share/elasticsearch/plugins/ik$ sudo unzip elasticsearch-analysis-ik-7.17.1.zip ubuntu@VM-0-3-ubuntu:/usr/share/elasticsearch/plugins/ik$ sudo rm -r elasticsearch-analysis-ik-7.17.1.zip ubuntu@VM-0-3-ubuntu:/usr/share/elasticsearch/plugins/ik$ ls commons-codec-1.9.jar config httpclient-4.5.2.jar plugin-descriptor.properties commons-logging-1.2.jar elasticsearch-analysis-ik-7.17.1.jar httpcore-4.4.4.jar plugin-security.policy
pinyin安:
pinyin下载地址:https://github.com/medcl/elasticsearch-analysis-pinyin/releases
ubuntu@VM-16-8-ubuntu:/usr/share/elasticsearch/plugins$ sudo mkdir pinyin ubuntu@VM-16-8-ubuntu:/usr/share/elasticsearch/plugins$ cd pinyin ubuntu@VM-16-8-ubuntu:/usr/share/elasticsearch/plugins/pinyin$ sudo wget https://github.com/medcl/elasticsearch-analysis-pinyin/releases/download/v7.17.1/elasticsearch-analysis-pinyin-7.17.1.zip ubuntu@VM-16-8-ubuntu:/usr/share/elasticsearch/plugins/pinyin$ sudo unzip elasticsearch-analysis-pinyin-7.17.1.zip ubuntu@VM-16-8-ubuntu:/usr/share/elasticsearch/plugins/pinyin$ sudo rm -r elasticsearch-analysis-pinyin-7.17.1.zip ubuntu@VM-16-8-ubuntu:/usr/share/elasticsearch/plugins/pinyin$ ls elasticsearch-analysis-pinyin-7.17.1.jar nlp-lang-1.7.jar plugin-descriptor.properties
#重启后插件生效 sudo systemctl restart elasticsearch #查看已安装的插件 sudo /usr/share/elasticsearch/bin/elasticsearch-plugin list
5、其它
Elasticsearch 有三个配置文件:
elasticsearch.yml用于配置 Elasticsearch
jvm.options用于配置 Elasticsearch JVM 设置
log4j2.properties用于配置 Elasticsearch 日志记录
这些文件位于 config 目录中
Elasticsearch数据和日志目录
数据目录位于
/var/lib/elasticsearch
日志目录位于
/var/log/elasticsearch
配置文件目录位于
/etc/elasticsearch
打开配置文件
sudo vim /etc/elasticsearch/elasticsearch.yml
修改配置
更改数据和日志目录 1、先停止实例 sudo kill -9458 pid 2、创建目录 sudo mkdir -p /home/d/elasticsearch/data sudo mkdir -p /home/d/elasticsearch/log 3、授权为es用户 sudo chown -R elasticsearch:elasticsearch /home/d/elasticsearch/data sudo chown -R elasticsearch:elasticsearch /home/d/elasticsearch/log 4、修改es配置文件 path.data: /home/d/elasticsearch/data path.logs: /home/d/elasticsearch/log 5、重启es sudo systemctl restart elasticsearch
开启远程访问
打开es配置文件 sudo vim /etc/elasticsearch/elasticsearch.yml 修改以下节点 network.host: 0.0.0.0 discovery.seed_hosts: ["172.17.0.3"] 重启生效 sudo systemctl restart elasticsearch 访问测试 curl -X GET "172.17.0.3:9200/"
network.host:https://www.elastic.co/guide/en/elasticsearch/reference/7.17/important-settings.html#network.host
开启安全验证
开启最低安全验证 打开es配置文件 sudo vim /etc/elasticsearch/elasticsearch.yml 添加以下设置 xpack.security.enabled: true 如果是单节点,添加以下设置可确保您的节点不会无意中连接到可能在您的网络上运行的其他集群 discovery.type: single-node 重启es sudo systemctl restart elasticsearch 随机生成密码 sudo /usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto 使用自己的密码 sudo /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive 重启es sudo systemctl restart elasticsearch 例如: ubuntu@VM-0-3-ubuntu:/$ sudo /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user. You will be prompted to enter passwords as the process progresses. Please confirm that you would like to continue [y/N]y Enter password for [elastic]: Reenter password for [elastic]: Enter password for [apm_system]: passwords must be at least [6] characters long Try again. Enter password for [apm_system]: Reenter password for [apm_system]: Passwords do not match. Try again. Enter password for [apm_system]: Reenter password for [apm_system]: Enter password for [kibana_system]: Reenter password for [kibana_system]: Enter password for [logstash_system]: Reenter password for [logstash_system]: Enter password for [beats_system]: Reenter password for [beats_system]: Enter password for [remote_monitoring_user]: Reenter password for [remote_monitoring_user]: Changed password for user [apm_system] Changed password for user [kibana_system] Changed password for user [kibana] Changed password for user [logstash_system] Changed password for user [beats_system] Changed password for user [remote_monitoring_user] Changed password for user [elastic] #测试验证 curl -X GET "172.17.0.3:9200/" -u username:password #修改密码 curl -XPOST -u elastic "172.17.0.3:9200/_security/user/账号/_password" -H 'Content-Type: application/json' -d'{"password" : "旧密码"}' #回车后输入新密码,返回{}表示设置成功
安全相关说明:https://www.elastic.co/guide/en/elasticsearch/reference/7.17/setup-xpack.html
生产优化
1、更改资源限制
通过编辑文件为特定用户设置持久限制。将elasticsearch用户的最大打开文件数设置为65,535:
sudo vim /etc/security/limits.conf 在打开的文件中加入 elasticsearch - nofile 65535
2、禁用所有交换文件编辑
通常 Elasticsearch 是在一个盒子上运行的唯一服务,它的内存使用由 JVM 选项控制。应该不需要启用交换。
在 Linux 系统上,您可以通过运行以下命令临时禁用交换:
sudo swapoff -a
配置swappiness
Linux 系统上可用的另一个选项是确保将 sysctl 值 vm.swappiness设置为1. 这减少了内核交换的倾向,并且在正常情况下不应该导致
临时调整,会在机器重启后恢复原先设置的值 sysctl vm.swappiness=1 永久调整 sudo vim /etc/sysctl.conf 在打开的文件中加入 vm.swappiness =1 生效激活 sudo sysctl -p
3、虚拟内存编辑
Elasticsearchmmapfs默认使用一个目录来存储它的索引。默认操作系统对 mmap 计数的限制可能太低,这可能会导致内存不足异常。
临时设置 sysctl -w vm.max_map_count=262144 永久设置 sudo vim /etc/sysctl.conf 在打开的文件中加入 vm.max_map_count=262144 生效激活 sudo sysctl -p
4、TCP重传超时编辑
每对 Elasticsearch 节点通过多个 TCP 连接进行通信,这些连接 保持打开状态,直到其中一个节点关闭或节点之间的通信因底层基础设施故障而中断。大多数 Linux 发行版默认重新传输任何丢失的数据包 15 次。重传呈指数级下降,因此这 15 次重传需要 900 多秒才能完成。这意味着使用这种方法检测网络分区或故障节点需要很多分钟。Windows 默认只重传 5 次,对应的超时时间约为 6 秒,默认设置过多,甚至对大多数 Elasticsearch 安装使用的高质量网络有害,可以将TCP重新传输的最大次数减少到5次,五次重传对应的超时时间约为6秒。
临时设置 sysctl -w net.ipv4.tcp_retries2=5 永久设置 sudo vim /etc/sysctl.conf 在打开的文件中加入 net.ipv4.tcp_retries2 = 5 生效激活 sudo sysctl -p ubuntu@VM-0-3-ubuntu:~$ sudo vim /etc/sysctl.conf ubuntu@VM-0-3-ubuntu:~$ sudo sysctl -p kernel.sysrq = 1 net.ipv6.conf.all.disable_ipv6 = 0 net.ipv6.conf.default.disable_ipv6 = 0 net.ipv6.conf.lo.disable_ipv6 = 0 kernel.printk = 5 vm.swappiness = 1 vm.max_map_count = 262144 net.ipv4.tcp_retries2 = 5
#查看索引设置 #查看所有 curl -X GET "172.17.0.3:9200/_all/_settings" -u username:password #查看单个 curl -X GET "172.17.0.3:9200/my-index/_settings" -u username:password
参考文献:https://www.elastic.co/guide/en/elasticsearch/reference/7.17/important-settings.html
https://www.elastic.co/guide/en/elasticsearch/reference/7.17/system-config.html