elasticsearch添加分词和认证

2022-09-21 16:43:00
admin
原创
22
摘要:elasticsearch添加分词和认证

安装elasticsearch

cd  /usr/local

tar zxvf elasticsearch-7.14.1-linux-x86_64.tar.gz

cd /usr/local/elasticsearch-7.14.1

一、资源设置

vi /etc/security/limits.conf

资源限制设置

* soft nofile 65536

* hard nofile 131072

* soft nproc 2048

* hard nproc 4096

重启

ulimit -S -n

二、虚拟内存设置

vi /etc/sysctl.conf

虚拟内存设置

vm.max_map_count=655360

重启

sysctl -p

三、添加用户

groupadd es

useradd es -g es

passwd es

chown -R es:es elasticsearch-7.14.1/

配置文件

confg/elasticsearch.yml

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: node-3
# node为主节点
node.master: true
# node为存储数据的节点
node.data: true
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /usr/local/elasticsearch-7.14.1/data
#
# Path to log files:
#
path.logs: /usr/local/elasticsearch-7.14.1/logs
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
network.host: 0.0.0.0
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
http.port: 9200
transport.port: 9300
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
cluster.initial_master_nodes: ["node-1", "node-2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
discovery.seed_hosts: ["10.18.224.116:9300", "10.18.224.72","10.18.118.72"]
transport.tcp.compress: true
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true

五、启动

su es

/usr/local/elasticsearch-7.14.1/bin/elasticsearch -d

日志查看

tail -f /usr/local/elasticsearch-7.14.1/logs/my-application.log

一、添加ik分词器


bin/elasticsearch-plugin install 'file:elasticsearch-analysis-ik-7.14.1.zip'


二、elasticsearch认证


一、生成证书在主节点
./bin/elasticsearch-certutil ca
碰到第一个直接回车,不用管
碰到第二个输入密码,例如123456
二、生成秘钥
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
输入;第一的密码,路径输入空
mkdir config/certificates
# 移动凭证至指定目录下
mv elastic-certificates.p12 config/certificates/
三、将就是把elastic-certificates.p12这个文件移动到每一个es安装目录的相同路径下
四、授予权限(各个节点)
# 赋值权限,不然会出问题
chown -R es:es /usr/local/elasticsearch-7.14.1/
五、配置文件修改(各个节点)
# 跨域
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,X-Requested-With,Content-Type,Content-Length
xpack.security.enabled: true
xpack.security.authc.accept_default_password: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/local/elasticsearch-7.14.1/config/certificates/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/local/elasticsearch-7.14.1/config/certificates/elastic-certificates.p12
六、各个节点上添加密码(各个节点)
./bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
./bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
七、启动各个节点
su es
./bin/elasticsearch -d
八、设置密码(在主节点执行一下就可以了)
./bin/elasticsearch-setup-passwords  interactive
发表评论
评论通过审核之后才会显示。
文章分类
联系方式
联系人: 郑州-小万
电话: 13803993919
Email: 1027060531@qq.com
QQ: 1027060531
网址: www.wanhejia.com