Mirror site is read only www.netnr.com
treenewbee 2022-05-07 09:42:37 👁854 💬0

  1. 下载es安装包(https://elasticsearch.cn/download/)

    wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.0-linux-x86_64.tar.gz
    
  2. 将es安装包解压到和旧版本相同的目录下(若path.data和path.logs使用外部目录,则可不修改配置文件)

    tar -zxvf elasticsearch-7.17.0-linux-x86_64.tar.gz
    
  3. 修改新版本es文件夹权限

    chown -R es:es elasticsearch-7.17.0
    
  4. 修改elasticsearch-env使用自带jdk

    #修改前
    if [ ! -z "$JAVA_HOME" ]; then
    JAVA="$JAVA_HOME/bin/java"
    JAVA_TYPE="JAVA_HOME"
     else
    if [ "$(uname -s)" = "Darwin" ]; then
      # macOS has a different structure
      JAVA="$ES_HOME/jdk.app/Contents/Home/bin/java"
    else
     JAVA="$ES_HOME/jdk/bin/java"
    fi
    JAVA_TYPE="bundled jdk"
     fi
    
    #修改后
    if [ "$(uname -s)" = "Darwin" ]; then
     # macOS has a different structure
     JAVA="$ES_HOME/jdk.app/Contents/Home/bin/java"
      else
     JAVA="$ES_HOME/jdk/bin/java"
      fi
      JAVA_TYPE="bundled jdk"
    
  5. 配置X-PACK安全认证

    #切换到 elasticsearch 安装文件目录 bin 下,借助elasticsearch-certutil命令生成证书(注意生成证书后需要修改certs文件夹权限):
    ./elasticsearch-certutil ca -out config/certs/elastic-certificates.p12 -pass
    
    #---------------修改配置
    # 开启xpack
    xpack.security.enabled: true
    xpack.license.self_generated.type: basic
    xpack.security.transport.ssl.enabled: true
    # 证书配置
    xpack.security.transport.ssl.verification_mode: certificate
    xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
    xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
    
    #重启es服务
    ./elasticsearch
    
    #-------------设置用户名密码
    elastic 账号:拥有 superuser 角色,是内置的超级用户。
    kibana 账号:拥有 kibana_system 角色,用户 kibana 用来连接 elasticsearch 并与之通信。Kibana 服务器以该用户身份提交请求以访问集群监视 API 和 .kibana 索引。不能访问 index。
    logstash_system 账号:拥有 logstash_system 角色。用户 Logstash 在 Elasticsearch 中存储监控信息时使用。
    #手动设置(多个内置账号依次输入,每个账号需要输入两次)
    ./elasticsearch-setup-passwords interactive
    #自动设置(注意保存)
    ./elasticsearch-setup-passwords auto
    #修改密码
    curl -H 'Content-Type: application/json' -u elastic:123456 -XPUT 'http://localhost:9200/_xpack/security/user/elastic/_password' -d '{ "password" : "1234567" }'
    
  6. java服务配置jest用户名密码

    spring.elasticsearch.jest.username: elastic
    spring.elasticsearch.jest.password: 123456
    #若/_cluster/health接口报错,可配置RestClient信息
    spring.elasticsearch.rest.username: elastic
    spring.elasticsearch.rest.password: 123456
    
  7. 修改elasticsearch-head访问方式

    #elasticsearch.yml中增加如下配置
    http.cors.enabled: true
    http.cors.allow-origin: "*"
    http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
    #在访问elasticsearch-head的url中拼接授权信息
    http://IP:9100/?base_uri=http://IP:9200&auth_user=elastic&auth_password=yourpasswd
    

链接