下载es安装包(https://elasticsearch.cn/download/)
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.0-linux-x86_64.tar.gz
将es安装包解压到和旧版本相同的目录下(若path.data和path.logs使用外部目录,则可不修改配置文件)
tar -zxvf elasticsearch-7.17.0-linux-x86_64.tar.gz
修改新版本es文件夹权限
chown -R es:es elasticsearch-7.17.0
修改elasticsearch-env使用自带jdk
#修改前
if [ ! -z "$JAVA_HOME" ]; then
JAVA="$JAVA_HOME/bin/java"
JAVA_TYPE="JAVA_HOME"
else
if [ "$(uname -s)" = "Darwin" ]; then
# macOS has a different structure
JAVA="$ES_HOME/jdk.app/Contents/Home/bin/java"
else
JAVA="$ES_HOME/jdk/bin/java"
fi
JAVA_TYPE="bundled jdk"
fi
#修改后
if [ "$(uname -s)" = "Darwin" ]; then
# macOS has a different structure
JAVA="$ES_HOME/jdk.app/Contents/Home/bin/java"
else
JAVA="$ES_HOME/jdk/bin/java"
fi
JAVA_TYPE="bundled jdk"
配置X-PACK安全认证
#切换到 elasticsearch 安装文件目录 bin 下,借助elasticsearch-certutil命令生成证书(注意生成证书后需要修改certs文件夹权限):
./elasticsearch-certutil ca -out config/certs/elastic-certificates.p12 -pass
#---------------修改配置
# 开启xpack
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
# 证书配置
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
#重启es服务
./elasticsearch
#-------------设置用户名密码
elastic 账号:拥有 superuser 角色,是内置的超级用户。
kibana 账号:拥有 kibana_system 角色,用户 kibana 用来连接 elasticsearch 并与之通信。Kibana 服务器以该用户身份提交请求以访问集群监视 API 和 .kibana 索引。不能访问 index。
logstash_system 账号:拥有 logstash_system 角色。用户 Logstash 在 Elasticsearch 中存储监控信息时使用。
#手动设置(多个内置账号依次输入,每个账号需要输入两次)
./elasticsearch-setup-passwords interactive
#自动设置(注意保存)
./elasticsearch-setup-passwords auto
#修改密码
curl -H 'Content-Type: application/json' -u elastic:123456 -XPUT 'http://localhost:9200/_xpack/security/user/elastic/_password' -d '{ "password" : "1234567" }'
java服务配置jest用户名密码
spring.elasticsearch.jest.username: elastic
spring.elasticsearch.jest.password: 123456
#若/_cluster/health接口报错,可配置RestClient信息
spring.elasticsearch.rest.username: elastic
spring.elasticsearch.rest.password: 123456
修改elasticsearch-head访问方式
#elasticsearch.yml中增加如下配置
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
#在访问elasticsearch-head的url中拼接授权信息
http://IP:9100/?base_uri=http://IP:9200&auth_user=elastic&auth_password=yourpasswd