下载链接https://www.elastic.co/downloads/past-releases/elasticsearch-8-17-0https://www.elastic.co/downloads/past-releases/logstash-8-17-0https://www.elastic.co/cn/downloads/past-releases/kibana-8-17-0https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.17.0-linux-x86_64.tar.gzhttps://artifacts.elastic.co/downloads/logstash/logstash-8.17.0-linux-x86_64.tar.gzhttps://artifacts.elastic.co/downloads/kibana/kibana-8.17.0-linux-x86_64.tar.gz1、上传下载的安装包到指定机器上,然后做准备工作1)编辑 /etc/security/limits.conf 文件,添加以下行:星号(*)代表对所有用户应用该限制* soft nofile 65535* hard nofile 655352)编辑/etc/pam.d/login加在最后session required pam_limits.so3)vi /etc/sysctl.conf添加或修改以下行:vm.max_map_count=262144运行以下命令以使配置立即生效:sudo sysctl -p然后重启电脑2、解压和改名进入到软件的目录/usr/local/software执行如下2条命令tar -xzf elasticsearch-8.17.0-linux-x86_64.tar.gzmv elasticsearch-8.17.0 elasticsearch3、运行cd /usr/local/software/elasticsearch/bin[root@localhost bin]# ./elasticsearch遇到错误,不能以 root 用户身份运行 Elasticsearchfatal exception while booting Elasticsearch java.lang.RuntimeException: can not run elasticsearch as root这个错误的含义是 不能以 root 用户身份运行 Elasticsearch。为了安全性和权限问题4、创建data目录在/usr/local/software/elasticsearch目录下 mkdir data5、新建用户和授权useradd elasticsearchchown -R elasticsearch:elasticsearch /usr/local/software/elasticsearchchown -R elasticsearch:elasticsearch /usr/local/software/elasticsearch/datachown -R elasticsearch:elasticsearch /usr/local/software/elasticsearch/logs/chmod -R 755 /usr/local/software/elasticsearch/logs/6、删除elasticsearch.keystore[root@localhost config]# rm elasticsearch.keystorerm: remove regular file ‘elasticsearch.keystore’? y7、修改elasticsearch.yml cd /usr/local/software/elasticsearch/configvi /usr/local/software/elasticsearch/config/elasticsearch.yml备份下cp elasticsearch.yml elasticsearch_bak.yml修改vi elasticsearch.ymldiscovery.seed_hosts: [\"127.0.0.1:9300\"]cluster.initial_master_nodes: [\"localhost\"]xpack.security.enabled: falsexpack.security.enrollment.enabled: truehttp.host: 0.0.0.0transport.host: 0.0.0.0修改elasticsearch的堆内存cd /usr/local/software/elasticsearch/config/jvm.options.d/没有文件就创建一个touch heap-size.options-Xms2g-Xmx2g下面 Memory: 2.6G就是证明改变更了[root@localhost ~]# systemctl status elasticsearch● elasticsearch.service - Elasticsearch Loaded: loaded (/etc/systemd/system/elasticsearch.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2024-12-31 16:00:36 CST; 1min 46s ago Docs: http://www.elastic.co Main PID: 992 (java) Tasks: 87 Memory: 2.6G8 切换到 elasticsearch 用户sudo su - elasticsearch9 以 elasticsearch 用户身份启动 Elasticsearch在 elasticsearch 用户下,进入到 Elasticsearch 安装目录并启动服务:cd /usr/local/software/elasticsearch/bin./elasticsearch -d-d代表后台启动10 访问http://192.168.150.50:9200/, 如果不能访问再往下看或者文腾讯的AI,https://cat.aichatos8.com.cn/#/home{ \"name\" : \"localhost.localdomain\", \"cluster_name\" : \"elasticsearch\", \"cluster_uuid\" : \"udrBoGSRRwal_hpQ7ocUlQ\", \"version\" : { \"number\" : \"8.17.0\", \"build_flavor\" : \"default\", \"build_type\" : \"tar\", \"build_hash\" : \"2b6a7fed44faa321997703718f07ee0420804b41\", \"build_date\" : \"2024-12-11T12:08:05.663969764Z\", \"build_snapshot\" : false, \"lucene_version\" : \"9.12.0\", \"minimum_wire_compatibility_version\" : \"7.17.0\", \"minimum_index_compatibility_version\" : \"7.0.0\" }, \"tagline\" : \"You Know, for Search\"}11 创建服务 vi /etc/systemd/system/elasticsearch.service文件内容如下:[Unit]Description=ElasticsearchDocumentation=http://www.elastic.coAfter=network.target[Service]Type=simpleExecStart=/usr/local/software/elasticsearch/bin/elasticsearchUser=elasticsearchGroup=elasticsearchRestart=alwaysLimitMEMLOCK=infinityLimitNOFILE=65536LimitNPROC=4096[Install]WantedBy=multi-user.target替换 /path/to/elasticsearch-8.17.0 为实际路径。12 开机启动systemctl daemon-reloadsystemctl enable elasticsearchsystemctl start elasticsearchsystemctl status elasticsearchelasticsearch.yml
# ======================== Elasticsearch Configuration =========================## NOTE: Elasticsearch comes with reasonable defaults for most settings.# Before you set out to tweak and tune the configuration, make sure you# understand what are you trying to accomplish and the consequences.## The primary way of configuring a node is via this file. This template lists# the most important settings you may want to configure for a production cluster.## Please consult the documentation for further information on configuration options:# https://www.elastic.co/guide/en/elasticsearch/reference/index.html## ---------------------------------- Cluster -----------------------------------## Use a descriptive name for your cluster:##cluster.name: my-application## ------------------------------------ Node ------------------------------------## Use a descriptive name for the node:##node.name: node-1## Add custom attributes to the node:##node.attr.rack: r1## ----------------------------------- Paths ------------------------------------## Path to directory where to store the data (separate multiple locations by comma):##path.data: /path/to/data## Path to log files:##path.logs: /path/to/logs## ----------------------------------- Memory -----------------------------------## Lock the memory on startup:##bootstrap.memory_lock: true## Make sure that the heap size is set to about half the memory available# on the system and that the owner of the process is allowed to use this# limit.## Elasticsearch performs poorly when the system is swapping the memory.## ---------------------------------- Network -----------------------------------## By default Elasticsearch is only accessible on localhost. Set a different# address here to expose this node on the network:##network.host: 192.168.0.1## By default Elasticsearch listens for HTTP traffic on the first free port it# finds starting at 9200. Set a specific HTTP port here:##http.port: 9200## For more information, consult the network module documentation.## --------------------------------- Discovery ----------------------------------## Pass an initial list of hosts to perform discovery when this node is started:# The default list of hosts is [\"127.0.0.1\", \"[::1]\"]##discovery.seed_hosts: [\"host1\", \"host2\"]## Bootstrap the cluster using an initial set of master-eligible nodes:##cluster.initial_master_nodes: [\"node-1\", \"node-2\"]## For more information, consult the discovery and cluster formation module documentation.#discovery.seed_hosts: [\"127.0.0.1:9300\"]cluster.initial_master_nodes: [\"localhost\"]# ---------------------------------- Various -----------------------------------## Allow wildcard deletion of indices:##action.destructive_requires_name: false#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------## The following settings, TLS certificates, and keys have been automatically # generated to configure Elasticsearch security features on 30-12-2024 12:29:02## --------------------------------------------------------------------------------# Enable security featuresxpack.security.enabled: falsexpack.security.enrollment.enabled: true# Allow HTTP API connections from anywhere# Connections are encrypted and require user authenticationhttp.host: 0.0.0.0# Allow other nodes to join the cluster from anywhere# Connections are encrypted and mutually authenticatedtransport.host: 0.0.0.0#----------------------- END SECURITY AUTO CONFIGURATION -------------------------
==============================安装遇到的具体问题分析==================运行后 Elasticsearch security features have been automatically configured!✅ Authentication is enabled and cluster connections are encrypted.ℹ️ Password for the elastic user (reset with `bin/elasticsearch-reset-password -u elastic`): 7b9UkBY*NeEH3_ea85JGℹ️ HTTP CA certificate SHA-256 fingerprint: d7a127636d720f927127c4f974f806f512eae01dd8b85af21be192dd5bbb3c3cℹ️ Configure Kibana to use this cluster:• Run Kibana and click the configuration link in the terminal when Kibana starts.• Copy the following enrollment token and paste it into Kibana in your browser (valid for the next 30 minutes): eyJ2ZXIiOiI4LjE0LjAiLCJhZHIiOlsiMTkyLjE2OC4xNTAuNTA6OTIwMCJdLCJmZ3IiOiJkN2ExMjc2MzZkNzIwZjkyNzEyN2M0Zjk3NGY4MDZmNTEyZWFlMDFkZDhiODVhZjIxYmUxOTJkZDViYmIzYzNjIiwia2V5IjoiYVR5VkY1UUJWLTBzb19zV0UzT246UkhSangyMFRReWl1ZzZPeUtWSVJIQSJ9ℹ️ Configure other nodes to join this cluster:• On this node: ⁃ Create an enrollment token with `bin/elasticsearch-create-enrollment-token -s node`. ⁃ Uncomment the transport.host setting at the end of config/elasticsearch.yml. ⁃ Restart Elasticsearch.• On other nodes: ⁃ Start Elasticsearch with `bin/elasticsearch --enrollment-token `, using the enrollment token that you generated.重要信息:elastic user 的密码是 7b9UkBY*NeEH3_ea85JG重置密码的命令 bin/elasticsearch-reset-password -u elastic使用:bin/elasticsearch-create-enrollment-token -s node创建一个token, 但这个还用不上\"取消对config/exelasticsearch.yml末尾transport.host设置的注释。重新启动Elasticsearch。8、修改elasticsearch.yml cd /usr/local/software/elasticsearch/config备份下cp elasticsearch.yml elasticsearch_bak.yml修改vi elasticsearch.yml把它的注释去掉,然后保存重启。transport.host: 0.0.0.0[2024-12-30T21:00:35,801][ERROR][o.e.b.Elasticsearch ] [localhost.localdomain] node validation exception[2] bootstrap checks failed. You must address the points described in the following [2] lines before starting Elasticsearch. For more information see [https://www.elastic.co/guide/en/elasticsearch/reference/8.17/bootstrap-checks.html]bootstrap check failure [1] of [2]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]; for more information see [https://www.elastic.co/guide/en/elasticsearch/reference/8.17/bootstrap-checks-file-descriptor.html]bootstrap check failure [2] of [2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]; for more information see [https://www.elastic.co/guide/en/elasticsearch/reference/8.17/bootstrap-checks-max-map-count.html]ERROR: 这个错误信息说明 Elasticsearch 在启动时执行了 bootstrap checks(启动检查),并且未通过两个关键的检查。具体来说,出现了以下两个问题:错误信息解析:max file descriptors 设置过低错误信息:[bootstrap check failure [1] of [2]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]]解释:Elasticsearch 需要较高的文件描述符限制,因为它会同时打开很多文件(例如索引文件、日志文件等)。默认情况下,操作系统可能只允许最多 4096 个文件描述符,而 Elasticsearch 要求至少 65535 个。vm.max_map_count 设置过低错误信息:[bootstrap check failure [2] of [2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]]解释:vm.max_map_count 是操作系统设置的最大虚拟内存区域数(用于内存映射文件)。Elasticsearch 需要更高的这个值,特别是在处理大数据量时。默认值可能较低(如 65530),而 Elasticsearch 要求至少 262144。如何解决这些问题:1. 增加 max file descriptors 限制你需要增加操作系统中可打开文件的最大数量。方法如下:查看当前设置:bashulimit -n如果显示的数字小于 65535,你需要增加它。临时修改(只对当前会话有效):bashulimit -n 65535永久修改(适用于 Linux):编辑 /etc/security/limits.conf 文件,添加以下行:星号(*)代表对所有用户应用该限制* soft nofile 65535* hard nofile 65535如果你知道运行 Elasticsearch 的用户(例如 elasticsearch 用户),你可以替换星号为该用户名:elasticsearch soft nofile 65535elasticsearch hard nofile 65535还需要修改 /etc/pam.d/common-session 或 /etc/pam.d/login 文件(具体路径取决于发行版),并添加以下行:centos7 用这个/etc/pam.d/login加在最后session required pam_limits.so最后,重新启动机器或注销当前会话后生效。2. 增加 vm.max_map_count 限制vm.max_map_count 控制了每个进程可以映射的最大虚拟内存区域数量。需要将其增加到至少 262144:临时修改:bashsudo sysctl -w vm.max_map_count=262144永久修改:编辑 /etc/sysctl.conf 文件:bashsudo vi /etc/sysctl.conf添加或修改以下行:bashvm.max_map_count=262144运行以下命令以使配置立即生效:bashsudo sysctl -p3. 重启 Elasticsearch完成上述设置后,重启 Elasticsearch:bashsudo systemctl restart elasticsearch或者如果你是手动启动 Elasticsearch,则执行:bash./bin/elasticsearch总结:max file descriptors 的问题:增加文件描述符的限制到 65535。vm.max_map_count 的问题:增加虚拟内存映射区域的限制到 262144。完成配置后重启 Elasticsearch,应该能够顺利启动。如果还有其他问题,或者配置后仍然无法启动,可以查看 Elasticsearch 的日志(/usr/local/software/elasticsearch/logs/elasticsearch.log)来获取更多详细的错误信息。启动说没权限,继续修改目录权限如果 Elasticsearch 进程没有足够的权限来写入该目录,你可以更改该目录的权限,使得 Elasticsearch 有权访问它。假设 Elasticsearch 是以 elasticsearch 用户运行的,你可以执行以下命令来修复权限。给目录赋予适当的权限:bashsudo chown -R elasticsearch:elasticsearch /usr/local/software/elasticsearch/logs/这条命令将目录的所有权授予 elasticsearch 用户和组。确保目录具有正确的读写权限:bashsudo chmod -R 755 /usr/local/software/elasticsearch/logs/这样,目录将具有所有者的读、写和执行权限,其他用户只有读和执行权限。3. 检查日志文件权限同样需要确保日志文件本身(elasticsearch.log)的权限设置正确。执行以下命令来检查日志文件的权限:查看日志文件的权限:ls -l /usr/local/software/elasticsearch/logs/elasticsearch.log删除elasticsearch.keystore[root@localhost config]# rm elasticsearch.keystorerm: remove regular file ‘elasticsearch.keystore’? y从你提供的日志信息来看,Elasticsearch 在启动时遇到了 bootstrap 检查失败,并且因为 缺少配置 导致启动失败。错误消息中指出了如下问题:错误描述bootstrap check failure [1] of [1]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured;这意味着 Elasticsearch 发现你没有配置必要的发现设置,这是在生产环境中启动集群时的强制要求。具体来说,Elasticsearch 需要知道如何找到集群的节点和确定主节点。解决办法编辑 Elasticsearch 配置文件Elasticsearch 的配置文件 elasticsearch.yml 存在于你的 Elasticsearch 安装目录下的 config 目录中,例如:/usr/local/software/elasticsearch/config/elasticsearch.yml。添加 Discovery 配置在该文件中,你需要添加以下配置来启用节点发现机制。对于单节点部署,可以配置 discovery.seed_hosts 或 cluster.initial_master_nodes。如果你的环境是 单节点(即只有一个 Elasticsearch 实例),你可以添加以下配置:yaml# discovery.seed_hosts 用于指定初始节点列表,Elasticsearch 用它来查找其他节点discovery.seed_hosts: [\"127.0.0.1:9300\"]# 或者你可以使用 cluster.initial_master_nodes 指定初始的主节点列表cluster.initial_master_nodes: [\"localhost\"]如果你部署的是 多节点集群,你需要配置集群中的所有节点的 IP 地址。例如:yamldiscovery.seed_hosts: [\"node1_ip:9300\", \"node2_ip:9300\", \"node3_ip:9300\"]cluster.initial_master_nodes: [\"node1\", \"node2\", \"node3\"]discovery.seed_hosts 用于帮助节点相互发现,而 cluster.initial_master_nodes 用于在集群启动时指定初始的主节点。重启 Elasticsearch修改配置文件后,重启 Elasticsearch 服务。你可以使用以下命令来启动 Elasticsearch:vi /usr/local/software/elasticsearch/config/elasticsearch.ymldiscovery.seed_hosts: [\"127.0.0.1:9300\"]cluster.initial_master_nodes: [\"localhost\"]bash./bin/elasticsearch
