143 lines
4.5 KiB
Plaintext
143 lines
4.5 KiB
Plaintext
|
# 前置 & 准备工作
|
|||
|
|
sudo dnf update -y
|
|||
|
|
sudo dnf install -y nano wget curl unzip
|
|||
|
|
|
|||
|
|
# 安全组防火墙开放9200端口、5601端口
|
|||
|
|
|
|||
|
|
# 安装 Elasticsearch 9.2.2
|
|||
|
|
# 导入官方 GPG key
|
|||
|
|
sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
|
|||
|
|
|
|||
|
|
# 新建 yum repo 文件
|
|||
|
|
sudo tee /etc/yum.repos.d/elasticsearch.repo <<-'EOF'
|
|||
|
|
[elasticsearch]
|
|||
|
|
name=Elasticsearch repository for 9.x packages
|
|||
|
|
baseurl=https://artifacts.elastic.co/packages/9.x/yum
|
|||
|
|
gpgcheck=1
|
|||
|
|
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
|
|||
|
|
enabled=1
|
|||
|
|
autorefresh=1
|
|||
|
|
type=rpm-md
|
|||
|
|
EOF
|
|||
|
|
|
|||
|
|
# 安装 Elasticsearch:
|
|||
|
|
sudo dnf install elasticsearch --enablerepo=elasticsearch
|
|||
|
|
|
|||
|
|
# 先不管直接启动、报错再查看日志,有可能是权限问题
|
|||
|
|
sudo systemctl daemon-reload
|
|||
|
|
sudo systemctl enable elasticsearch
|
|||
|
|
sudo systemctl start elasticsearch
|
|||
|
|
sudo systemctl status elasticsearch
|
|||
|
|
sudo journalctl -u elasticsearch -f
|
|||
|
|
|
|||
|
|
# 手动创建日志目录 + 设置权限
|
|||
|
|
sudo mkdir -p /usr/share/elasticsearch/logs
|
|||
|
|
sudo chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs
|
|||
|
|
sudo chmod 750 /usr/share/elasticsearch/logs
|
|||
|
|
|
|||
|
|
# 设置 elastic 超级用户密码 (推荐立即设定):
|
|||
|
|
sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic
|
|||
|
|
|
|||
|
|
# 查看自签名证书,有则正常
|
|||
|
|
ll /etc/elasticsearch/certs/
|
|||
|
|
|
|||
|
|
# 查看 HTTP CA 证书指纹(用于其他客户端配置)
|
|||
|
|
sudo openssl x509 -fingerprint -sha256 -in /etc/elasticsearch/certs/http_ca.crt -noout
|
|||
|
|
|
|||
|
|
# 设置环境变量(替换为你的实际密码)
|
|||
|
|
export ELASTIC_PASSWORD='MyElastic123!'
|
|||
|
|
# 测试 HTTPS 请求(必须用 --cacert,因启用了 TLS)
|
|||
|
|
curl --cacert /etc/elasticsearch/certs/http_ca.crt \
|
|||
|
|
-u elastic:$ELASTIC_PASSWORD \
|
|||
|
|
https://localhost:9200
|
|||
|
|
|
|||
|
|
|
|||
|
|
# 查看默认的配置文件
|
|||
|
|
grep -v '^\s*#\|^\s*$' /etc/elasticsearch/elasticsearch.yml
|
|||
|
|
# 按实际情况修改配置文件集群名、非本地访问等
|
|||
|
|
cluster.name: my-test-es
|
|||
|
|
path.data: /var/lib/elasticsearch
|
|||
|
|
path.logs: /var/log/elasticsearch
|
|||
|
|
network.host: 0.0.0.0
|
|||
|
|
xpack.security.enabled: true
|
|||
|
|
xpack.security.enrollment.enabled: true
|
|||
|
|
xpack.security.http.ssl:
|
|||
|
|
enabled: true
|
|||
|
|
keystore.path: certs/http.p12
|
|||
|
|
xpack.security.transport.ssl:
|
|||
|
|
enabled: true
|
|||
|
|
verification_mode: certificate
|
|||
|
|
keystore.path: certs/transport.p12
|
|||
|
|
truststore.path: certs/transport.p12
|
|||
|
|
cluster.initial_master_nodes: ["weblessie-server-02"]
|
|||
|
|
http.host: 0.0.0.0
|
|||
|
|
|
|||
|
|
|
|||
|
|
# 更改es的jvm大小
|
|||
|
|
vim /etc/elasticsearch/jvm.options
|
|||
|
|
-Xms4g
|
|||
|
|
-Xmx4g
|
|||
|
|
|
|||
|
|
# 重启
|
|||
|
|
sudo systemctl restart elasticsearch
|
|||
|
|
|
|||
|
|
# 准备token,后续在Kibana中使用
|
|||
|
|
sudo /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana
|
|||
|
|
|
|||
|
|
|
|||
|
|
# 准备安装 Kibana 9.2.2
|
|||
|
|
# 新建 repo /etc/yum.repos.d/kibana.repo
|
|||
|
|
sudo tee /etc/yum.repos.d/kibana.repo <<-'EOF'
|
|||
|
|
[kibana]
|
|||
|
|
name=Kibana repository for 9.x packages
|
|||
|
|
baseurl=https://artifacts.elastic.co/packages/9.x/yum
|
|||
|
|
gpgcheck=1
|
|||
|
|
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
|
|||
|
|
enabled=1
|
|||
|
|
autorefresh=1
|
|||
|
|
type=rpm-md
|
|||
|
|
EOF
|
|||
|
|
|
|||
|
|
# 安装 Kibana:
|
|||
|
|
sudo dnf install kibana --enablerepo=kibana
|
|||
|
|
# 启动
|
|||
|
|
sudo systemctl daemon-reload
|
|||
|
|
sudo systemctl enable --now kibana
|
|||
|
|
|
|||
|
|
# 访问 Kibana,输入生成的token
|
|||
|
|
http://ip:5601
|
|||
|
|
|
|||
|
|
# 获取 “verification code”
|
|||
|
|
/usr/share/kibana/bin/kibana-verification-code
|
|||
|
|
|
|||
|
|
# 使用官方工具生成加密密钥(最规范)
|
|||
|
|
sudo /usr/share/kibana/bin/kibana-encryption-keys generate --force
|
|||
|
|
# 输出应类似:
|
|||
|
|
# ✔ Encryption keys generated and written to /etc/kibana/kibana.yml:
|
|||
|
|
# xpack.encryptedSavedObjects.encryptionKey
|
|||
|
|
# xpack.reporting.encryptionKey
|
|||
|
|
# xpack.security.encryptionKey
|
|||
|
|
|
|||
|
|
# 修改配置文件
|
|||
|
|
grep -v '^\s*#\|^\s*$' /etc/kibana/kibana.yml
|
|||
|
|
server.host: "0.0.0.0"
|
|||
|
|
logging:
|
|||
|
|
appenders:
|
|||
|
|
file:
|
|||
|
|
type: file
|
|||
|
|
fileName: /var/log/kibana/kibana.log
|
|||
|
|
layout:
|
|||
|
|
type: json
|
|||
|
|
root:
|
|||
|
|
appenders:
|
|||
|
|
- default
|
|||
|
|
- file
|
|||
|
|
pid.file: /run/kibana/kibana.pid
|
|||
|
|
i18n.locale: "zh-CN"
|
|||
|
|
elasticsearch.hosts: [https://10.0.0.38:9200]
|
|||
|
|
elasticsearch.serviceAccountToken: AAEAAWVsYXN0aWMva2liYW5hL2Vucm9sbC1wcm9jZXNzLXRva2VuLTE3NjUzNDE4OTI3MjY6Um9KdUo2N1hSZVNPeGNzOXFDaUh2dw
|
|||
|
|
elasticsearch.ssl.certificateAuthorities: [/var/lib/kibana/ca_1765341893683.crt]
|
|||
|
|
xpack.fleet.outputs: [{id: fleet-default-output, name: default, is_default: true, is_default_monitoring: true, type: elasticsearch, hosts: [https://10.0.0.38:9200], ca_trusted_fingerprint: 80af64db043e12ebda11c10f70042af91306a705fdcb6285814a84b420c734a5}]
|
|||
|
|
xpack.encryptedSavedObjects.encryptionKey: f10166c761265d5ca61e7fa2c1acac73
|
|||
|
|
xpack.reporting.encryptionKey: 1772a5152522675d5a38470e905b2817
|
|||
|
|
xpack.security.encryptionKey: d4b30e82e47f530a998e29cb0b8e5295
|