# 前置 & 准备工作 sudo dnf update -y sudo dnf install -y nano wget curl unzip # 安全组防火墙开放9200端口、5601端口 # 安装 Elasticsearch 9.2.2 # 导入官方 GPG key sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch # 新建 yum repo 文件 sudo tee /etc/yum.repos.d/elasticsearch.repo <<-'EOF' [elasticsearch] name=Elasticsearch repository for 9.x packages baseurl=https://artifacts.elastic.co/packages/9.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md EOF # 安装 Elasticsearch: sudo dnf install elasticsearch --enablerepo=elasticsearch # 先不管直接启动、报错再查看日志,有可能是权限问题 sudo systemctl daemon-reload sudo systemctl enable elasticsearch sudo systemctl start elasticsearch sudo systemctl status elasticsearch sudo journalctl -u elasticsearch -f # 手动创建日志目录 + 设置权限 sudo mkdir -p /usr/share/elasticsearch/logs sudo chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs sudo chmod 750 /usr/share/elasticsearch/logs # 设置 elastic 超级用户密码 (推荐立即设定): sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic # 查看自签名证书,有则正常 ll /etc/elasticsearch/certs/ # 查看 HTTP CA 证书指纹(用于其他客户端配置) sudo openssl x509 -fingerprint -sha256 -in /etc/elasticsearch/certs/http_ca.crt -noout # 设置环境变量(替换为你的实际密码) export ELASTIC_PASSWORD='MyElastic123!' # 测试 HTTPS 请求(必须用 --cacert,因启用了 TLS) curl --cacert /etc/elasticsearch/certs/http_ca.crt \ -u elastic:$ELASTIC_PASSWORD \ https://localhost:9200 # 查看默认的配置文件 grep -v '^\s*#\|^\s*$' /etc/elasticsearch/elasticsearch.yml # 按实际情况修改配置文件集群名、非本地访问等 cluster.name: my-test-es path.data: /var/lib/elasticsearch path.logs: /var/log/elasticsearch network.host: 0.0.0.0 xpack.security.enabled: true xpack.security.enrollment.enabled: true xpack.security.http.ssl: enabled: true keystore.path: certs/http.p12 xpack.security.transport.ssl: enabled: true verification_mode: certificate keystore.path: certs/transport.p12 truststore.path: certs/transport.p12 cluster.initial_master_nodes: ["weblessie-server-02"] http.host: 0.0.0.0 # 更改es的jvm大小 vim /etc/elasticsearch/jvm.options -Xms4g -Xmx4g # 重启 sudo systemctl restart elasticsearch # 准备token,后续在Kibana中使用 sudo /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana # 准备安装 Kibana 9.2.2 # 新建 repo /etc/yum.repos.d/kibana.repo sudo tee /etc/yum.repos.d/kibana.repo <<-'EOF' [kibana] name=Kibana repository for 9.x packages baseurl=https://artifacts.elastic.co/packages/9.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md EOF # 安装 Kibana: sudo dnf install kibana --enablerepo=kibana # 启动 sudo systemctl daemon-reload sudo systemctl enable --now kibana # 访问 Kibana,输入生成的token http://ip:5601 # 获取 “verification code” /usr/share/kibana/bin/kibana-verification-code # 使用官方工具生成加密密钥(最规范) sudo /usr/share/kibana/bin/kibana-encryption-keys generate --force # 输出应类似: # ✔ Encryption keys generated and written to /etc/kibana/kibana.yml: # xpack.encryptedSavedObjects.encryptionKey # xpack.reporting.encryptionKey # xpack.security.encryptionKey # 修改配置文件 grep -v '^\s*#\|^\s*$' /etc/kibana/kibana.yml server.host: "0.0.0.0" logging: appenders: file: type: file fileName: /var/log/kibana/kibana.log layout: type: json root: appenders: - default - file pid.file: /run/kibana/kibana.pid i18n.locale: "zh-CN" elasticsearch.hosts: [https://10.0.0.38:9200] elasticsearch.serviceAccountToken: AAEAAWVsYXN0aWMva2liYW5hL2Vucm9sbC1wcm9jZXNzLXRva2VuLTE3NjUzNDE4OTI3MjY6Um9KdUo2N1hSZVNPeGNzOXFDaUh2dw elasticsearch.ssl.certificateAuthorities: [/var/lib/kibana/ca_1765341893683.crt] xpack.fleet.outputs: [{id: fleet-default-output, name: default, is_default: true, is_default_monitoring: true, type: elasticsearch, hosts: [https://10.0.0.38:9200], ca_trusted_fingerprint: 80af64db043e12ebda11c10f70042af91306a705fdcb6285814a84b420c734a5}] xpack.encryptedSavedObjects.encryptionKey: f10166c761265d5ca61e7fa2c1acac73 xpack.reporting.encryptionKey: 1772a5152522675d5a38470e905b2817 xpack.security.encryptionKey: d4b30e82e47f530a998e29cb0b8e5295