143 lines
4.5 KiB
Plaintext
143 lines
4.5 KiB
Plaintext
# 前置 & 准备工作
|
||
sudo dnf update -y
|
||
sudo dnf install -y nano wget curl unzip
|
||
|
||
# 安全组防火墙开放9200端口、5601端口
|
||
|
||
# 安装 Elasticsearch 9.2.2
|
||
# 导入官方 GPG key
|
||
sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
|
||
|
||
# 新建 yum repo 文件
|
||
sudo tee /etc/yum.repos.d/elasticsearch.repo <<-'EOF'
|
||
[elasticsearch]
|
||
name=Elasticsearch repository for 9.x packages
|
||
baseurl=https://artifacts.elastic.co/packages/9.x/yum
|
||
gpgcheck=1
|
||
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
|
||
enabled=1
|
||
autorefresh=1
|
||
type=rpm-md
|
||
EOF
|
||
|
||
# 安装 Elasticsearch:
|
||
sudo dnf install elasticsearch --enablerepo=elasticsearch
|
||
|
||
# 先不管直接启动、报错再查看日志,有可能是权限问题
|
||
sudo systemctl daemon-reload
|
||
sudo systemctl enable elasticsearch
|
||
sudo systemctl start elasticsearch
|
||
sudo systemctl status elasticsearch
|
||
sudo journalctl -u elasticsearch -f
|
||
|
||
# 手动创建日志目录 + 设置权限
|
||
sudo mkdir -p /usr/share/elasticsearch/logs
|
||
sudo chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs
|
||
sudo chmod 750 /usr/share/elasticsearch/logs
|
||
|
||
# 设置 elastic 超级用户密码 (推荐立即设定):
|
||
sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic
|
||
|
||
# 查看自签名证书,有则正常
|
||
ll /etc/elasticsearch/certs/
|
||
|
||
# 查看 HTTP CA 证书指纹(用于其他客户端配置)
|
||
sudo openssl x509 -fingerprint -sha256 -in /etc/elasticsearch/certs/http_ca.crt -noout
|
||
|
||
# 设置环境变量(替换为你的实际密码)
|
||
export ELASTIC_PASSWORD='MyElastic123!'
|
||
# 测试 HTTPS 请求(必须用 --cacert,因启用了 TLS)
|
||
curl --cacert /etc/elasticsearch/certs/http_ca.crt \
|
||
-u elastic:$ELASTIC_PASSWORD \
|
||
https://localhost:9200
|
||
|
||
|
||
# 查看默认的配置文件
|
||
grep -v '^\s*#\|^\s*$' /etc/elasticsearch/elasticsearch.yml
|
||
# 按实际情况修改配置文件集群名、非本地访问等
|
||
cluster.name: my-test-es
|
||
path.data: /var/lib/elasticsearch
|
||
path.logs: /var/log/elasticsearch
|
||
network.host: 0.0.0.0
|
||
xpack.security.enabled: true
|
||
xpack.security.enrollment.enabled: true
|
||
xpack.security.http.ssl:
|
||
enabled: true
|
||
keystore.path: certs/http.p12
|
||
xpack.security.transport.ssl:
|
||
enabled: true
|
||
verification_mode: certificate
|
||
keystore.path: certs/transport.p12
|
||
truststore.path: certs/transport.p12
|
||
cluster.initial_master_nodes: ["weblessie-server-02"]
|
||
http.host: 0.0.0.0
|
||
|
||
|
||
# 更改es的jvm大小
|
||
vim /etc/elasticsearch/jvm.options
|
||
-Xms4g
|
||
-Xmx4g
|
||
|
||
# 重启
|
||
sudo systemctl restart elasticsearch
|
||
|
||
# 准备token,后续在Kibana中使用
|
||
sudo /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana
|
||
|
||
|
||
# 准备安装 Kibana 9.2.2
|
||
# 新建 repo /etc/yum.repos.d/kibana.repo
|
||
sudo tee /etc/yum.repos.d/kibana.repo <<-'EOF'
|
||
[kibana]
|
||
name=Kibana repository for 9.x packages
|
||
baseurl=https://artifacts.elastic.co/packages/9.x/yum
|
||
gpgcheck=1
|
||
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
|
||
enabled=1
|
||
autorefresh=1
|
||
type=rpm-md
|
||
EOF
|
||
|
||
# 安装 Kibana:
|
||
sudo dnf install kibana --enablerepo=kibana
|
||
# 启动
|
||
sudo systemctl daemon-reload
|
||
sudo systemctl enable --now kibana
|
||
|
||
# 访问 Kibana,输入生成的token
|
||
http://ip:5601
|
||
|
||
# 获取 “verification code”
|
||
/usr/share/kibana/bin/kibana-verification-code
|
||
|
||
# 使用官方工具生成加密密钥(最规范)
|
||
sudo /usr/share/kibana/bin/kibana-encryption-keys generate --force
|
||
# 输出应类似:
|
||
# ✔ Encryption keys generated and written to /etc/kibana/kibana.yml:
|
||
# xpack.encryptedSavedObjects.encryptionKey
|
||
# xpack.reporting.encryptionKey
|
||
# xpack.security.encryptionKey
|
||
|
||
# 修改配置文件
|
||
grep -v '^\s*#\|^\s*$' /etc/kibana/kibana.yml
|
||
server.host: "0.0.0.0"
|
||
logging:
|
||
appenders:
|
||
file:
|
||
type: file
|
||
fileName: /var/log/kibana/kibana.log
|
||
layout:
|
||
type: json
|
||
root:
|
||
appenders:
|
||
- default
|
||
- file
|
||
pid.file: /run/kibana/kibana.pid
|
||
i18n.locale: "zh-CN"
|
||
elasticsearch.hosts: [https://10.0.0.38:9200]
|
||
elasticsearch.serviceAccountToken: AAEAAWVsYXN0aWMva2liYW5hL2Vucm9sbC1wcm9jZXNzLXRva2VuLTE3NjUzNDE4OTI3MjY6Um9KdUo2N1hSZVNPeGNzOXFDaUh2dw
|
||
elasticsearch.ssl.certificateAuthorities: [/var/lib/kibana/ca_1765341893683.crt]
|
||
xpack.fleet.outputs: [{id: fleet-default-output, name: default, is_default: true, is_default_monitoring: true, type: elasticsearch, hosts: [https://10.0.0.38:9200], ca_trusted_fingerprint: 80af64db043e12ebda11c10f70042af91306a705fdcb6285814a84b420c734a5}]
|
||
xpack.encryptedSavedObjects.encryptionKey: f10166c761265d5ca61e7fa2c1acac73
|
||
xpack.reporting.encryptionKey: 1772a5152522675d5a38470e905b2817
|
||
xpack.security.encryptionKey: d4b30e82e47f530a998e29cb0b8e5295 |