🌟 Master Elasticsearch 8.0 in One Article

devhaozi · May 15, 2024, 5:05am

theme: vue-pro highlight: atelier-sulphurpool-light

1. Setting Up an Elasticsearch 8.0 Cluster (Linux Version)

1.1 Prepare three centos machines, with IP addresses 129, 131, and 132 respectively

1.2 Install JDK 17

ES requires the maximum number of open files per process to be at least 65536. Run the following on every machine:

vi /etc/security/limits.conf

* soft nofile 65536 
* hard nofile 65536

Modify the /etc/sysctl.conf file

vi /etc/sysctl.conf

vm.max_map_count = 262144

Reload configuration

sysctl -p

1.3 Download elasticsearch-8.9.0

Download the installation package

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.9.0-linux-x86_64.tar.gz

Extract the package

tar -zxvf elasticsearch-8.9.0-linux-x86_64.tar.gz

1.4 Create the `as` user (ES does not allow running as the root user by default)

useradd as

passwd as

① Create a new data directory

mkdir /java/elasticsearch/elasticsearch-8.9.0/data

② Create a new certificate directory

mkdir /java/elasticsearch/elasticsearch-8.9.0/config/certs

③ Change the file owner

chown -R as:as /java/elasticsearch/elasticsearch-8.9.0

④ Switch to the ES user

su as

cd /java/elasticsearch/elasticsearch-8.9.0/bin/

⑤ Issue the CA certificate

./elasticsearch-certutil ca

⑥ Issue node certificates using the CA certificate

./elasticsearch-certutil cert --ca elastic-stack-ca.p12

⑦ Move the generated certificates to the certificate directory

mv /java/elasticsearch/elasticsearch-8.9.0/elastic-stack-ca.p12 /java/elasticsearch/elasticsearch-8.9.0/config/certs/

1.5 Issue HTTP certificates on centos:129

cd /java/elasticsearch/elasticsearch-8.9.0/bin/

./elasticsearch-certutil http

Check the certificate location, unzip and move it to the certificate directory

cd ..

unzip elasticsearch-ssl-http.zip

mv /java/elasticsearch/elasticsearch-8.9.0/elasticsearch/http.p12 /java/elasticsearch/elasticsearch-8.9.0/config/certs/

Modify the config/elasticsearch.yml file: add the following configuration at the end of the file

# Set ES cluster name
cluster.name: es-study
# Set current node name in the cluster
node.name: node1
# Node roles
node.roles: [master,data]
# Set paths for data and log files
path.data: /java/elasticsearch/elasticsearch-8.9.0/data
path.logs: /java/elasticsearch/elasticsearch-8.9.0/logs
# Configure network access
# You must configure the network and port. If security is a concern, set host to the IP address that will access this Elasticsearch server to restrict access. You can also set network.host: 0.0.0.0 to allow access from any address.
network.host: 192.168.118.129
# Set network access port
http.port: 9200
discovery.seed_hosts:
  - 192.168.118.129
  - 192.168.118.131
  - 192.168.118.132
cluster.initial_master_nodes:
  - node1
  - node2
  - node3
# Security authentication
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
 enabled: true # Note the leading space
 keystore.path: /java/elasticsearch/elasticsearch-8.9.0/config/certs/http.p12
 truststore.path: /java/elasticsearch/elasticsearch-8.9.0/config/certs/http.p12
xpack.security.transport.ssl:
 enabled: true
 verification_mode: certificate
 keystore.path: /java/elasticsearch/elasticsearch-8.9.0/config/certs/elastic-stack-ca.p12
 truststore.path: /java/elasticsearch/elasticsearch-8.9.0/config/certs/elastic-stack-ca.p12
http.host: [_local_, _site_]
ingest.geoip.downloader.enabled: false
xpack.security.http.ssl.client_authentication: none

1.6 Start ES on centos:129

cd bin/

./elasticsearch

1.7 Enter the following address in your browser:

https://192.168.118.129:9200/

1.7 Start ES on centos:131

You need to create the user, modify memory configuration, create the data and certs directories, just repeat the same steps done above.

Download the certificates from centos:129, then upload them to the corresponding directory on centos:131

Modify the elasticsearch.yml configuration

cluster.name: es-study
# Set current node name in the cluster
node.name: node2
# Node roles
node.roles: [master,data]
# Set paths for data and log files
path.data: /java/elasticsearch/elasticsearch-8.9.0/data
path.logs: /java/elasticsearch/elasticsearch-8.9.0/logs
# Configure network access
# You must configure the network and port. If security is a concern, set host to the IP address that will access this Elasticsearch server to restrict access. You can also set network.host: 0.0.0.0 to allow access from any address.
network.host: 192.168.118.131
# Set network access port
http.port: 9200
discovery.seed_hosts:
  - 192.168.118.129
  - 192.168.118.131
  - 192.168.118.132
cluster.initial_master_nodes:
  - node1
  - node2
  - node3
# Security authentication
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
 enabled: true # Note the leading space
 keystore.path: /java/elasticsearch/elasticsearch-8.9.0/config/certs/http.p12
 truststore.path: /java/elasticsearch/elasticsearch-8.9.0/config/certs/http.p12
xpack.security.transport.ssl:
 enabled: true
 verification_mode: certificate
 keystore.path: /java/elasticsearch/elasticsearch-8.9.0/config/certs/elastic-stack-ca.p12
 truststore.path: /java/elasticsearch/elasticsearch-8.9.0/config/certs/elastic-stack-ca.p12
http.host: [_local_, _site_]
ingest.geoip.downloader.enabled: false
xpack.security.http.ssl.client_authentication: none

Start ES