A1.linux下elasticsearch安装

• 1.下载，解压

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.1.3-linux-x86_64.tar.gz
# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.1.3-linux-x86_64.tar.gz.sha512
# shasum -a 512 -c elasticsearch-8.1.3-linux-x86_64.tar.gz.sha512 
tar -xzvf elasticsearch-8.1.3-linux-x86_64.tar.gz

• 2.授权

# elasticsearch用户提前建立
sudo chown -R elasticsearch:elasticsearch /es/elasticsearch-8.1.3

• 3.运行

# 启动node1
./bin/elasticsearch
# 启动成功后可修改密码
./elasticsearch-reset-password -i -u elastic

• 启用身份验证和授权，并为elastic内置超级用户生成密码。
• 为传输层和 HTTP 层生成 TLS 的证书和密钥，并使用这些密钥和证书启用和配置 TLS。
• 为 Kibana 生成一个注册令牌，有效期为 30 分钟。

✅ Elasticsearch security features have been automatically configured!
✅ Authentication is enabled and cluster connections are encrypted.

ℹ️  Password for the elastic user (reset with `bin/elasticsearch-reset-password -u elastic`):
  Y*bv6n6Ghbi_gDvPI2_*

ℹ️  HTTP CA certificate SHA-256 fingerprint:
  1c1b9e6cc3a1468b586876da80ee3098fc7edd536eeb63f4450ce9bd426d6749

ℹ️  Configure Kibana to use this cluster:
• Run Kibana and click the configuration link in the terminal when Kibana starts.
• Copy the following enrollment token and paste it into Kibana in your browser (valid for the next 30 minutes):
  eyJ2ZXIiOiI4LjEuMyIsImFkciI6WyIxOTIuMTY4LjMxLjEzMzo5MjAxIl0sImZnciI6IjFjMWI5ZTZjYzNhMTQ2OGI1ODY4NzZkYTgwZWUzMDk4ZmM3ZWRkNTM2ZWViNjNmNDQ1MGNlOWJkNDI2ZDY3NDkiLCJrZXkiOiJsQkZVZzRBQmN6b00yT0hMcmtkNzpKbFpUU09FQlJZbW44T3UwempPWm9RIn0=

ℹ️ Configure other nodes to join this cluster:
• Copy the following enrollment token and start new Elasticsearch nodes with `bin/elasticsearch --enrollment-token <token>` (valid for the next 30 minutes):
  eyJ2ZXIiOiI4LjEuMyIsImFkciI6WyIxOTIuMTY4LjMxLjEzMzo5MjAxIl0sImZnciI6IjFjMWI5ZTZjYzNhMTQ2OGI1ODY4NzZkYTgwZWUzMDk4ZmM3ZWRkNTM2ZWViNjNmNDQ1MGNlOWJkNDI2ZDY3NDkiLCJrZXkiOiJraEZVZzRBQmN6b00yT0hMcmtkMDp4dmo3OVp6V1JwcVo3SUJEdnI4V3pBIn0=

  If you're running in Docker, copy the enrollment token and run:
  `docker run -e "ENROLLMENT_TOKEN=<token>" docker.elastic.co/elasticsearch/elasticsearch:8.1.3`

• 加入其他节点

# 如果token过期，在主节点运行
bin/elasticsearch-create-enrollment-token -s node
# 生成了enrollment-token,新节点的安装目录中，启动 Elasticsearch 并使用--enrollment-token参数传递注册令牌
bin/elasticsearch --enrollment-token <enrollment-token>
# 以下目录会生成证书和密钥
config/certs

• 最后，可以修改节点配置elasticsearch.yml

# node-1 建议在最初设置，集群建好后不要改，如果要修改只有删除主节点，重新加入集群，参见加入其他节点的操作
cluster.name: cluster133
node.name: node-1
network.host: 192.168.31.133
http.port: 9201
cluster.initial_master_nodes: ["node-1"]

# node-2 （与node-1同ip）
cluster.name: cluster133
node.name: node-2
network.host: 192.168.31.133
http.port: 9202
discovery.seed_hosts: ["127.0.0.1:9301", "192.168.31.133:9301"]

# node-3(另一台)
cluster.name: cluster133
node.name: node-3
network.host: 192.168.31.135
http.port: 9200
discovery.seed_hosts: ["192.168.31.133:9301"]

在第1次连接成功之后，如果以后出现集群启动问题，删除节点中的data目录下所有文件，再次启动即可

---

A2.linux下kibana安装

• 1.下载运行

  curl -O https://artifacts.elastic.co/downloads/kibana/kibana-8.1.3-linux-x86_64.tar.gz
  #curl https://artifacts.elastic.co/downloads/kibana/kibana-8.1.3-linux-x86_64.tar.gz.sha512 | shasum -a 512 -c - 
  tar -xzf kibana-8.1.3-linux-x86_64.tar.gz
  cd kibana-8.1.3/ 
  

• 如果token过期，启动 Elasticsearch 主节点，并为 Kibana 生成一个注册令牌编辑

./elasticsearch-create-enrollment-token -s kibana --url "https://192.168.31.133:9201"
# eyJ2ZXIiOiI4LjEuMyIsImFkciI6WyIxOTIuMTY4LjMxLjEzMzo5MjAxIl0sImZnciI6IjFjMWI5ZTZjYzNhMTQ2OGI1ODY4NzZkYTgwZWUzMDk4ZmM3ZWRkNTM2ZWViNjNmNDQ1MGNlOWJkNDI2ZDY3NDkiLCJrZXkiOiJhUUhSZ29BQjhCUHV4TTVheHE0OTpqUWdGaGgxWVFScWM3a3NxOWJuMjRRIn0=

• 启动kibana（若使用vm虚拟机，启动前配置kibana.yml，设置server.host: "192.168.31.133"<本机地址>，便于外网访问）

./bin/kibana
# 第一次启动会生成一个localhost:XXX，在浏览器访问此地址，elasticsearch生成的kibana token

---

B1.linux docker:安装 elasticsearch 8.1.3

• 参考文档：https://www.elastic.co/guide/en/elasticsearch/reference/8.1/docker.html

docker pull docker.elastic.co/enterprise-search/enterprise-search:8.1.3

如果在 Docker 容器中启动单节点 Elasticsearch 集群，则会自动为您启用和配置安全性。首次启动 Elasticsearch 时，会自动进行以下安全配置：

• 为传输层和 HTTP 层生成 证书和密钥。
• 传输层安全 (TLS) 配置设置被写入 elasticsearch.yml.
• 为elastic用户生成密码。
• 为 Kibana 生成一个注册令牌。

• 首先，配置单节点 Elasticsearch 集群
• 1.准备工作

# 创建网络
docker network create elastic
# 创建目录和文件
/usr/share/elasticsearch/config/es01/elasticsearch.yml
# elasticsearch.yml中保存
network.host: 0.0.0.0
# 新建用户，授权
useradd Elasticsearch
chown -R Elasticsearch:Elasticsearch /usr/share/elasticsearch/config/

• 2.在 Docker 中启动 Elasticsearch。为elastic用户生成密码并输出到终端，以及用于注册 Kibana 的注册令牌
  • 建议加上ES_JAVA_OPTS设置，可以避免多节点启动时，其他节点退出的情况
  • 运行参数的值自定义，ip，端口用自己物理机或虚拟机ip，port

docker pull docker.elastic.co/elasticsearch/elasticsearch:8.1.3

docker run -e ES_JAVA_OPTS="-Xms2g -Xmx2g" --name es01 --net elastic -p 9201:9200 -p 9301:9300 -it docker.elastic.co/elasticsearch/elasticsearch:8.1.3

# 挂载本地文件夹
docker run -e ES_JAVA_OPTS="-Xms2g -Xmx2g" --name es01 -v ves01:/usr/share/elasticsearch/config --net elastic -p 9201:9200 -p 9301:9300 -it docker.elastic.co/elasticsearch/elasticsearch:8.1.3

• 3.复制生成的密码和注册令牌并将其保存在安全位置。这些值仅在第一次启动 Elasticsearch 时显示
  • 如下内容是生成的，要拷贝到一个文件中，后面用：

------------------------------------------------------------------------------------------------------------------------------------------------------------------
-> Elasticsearch security features have been automatically configured!
-> Authentication is enabled and cluster connections are encrypted.

* elastic的密码
->  Password for the elastic user (reset with `bin/elasticsearch-reset-password -u elastic`):
  HRq90iK3wfBrW7sWPZ*7

->  HTTP CA certificate SHA-256 fingerprint:
  4bee7b8c89414f49c6747fe1799c76b8d9d253ea6e779288c868a4f91219c6b7

->  Configure Kibana to use this cluster:
* Run Kibana and click the configuration link in the terminal when Kibana starts.
* Copy the following enrollment token and paste it into Kibana in your browser (valid for the next 30 minutes):
* kibana用token(30分钟有效)
  eyJ2ZXIiOiI4LjEuMyIsImFkciI6WyIxNzIuMTguMC4yOjkyMDAiXSwiZmdyIjoiNGJlZTdiOGM4OTQxNGY0OWM2NzQ3ZmUxNzk5Yzc2YjhkOWQyNTNlYTZlNzc5Mjg4Yzg2OGE0ZjkxMjE5YzZiNyIsImtleSI6IjFjNk5mWUFCSXpOMVQxT0xYckdwOlQzcDBfWFpYUmNpaDdBV0V1R3RycUEifQ==

-> Configure other nodes to join this cluster:
* Copy the following enrollment token and start new Elasticsearch nodes with `bin/elasticsearch --enrollment-token <token>` (valid for the next 30 minutes):
* 新加节点用的token(30分钟有效)
 zIuMTguMC4yOjkyMDAiXSwiZmdyIjoiNGJlZTdiOGM4OTQxNGY0OWM2NzQ3ZmUxNzk5Yzc2YjhkOWQyNTNlYTZlNzc5Mjg4Yzg2OGE0ZjkxMjE5YzZiNyIsImtleSI6IjFzNk5mWUFCSXpOMVQxT0xYckdwOm1oazA1NVJIUmZtYlpfMVhFSHg3b2cifQ==

  If you're running in Docker, copy the enrollment token and run:
  `docker run -e "ENROLLMENT_TOKEN=<token>" docker.elastic.co/elasticsearch/elasticsearch:8.1.3`
-----------------------------------------------------------------------------------------------------

• 4.将http_ca.crt安全证书从 Docker 容器复制到本地计算机。

# /usr/share/elasticsearch/config/certs/  先建立此目录，以便下一步文件拷贝
docker cp es01:/usr/share/elasticsearch/config/certs/http_ca.crt .

• 5.http_ca.crt打开一个新终端，并使用从 Docker 容器中复制的文件进行经过身份验证的调用，验证是否可以连接到 Elasticsearch 集群。elastic出现提示时输入用户的密码。

# 在/usr/share/elasticsearch/config/certs/下运行
curl --cacert http_ca.crt -u elastic https://localhost:9201

• 重置密码，运行该elasticsearch-reset-password工具

# -i 表示手动输入密码， -u 指用户名
docker exec -it es01 /usr/share/elasticsearch/bin/elasticsearch-reset-password -i -u elastic

• 浏览器输入：https://192.168.31.139:9201/，安全提示可忽略即可以访问，输入用户名 ：elastic/密码，返回如下，表示单节点运行成功！(其中192.168.31.139为docker所在物理机或虚拟机ip)

{
"name": "e8472c952c32",
"cluster_name": "docker-cluster",
"cluster_uuid": "tLrgLl74SPiQjoJanYx3bg",
    "version": {
    "number": "8.1.3",
    "build_flavor": "default",
    "build_type": "docker",
    "build_hash": "39afaa3c0fe7db4869a161985e240bd7182d7a07",
    "build_date": "2022-04-19T08:13:25.444693396Z",
    "build_snapshot": false,
    "lucene_version": "9.0.0",
    "minimum_wire_compatibility_version": "7.17.0",
    "minimum_index_compatibility_version": "7.0.0"
    },
"tagline": "You Know, for Search"
}

---

• 其次，加入其他节点：
  • 首次启动 Elasticsearch 时，安装过程默认配置单节点集群。此过程还会生成一个注册令牌并将其打印到您的终端。如果您希望节点加入现有集群，请使用生成的注册令牌启动新节点。
  • 如果令牌过期，生成新令牌

docker exec -it es01 /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node

• 第二个节点启动时遇到运行第一个节点的容器退出的问题，显式设置 JVM 堆大小的值; 要手动配置堆大小，在启动每个节点时包含 变量和ES_JAVA_OPTS设置值

# 不指定端口加入,将config目录挂载到ves0x
docker run -e ENROLLMENT_TOKEN="eyJ2ZXIiOiI4LjEuMyIsImFkciI6WyIxNzIuMTguMC40OjkyMDAiXSwiZmdyIjoiZjY0ODY1ZjU3YjY0ZjA2Njg2ZGIxZTdlN2FiNDdjNmViMjAyYzBlNzFkMzgwMTY3YmIzZjU1MWQ1YzhmOWRmMCIsImtleSI6Im5zNFZoSUFCcHdDN2dYc1NCcWwzOk56MjY0WEJPU0oyOHdtNWY4NTVkWFEifQ==" -v ves02:/usr/share/elasticsearch/config -e ES_JAVA_OPTS="-Xms1g -Xmx1g" --name es02 --net elastic -it docker.elastic.co/elasticsearch/elasticsearch:8.1.3

docker run -e ENROLLMENT_TOKEN="eyJ2ZXIiOiI4LjEuMyIsImFkciI6WyIxNzIuMTguMC4yOjkyMDAiXSwiZmdyIjoiZjY0ODY1ZjU3YjY0ZjA2Njg2ZGIxZTdlN2FiNDdjNmViMjAyYzBlNzFkMzgwMTY3YmIzZjU1MWQ1YzhmOWRmMCIsImtleSI6Ik1NenRnNEFCV3N4UDFjYlVqRHJYOi1Hc0JUUFlQVEgyYTFKMjdDYkRWNVEifQ==" -v ves03:/usr/share/elasticsearch/config -e ES_JAVA_OPTS="-Xms1g -Xmx1g" --name es03 --net elastic -it docker.elastic.co/elasticsearch/elasticsearch:8.1.3


# 也可以指定端口映射加入节点
docker run -e ENROLLMENT_TOKEN="eyJ2ZXIiOiI4LjEuMyIsImFkciI6WyIxNzIuMTguMC4yOjkyMDAiXSwiZmdyIjoiZjY0ODY1ZjU3YjY0ZjA2Njg2ZGIxZTdlN2FiNDdjNmViMjAyYzBlNzFkMzgwMTY3YmIzZjU1MWQ1YzhmOWRmMCIsImtleSI6Ii1aRW5nSUFCTUU2YWFlTFpqMFk1OmVJbkNKVnV0U3VTbHN4QTg0bHRFNkEifQ==" -v ves04:/usr/share/elasticsearch/config -e ES_JAVA_OPTS="-Xms1g -Xmx1g" -p 9202:9200 -p 9302:9300 --name es04 --net elastic -it docker.elastic.co/elasticsearch/elasticsearch:8.1.3

• 以此推加入节点
• 浏览器验证：https://192.168.31.139:9201/_cat/nodes

172.18.0.5 27 88 0 0.88 0.46 0.30 cdfhilmrstw - fa20d93534c4
172.18.0.3 24 88 0 0.88 0.46 0.30 cdfhilmrstw - 826f16400df2
172.18.0.4 21 88 0 0.88 0.46 0.30 cdfhilmrstw - 474212145ad2
172.18.0.2 30 88 0 0.88 0.46 0.30 cdfhilmrstw * e8472c952c32

• 重新启动新加节点，会出现启动失败的情况【关键】（或者启动无提示，docker ps 看不到container），查看docker logs XXX日志，如果出现下面错误，需要调整环境变量

ERROR: Skipping security auto configuration because it appears that the node is not starting up for the first time. The node might already be part of a cluster and this auto setup utility is designed to configure Security for new clusters only.

• 修改container环境变量，修改后，重启docker容器（好让docker重新加载配置文件conig.v2.json）

建议一次将所有从节点的ENROLLMENT_TOKEN删除，再重启

# 将对应id中的config.v2.json修改，删除其中的ENROLLMENT_TOKEN键值对
/var/lib/docker/containers/c4e850f2e79dc7244f19c55fb81f4bfd679f693f96f5f17b0679af7bbfeb8603

---

B2.linux docker : 安装kibana.8.1.3

• 前提，已经安装，运行elasticsearch；

• 1.拉取image，运行container，当启动 Kibana 时，一个唯一的链接会输出到终端，要访问 Kibana，单击终端中生成的链接

docker pull docker.elastic.co/kibana/kibana:8.1.3
docker run --name kib-01 --net elastic -p 5601:5601 docker.elastic.co/kibana/kibana:8.1.3

• 会出现如下提示：

Go to http://0.0.0.0:5601/?code=639777 to get started.

• 2.如果es令牌过期，为kibana生成新的token

docker exec -it es01 /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana
# 生成的token在 http://xxxx:5601
eyJ2ZXIiOiI4LjEuMyIsImFkciI6WyIxNzIuMTguMC4yOjkyMDAiXSwiZmdyIjoiZjY0ODY1ZjU3YjY0ZjA2Njg2ZGIxZTdlN2FiNDdjNmViMjAyYzBlNzFkMzgwMTY3YmIzZjU1MWQ1YzhmOWRmMCIsImtleSI6Im1vSElnNEFCbXNkSmRsTnN6VzRXOk9UQ3hhWWwyVEdPVGs4eS14TlBCYmcifQ==

• 3.启动 Kibana 并将其连接到Elasticsearch 容器

# 将0.0.0.0替换为kibana ip地址，填入生成的token,用户名/密码，启动成功
http://0.0.0.0:5601/?code=639777

---

C.使用 Docker Compose 启动多节点集群

• 安装docker compose、docker-compose
• 确保下列正常输出

docker compose version
docker-compose version

• 在新建目录中编辑.env

# Password for the 'elastic' user (at least 6 characters)
ELASTIC_PASSWORD=elastic
#
# # Password for the 'kibana_system' user (at least 6 characters)
KIBANA_PASSWORD=elastic
#
# # Version of Elastic products
STACK_VERSION=8.1.3
#
# # Set the cluster name
CLUSTER_NAME=docker-cluster
#
# # Set to 'basic' or 'trial' to automatically start the 30-day trial
LICENSE=basic
# #LICENSE=trial
#
# # Port to expose Elasticsearch HTTP API to the host
ES_PORT=9200
#ES_PORT=127.0.0.1:9200
#
# # Port to expose Kibana to the host
KIBANA_PORT=5601
#KIBANA_PORT=80
#
# # Increase or decrease based on the available host memory (in bytes)
MEM_LIMIT=1073741824
#
# # Project namespace (defaults to the current folder name if not set)
# #COMPOSE_PROJECT_NAME=myproject

• docker-compose.yml复制官网【形成3个es节点+kibana】

• 参考：https://www.elastic.co/guide/en/elasticsearch/reference/8.1/docker.html

• 运行

# 启动
docker-compose up -d
# 停止
docker-compose down

• 验证：浏览器访问centos_ip:5601

  # 例如【输入用户名密码登录】
  http://192.168.31.133:5601