律师建网站,上海旧房翻新装修哪家好,网站的静态页面用什么做,徐州商城建站系统Elasticsearch 集群部署 1.集群部署1.1 新增用户1.2 优化操作系统1.3 JDK1.4 elasticsearch1.5 开机自启动 2.安全认证功能2.1 生成CA证书2.2 生成密钥2.3 上传至其他节点2.4 修改属主、属组2.5 配置文件添加参数2.6 各节点添加密钥库密码2.7 设置用户密码 1.集群部署
1.1 新增… Elasticsearch 集群部署 1.集群部署1.1 新增用户1.2 优化操作系统1.3 JDK1.4 elasticsearch1.5 开机自启动 2.安全认证功能2.1 生成CA证书2.2 生成密钥2.3 上传至其他节点2.4 修改属主、属组2.5 配置文件添加参数2.6 各节点添加密钥库密码2.7 设置用户密码 1.集群部署
1.1 新增用户
useradd es -m -s /bin/bash1.2 优化操作系统
cat /etc/security/limits.conf
* soft nofile 65536
* hard nofile 65536cat /etc/sysctl.conf
vm.max_map_count262144sysctl -p1.3 JDK
tar xf jdk-8u441-linux-x64.tar.gz -C /usr/local/
ln -s /usr/local/jdk1.8.0_441 /usr/local/jdk1.8.0
su - es
echo -e export JAVA_HOME/usr/local/jdk1.8.0\nexport CLASSPATH.:$JAVA_HOME/lib:$JAVA_HOME/jre/lib\nexport PATH$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$PATH ~/.bashrc1.4 elasticsearch
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.6.1-linux-x86_64.tar.gz
tar xvf elasticsearch-7.6.1-linux-x86_64.tar.gz -C /usr/local/
ln -s /usr/local/elasticsearch-7.6.1 /usr/local/elasticsearch
chown -R es.es /usr/local/elasticsearch
chown -R es.es /usr/local/elasticsearch-7.6.1/
cat /usr/local/elasticsearch/config/elasticsearch.yml EOF
cluster.name: es-cluster
node.name: es-node1
node.master: true
node.data: true
path.data: /home/elasticsearch/data
path.logs: /home/elasticsearch/logs
network.host: 0.0.0.0
http.port: 9200
transport.tcp.port: 9300
discovery.seed_hosts: [172.16.2.8, 172.16.2.9,172.16.2.10]
cluster.initial_master_nodes: [172.16.2.8, 172.16.2.9,172.16.2.10]
http.cors.enabled: true
http.cors.allow-origin: *
http.cors.allow-headers: Authorization,X-Requested-With,Content-Type,Content-Length
EOF
mkdir -p /home/elasticsearch/{data,logs}
chown -R es:es /home/elasticsearch 1.5 开机自启动
cat /usr/lib/systemd/system/elasticsearch.service EOF
[Unit]
DescriptionElasticsearch
Documentationhttps://www.elastic.co
Wantsnetwork-online.target
Afternetwork-online.target[Service]
Useres
Groupes
ExecStart/usr/local/elasticsearch/bin/elasticsearch[Install]
WantedBymulti-user.target
EOF
systemctl daemon-reload
systemctl enable elasticsearch.service
systemctl start elasticsearch.service2.安全认证功能
2.1 生成CA证书
su - es
./bin/elasticsearch-certutil ca --pass elastic --out ./2.2 生成密钥
mkdir ./config/certificates
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 --pass elastic --out ./config/certificates/2.3 上传至其他节点
scp -i id_rsa config/certificaties/elastic-certificates.p12 root172.16.2.9:/usr/local/elasticsearch/config/certificaties
scp -i id_rsa config/certificaties/elastic-certificates.p12 root172.16.2.10:/usr/local/elasticsearch/config/certificaties2.4 修改属主、属组
chown -R es:es certificaties/2.5 配置文件添加参数
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/local/elasticsearch/config/certificates/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/local/elasticsearch/config/certificates/elastic-certificates.p122.6 各节点添加密钥库密码
./bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
./bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
#输入生成密钥时的密码例elastic如果生成密钥没有设置密码则不需执行。
systemctl restart elasticsearch2.7 设置用户密码
./bin/elasticsearch-setup-passwords interactivesystemctl restart elasticsearch
