{"id":189,"date":"2018-01-11T14:34:11","date_gmt":"2018-01-11T06:34:11","guid":{"rendered":"https:\/\/blog.espnlol.com\/?p=189"},"modified":"2018-01-11T14:42:57","modified_gmt":"2018-01-11T06:42:57","slug":"elaticsearch-6-1-%e9%9b%86%e7%be%a4%e5%ae%89%e8%a3%85%e5%9f%ba%e4%ba%8ex-pack%e5%ae%89%e5%85%a8%e8%ae%a4%e8%af%81","status":"publish","type":"post","link":"https:\/\/blog.espnlol.com\/?p=189","title":{"rendered":"elaticsearch 6.1 \u96c6\u7fa4\u5b89\u88c5(\u57fa\u4e8ex-pack\u5b89\u5168\u8ba4\u8bc1)"},"content":{"rendered":"

\u7b80\u4ecb:Elasticsearch\u662f\u4e2a\u5f00\u6e90\u5206\u5e03\u5f0f\u641c\u7d22\u5f15\u64ce\uff0c\u5b83\u7684\u7279\u70b9\u6709\uff1a\u5206\u5e03\u5f0f\uff0c\u96f6\u914d\u7f6e\uff0c\u81ea\u52a8\u53d1\u73b0\uff0c\u7d22\u5f15\u81ea\u52a8\u5206\u7247\uff0c\u7d22\u5f15\u526f\u672c\u673a\u5236\uff0crestful\u98ce\u683c\u63a5\u53e3\uff0c\u591a\u6570\u636e\u6e90\uff0c\u81ea\u52a8\u641c\u7d22\u8d1f\u8f7d\u7b49<\/p>\n

#\u73af\u5883\u4ecb\u7ecd<\/p>\n

CentOS Linux release 7.2.1511 (Core)\u00a0 X64<\/p>\n

elasticsearch-6.1.1<\/p>\n

java version “1.8.0_112”<\/p>\n

node1\u00a0 \u00a0 \u00a0172.16.1.6<\/p>\n

node2\u00a0 \u00a0\u00a0172.16.1.3<\/p>\n

node3\u00a0 \u00a0 \u00a0172.16.1.14<\/p>\n

#\u8f6f\u4ef6\u4e0b\u8f7d<\/p>\n

wget\u00a0https:\/\/artifacts.elastic.co\/downloads\/elasticsearch\/elasticsearch-6.1.1.tar.gz<\/p>\n

#\u8f6f\u4ef6\u5b89\u88c5<\/p>\n

tar -xf\u00a0elasticsearch-6.1.1.tar.gz<\/p>\n

#\u8fd9\u662f\u4e00\u4e2abin\u5305,\u89e3\u538b\u5373\u53ef\u7528,\u9700\u8981\u5b89\u88c5jdk8\u4ee5\u4e0a\u7684\u7248\u672c,\u5fc5\u987b\u662foracle jdk 8\u4ee5\u4e0a\u7684\u7248\u672c\u624d\u884c<\/p>\n

#\u521b\u5efa\u8f6f\u8fde\u63a5<\/p>\n

ln -s\u00a0elasticsearch-6.1.1\u00a0elasticsearch\r\nls\u00a0elasticsearch\r\nbin\u00a0 config\u00a0 data\u00a0 lib\u00a0 LICENSE.txt\u00a0 logs\u00a0 modules\u00a0 NOTICE.txt\u00a0 plugins\u00a0 README.textile\r\n#\u76ee\u5f55\u4ecb\u7ecd\r\nbin      #\u653e\u7684\u90fd\u662f\u53ef\u6267\u884c\u6587\u4ef6,\u5b89\u88c5\u63d2\u4ef6\u4ee5\u53ca\u542f\u52a8\u670d\u52a1\u7684\u4e8c\u8fdb\u5236\u6587\u4ef6\r\nconfig      #\u653e\u7684\u662f\u914d\u7f6e\u6587\u4ef6\r\ndata       #\u9ed8\u8ba4\u5b58\u653e\u6570\u636e\u7684\u76ee\u5f55,\u53ef\u4ee5\u901a\u8fc7\u914d\u7f6e\u6587\u4ef6\u4fee\u6539\r\nlib        #\u5b58\u653elib\u5305\u6587\u4ef6\u7684\u5730\u65b9\r\nlogs       #\u9ed8\u8ba4\u5b58\u653e\u65e5\u5fd7\u7684\u76ee\u5f55,\u53ef\u4ee5\u901a\u8fc7\u914d\u7f6e\u6587\u4ef6\u4fee\u6539\r\nmodules       #\u5b58\u653emodules\u6587\u4ef6\u7684\u5730\u65b9\r\nplugins        #\u63d2\u4ef6\u5b58\u653e\u76ee\u5f55<\/pre>\n
#\u5b89\u88c5x-pack\u63d2\u4ef6<\/p>\n
elasticsearch\/bin\/elasticsearch-plugin install x-pack<\/p>\n
#\u7834\u89e3x-pack<\/p>\n
\u8bf7\u53c2\u8003:https:\/\/blog.espnlol.com\/?p=192<\/p>\n
#\u4fee\u6539\u914d\u7f6e\u6587\u4ef6<\/p>\n
#\u4fee\u6539elastic\u7684\u5185\u5b58\u5927\u5c0f,\u6700\u5927\u5efa\u8bae\u8bbe\u7f6e\u4e0d\u8d85\u8fc732G,java\u865a\u62df\u673a\u51b3\u5b9a\u7684<\/p>\n
vim \/config\/jvm.options\r\n\r\n# Xms represents the initial size of total heap space\r\n# Xmx represents the maximum size of total heap space\r\n\r\n-Xms6g\r\n-Xmx6g<\/pre>\n
#\u4fee\u6539\u4e3b\u914d\u7f6e\u6587\u4ef6,\u589e\u52a0\u96c6\u7fa4\u4fe1\u606f<\/p>\n
vim config\/elasticsearch.yml\r\ncluster.name: clustername\r\nnode.master: true\r\nnode.data: true\r\nnode.name: \"node1\"\r\nnetwork.host: 172.16.1.6\r\ndiscovery.zen.ping.unicast.hosts: [\"172.16.1.6:9300\",\"172.16.1.3:9300\",\"172.16.1.14:9300\"]\r\nxpack.ssl.key: \/data\/elk\/elasticsearch\/config\/x-pack\/node.key\r\nxpack.ssl.certificate: \/data\/elk\/elasticsearch\/config\/x-pack\/node.crt\r\nxpack.ssl.certificate_authorities: [ \"\/data\/elk\/elasticsearch\/config\/x-pack\/ca.crt\" ]\r\nxpack.security.transport.ssl.verification_mode: certificate\r\nxpack.security.transport.ssl.enabled: true\r\nxpack.security.enabled: true<\/pre>\n
cluster.name: clustername\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0#\u96c6\u7fa4\u540d\u79f0
\nnode.master: true\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0#\u662f\u5426\u53ef\u4ee5\u6210\u4e3amaster
\nnode.data: true\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 #\u662f\u5426\u53ef\u4ee5\u6210\u4e3adatanode
\nnode.name: “node1”\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0#\u8282\u70b9\u540d\u79f0
\nnetwork.host: 172.16.1.6\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 #\u670d\u52a1\u5668\u542f\u7528\u65f6\u4f7f\u7528\u5f53\u524dip
\ndiscovery.zen.ping.unicast.hosts: [“172.16.1.6:9300″,”172.16.1.3:9300″,”172.16.1.14:9300”]\u00a0 \u00a0 \u00a0 \u00a0#\u5355\u64ad\u914d\u7f6e\u4e0b\uff0c\u8282\u70b9\u5411\u6307\u5b9a\u7684\u4e3b\u673a\u53d1\u9001\u5355\u64ad\u8bf7\u6c42
\nxpack.ssl.key: \/data\/elk\/elasticsearch\/config\/x-pack\/node.key\u00a0 \u00a0 \u00a0 \u00a0#key\u8bc1\u4e66
\nxpack.ssl.certificate: \/data\/elk\/elasticsearch\/config\/x-pack\/node.crt\u00a0 \u00a0 \u00a0#crt\u8bc1\u4e66
\nxpack.ssl.certificate_authorities: [ “\/data\/elk\/elasticsearch\/config\/x-pack\/ca.crt” ]\u00a0 \u00a0#ca\u8bc1\u4e66\u8ba4\u8bc1
\nxpack.security.transport.ssl.verification_mode: certificate\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0#\u8282\u70b9\u95f4\u8ba4\u8bc1\u7c7b\u578b
\nxpack.security.transport.ssl.enabled: true\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 #\u5f00\u542f\u8282\u70b9\u95f4\u901a\u4fe1\u7684x-packopenssl\u8bc1\u4e66\u8ba4\u8bc1
\nxpack.security.enabled: true\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 #\u5f00\u542fx-pack\u5b89\u5168\u8ba4\u8bc1<\/p>\n
#\u901a\u8fc7x-pack\u81ea\u5e26\u7684certgen\u751f\u6210\u8bc1\u4e66<\/p>\n
elasticsearch\/bin\/x-pack\/certgen\r\n\r\nThis tool assists you in the generation of X.509 certificates and certificate\r\nsigning requests for use with SSL in the Elastic stack. Depending on the command\r\nline option specified, you may be prompted for the following:\r\n\r\n* The path to the output file\r\n    * The output file is a zip file containing the signed certificates and\r\n      private keys for each instance. If a Certificate Authority was generated,\r\n      the certificate and private key will also be included in the output file.\r\n* Information about each instance\r\n    * An instance is any piece of the Elastic Stack that requires a SSL certificate.\r\n      Depending on your configuration, Elasticsearch, Logstash, Kibana, and Beats\r\n      may all require a certificate and private key.\r\n    * The minimum required value for each instance is a name. This can simply be the\r\n      hostname, which will be used as the Common Name of the certificate. A full\r\n      distinguished name may also be used.\r\n    * A filename value may be required for each instance. This is necessary when the\r\n      name would result in an invalid file or directory name. The name provided here\r\n      is used as the directory name (within the zip) and the prefix for the key and\r\n      certificate files. The filename is required if you are prompted and the name\r\n      is not displayed in the prompt.\r\n    * IP addresses and DNS names are optional. Multiple values can be specified as a\r\n      comma separated string. If no IP addresses or DNS names are provided, you may\r\n      disable hostname verification in your SSL configuration.\r\n* Certificate Authority private key password\r\n    * The password may be left empty if desired.\r\n\r\nLet's get started...\r\n\r\nPlease enter the desired output file [certificate-bundle.zip]: node\r\nEnter instance name:node\r\nEnter name for directories and files [node]: \r\nEnter IP Addresses for instance (comma-separated if more than one) []: \r\nEnter DNS names for instance (comma-separated if more than one) []: \r\nWould you like to specify another instance? Press 'y' to continue entering instance information: \r\nCertificates written to \/data\/elk\/elasticsearch-6.1.1\/certificate-bundle.zip\r\n\r\nThis file should be properly secured as it contains the private keys for all\r\ninstances and the certificate authority.\r\n\r\nAfter unzipping the file, there will be a directory for each instance containing\r\nthe certificate and private key. Copy the certificate, key, and CA certificate\r\nto the configuration directory of the Elastic product that they will be used for\r\nand follow the SSL configuration instructions in the product guide.\r\n\r\nFor client applications, you may only need to copy the CA certificate and\r\nconfigure the client to trust this certificate.<\/pre>\n
\u6267\u884c\u65f6\u4f1a\u51fa\u73b0\u4ea4\u4e92\u4fe1\u606f,\u53ea\u9700\u8981\u586b\u5199\u4ee5\u4e0b\u4e24\u9879\u5373\u53ef<\/p>\n
Enter instance name: node\u00a0 \u00a0 \u00a0 \u00a0 \u00a0#\u751f\u6210\u7684\u5b9e\u4f8b\u540d\u79f0<\/p>\n
\u6267\u884c\u5b8c\u6bd5\u4f1a\u5728\u5f53\u524d\u76ee\u5f55\u751f\u6210\u4e00\u4e2acertificate-bundle.zip,\u89e3\u538b\u4e4b\u540e\u5c06\u5bf9\u5e94\u7684\u79d8\u94a5,\u6309\u7167\u914d\u7f6e\u6587\u4ef6\u7684\u4f4d\u7f6e\u653e\u597d\u5373\u53ef<\/p>\n
#\u542f\u52a8\u5b9e\u4f8b<\/p>\n
elasticsearch\/bin\/elasticsearch -d<\/p>\n
#\u66f4\u6539x-pack\u7684lincese,\u5c06\u6211\u4eec\u6539\u597d\u7684lincese\u8f7d\u5165elasticsearch<\/p>\n
curl<\/span> –<\/span>XPUT<\/span> –<\/span>u<\/span> elastic<\/span>:<\/span>password<\/span> ‘http:\/\/$IP:9200\/_xpack\/license’<\/span> –<\/span>H<\/span> “Content-Type: application\/json”<\/span> –<\/span>d<\/span> @<\/span>license<\/span>.<\/span>json<\/span><\/p>\n
#\u67e5\u770b\u4fee\u6539\u662f\u5426\u6210\u529f<\/p>\n
curl -XGET http:\/\/172.16.1.6:9200\/_license -u elastic:password<\/p>\n
{
\n“license” : {
\n“status” : “active”,
\n“uid” : “xxxxxxxx”,
\n“type” : “platinum”,
\n“issue_date” : “2017-12-29T00:00:00.000Z”,
\n“issue_date_in_millis” : 1514505600000,
\n“expiry_date” : “2099-12-30T16:00:00.000Z”,
\n“expiry_date_in_millis” : 4102329600000,
\n“max_nodes” : 999,
\n“issued_to” : “xxxxxxxxx”,
\n“issuer” : “Web Form”,
\n“start_date_in_millis” : 1514505600000
\n}
\n}<\/p>\n
\u53ef\u4ee5\u770b\u5230\u4ee5\u4e0a\u4fe1\u606f\u4e3a\u767d\u91d1\u7248,\u8fc7\u671f\u65f6\u95f4\u4e3a2099\u5e7412\u670830\u65e5,nodes\u6700\u5927\u53ef\u8fbe999\u53f0,\u6210\u529f\u5bfc\u5165<\/p>\n
#\u901a\u8fc7x-pack\u81ea\u5e26\u7684\u5de5\u5177setup-passwords ,\u8bbe\u5b9a\u76f8\u5173\u521d\u59cb\u5bc6\u7801,\u56e0\u4e3a\u81ea\u52a8\u751f\u6210\u7684\u5bc6\u7801\u591f\u597d\u591f\u5b89\u5168\u4e86,\u8fd9\u91cc\u6211\u9009\u62e9\u4f7f\u7528\u81ea\u52a8\u751f\u6210<\/p>\n
elasticsearch\/bin\/x-pack\/setup-passwords auto<\/p>\n
Changed password for user kibana
\nPASSWORD kibana = xxxxxxxxxxxxxxxx<\/p>\n
Changed password for user logstash_system
\nPASSWORD logstash_system = xxxxxxxxxxxxxx<\/p>\n
Changed password for user elastic
\nPASSWORD elastic = xxxxxxxxxxxxxxxx<\/p>\n
\u8fd9\u91cc\u751f\u6210\u7684\u7528\u6237\u5bc6\u7801,\u5c31\u662fELK3\u8d31\u5ba2\u4e92\u76f8\u901a\u4fe1\u6240\u4f7f\u7528\u7684\u6743\u9650,\u8981\u8bb0\u597d<\/p>\n
#\u5c06\u6574\u4e2aelstic\u76ee\u5f55\u62f7\u8d1d\u5230\u53e6\u5916\u4e24\u53f0\u8bbe\u5907\u4e0a,node2,node3\u4e0a,\u5207\u8bb0,\u8981\u5220\u9664data\u4e0b\u7684\u6240\u6709\u4e1c\u897f<\/p>\n
#\u4fee\u6539\u4e3b\u914d\u7f6e\u6587\u4ef6<\/p>\n
vim config\/elasticsearch.yml\r\n......\r\nnode.name: \"node2\"\r\nnetwork.host: 172.16.1.3\r\nnode.name: \"node3\"\r\nnetwork.host: 172.16.1.14\r\n......<\/pre>\n
\u4ec5\u9700\u8981\u4fee\u6539\u4e0a\u8ff0\u4e24\u9879\u5373\u53ef,\u4e0d\u540c\u7684ip,\u5bf9\u5e94\u4e0d\u540c\u7684node<\/p>\n
\u5206\u522b\u542f\u52a8\u4e24\u53f0elasticsearch,\u96c6\u7fa4\u5230\u6b64\u642d\u5efa\u5b8c\u6bd5,\u53ef\u4ee5\u6109\u5feb\u7684\u73a9\u800d\u4e86<\/p>\n","protected":false},"excerpt":{"rendered":"
\u7b80\u4ecb:Elasticsearch\u662f\u4e2a\u5f00\u6e90\u5206\u5e03\u5f0f\u641c\u7d22\u5f15\u64ce\uff0c\u5b83\u7684\u7279\u70b9\u6709\uff1a\u5206\u5e03\u5f0f\uff0c\u96f6\u914d … \u7ee7\u7eed\u9605\u8bfb →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-189","post","type-post","status-publish","format-standard","hentry","category-elk"],"_links":{"self":[{"href":"https:\/\/blog.espnlol.com\/index.php?rest_route=\/wp\/v2\/posts\/189","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.espnlol.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.espnlol.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.espnlol.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.espnlol.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=189"}],"version-history":[{"count":3,"href":"https:\/\/blog.espnlol.com\/index.php?rest_route=\/wp\/v2\/posts\/189\/revisions"}],"predecessor-version":[{"id":206,"href":"https:\/\/blog.espnlol.com\/index.php?rest_route=\/wp\/v2\/posts\/189\/revisions\/206"}],"wp:attachment":[{"href":"https:\/\/blog.espnlol.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=189"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.espnlol.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=189"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.espnlol.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=189"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}