修改主机名

1
2
3
hostnamectl set-hostname es_1
hostnamectl set-hostname es_2
hostnamectl set-hostname es_3

创建目录

1
2
[ ! -d /data/server ] && mkdir -p /data/elasticsearch
cd /data/elasticsearch

下载软件安装包

1
2
3
4
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.16.2-linux-x86_64.tar.gz
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.16.2-linux-x86_64.tar.gz
tar xf elasticsearch-7.16.2-linux-x86_64.tar.gz
tar xf kibana-7.16.2-linux-x86_64.tar.gz

创建用户

1
2
sudo useradd elasticsearch -m -s /usr/sbin/nologin
chown -R elasticsearch:elasticsearch /data/elasticsearch

修改配置

vi config/elasticsearch.yml

修改配置文件为

1
2
3
4
5
6
7
8
9
10
cluster.name: es_cluster
node.name: node-1/node-3/node-3                   # 每个节点定义个名字
network.host: 192.168.21.71                       # 每个节点监听的ip
http.port: 9200
discovery.seed_hosts: ["192.168.21.71", "192.168.21.72", "192.168.21.73"]     # 填些所有节点的ip地址
cluster.initial_master_nodes: ["node-1", "node-2", "node-3"]                  # 每个节点的 node.mane 配置
xpack.security.enabled: true
transport.tcp.port: 9300
http.cors.enabled: true
http.cors.allow-origin: "*"

生成启动脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
cat > /usr/lib/systemd/system/elasticsearch.service <<EOF
[Unit]
Description=elasticsearch
After=network.target

[Service]
Type=simple
User=elasticsearch
Group=elasticsearch
LimitNOFILE=100000
LimitNPROC=100000
Restart=no
ExecStart=/data/elasticsearch/elasticsearch-7.16.2/bin/elasticsearch
PrivateTmp=true

[Install]
WantedBy=multi-user.target
EOF

开启认证

生成证书

在一个master上执行即可, 所有选项全部保持默认

1
2
3
cd /data/elasticsearch/elasticsearch-7.16.2
./bin/elasticsearch-certutil ca
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

复制证书

把生成的文件放到conf下

1
2
chown elasticsearch:elasticsearch elastic-certificates.p12  elastic-stack-ca.p12
mv elastic-certificates.p12  elastic-stack-ca.p12 config/

然后把这两个文件复制到其他的节点config目录下.

修改配置文件

1
2
3
4
5
6
http.cors.allow-headers: Authorization
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

然后挨个节点重启ElasticSearch

设置密码

1
./bin/elasticsearch-setup-passwords auto
1
./bin/elasticsearch-setup-passwords interactive