下载链接
https://www.elastic.co/downloads/past-releases/elasticsearch-8-17-0
https://www.elastic.co/downloads/past-releases/logstash-8-17-0
https://www.elastic.co/cn/downloads/past-releases/kibana-8-17-0
https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.17.0-linux-x86_64.tar.gz
https://artifacts.elastic.co/downloads/logstash/logstash-8.17.0-linux-x86_64.tar.gz
https://artifacts.elastic.co/downloads/kibana/kibana-8.17.0-linux-x86_64.tar.gz
1、上传下载的安装包到指定机器上,然后做准备工作
1)编辑 /etc/security/limits.conf 文件,添加以下行:
星号(*)代表对所有用户应用该限制
* soft nofile 65535
* hard nofile 65535
2)编辑/etc/pam.d/login
加在最后
session required pam_limits.so
3)vi /etc/sysctl.conf
添加或修改以下行:
vm.max_map_count=262144
运行以下命令以使配置立即生效:
sudo sysctl -p
然后重启电脑
2、解压和改名
进入到软件的目录
/usr/local/software
执行如下2条命令
tar -xzf elasticsearch-8.17.0-linux-x86_64.tar.gz
mv elasticsearch-8.17.0 elasticsearch
3、运行
cd /usr/local/software/elasticsearch/bin
[root@localhost bin]# ./elasticsearch
遇到错误,不能以 root 用户身份运行 Elasticsearch
fatal exception while booting Elasticsearch java.lang.RuntimeException: can not run elasticsearch as root
这个错误的含义是 不能以 root 用户身份运行 Elasticsearch。为了安全性和权限问题
4、创建data目录
在/usr/local/software/elasticsearch目录下
mkdir data
5、新建用户和授权
useradd elasticsearch
chown -R elasticsearch:elasticsearch /usr/local/software/elasticsearch
chown -R elasticsearch:elasticsearch /usr/local/software/elasticsearch/data
chown -R elasticsearch:elasticsearch /usr/local/software/elasticsearch/logs/
chmod -R 755 /usr/local/software/elasticsearch/logs/
6、删除elasticsearch.keystore
[root@localhost config]# rm elasticsearch.keystore
rm: remove regular file ‘elasticsearch.keystore’? y
7、修改elasticsearch.yml
cd /usr/local/software/elasticsearch/config
vi /usr/local/software/elasticsearch/config/elasticsearch.yml
备份下
cp elasticsearch.yml elasticsearch_bak.yml
修改
vi elasticsearch.yml
discovery.seed_hosts: ["127.0.0.1:9300"]
cluster.initial_master_nodes: ["localhost"]
xpack.security.enabled: false
xpack.security.enrollment.enabled: true
http.host: 0.0.0.0
transport.host: 0.0.0.0
修改elasticsearch的堆内存
cd /usr/local/software/elasticsearch/config/jvm.options.d/
没有文件就创建一个
touch heap-size.options
-Xms2g
-Xmx2g
下面 Memory: 2.6G就是证明改变更了
[root@localhost ~]# systemctl status elasticsearch
● elasticsearch.service - Elasticsearch
Loaded: loaded (/etc/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2024-12-31 16:00:36 CST; 1min 46s ago
Docs: http://www.elastic.co
Main PID: 992 (java)
Tasks: 87
Memory: 2.6G
8 切换到 elasticsearch 用户
sudo su - elasticsearch
9 以 elasticsearch 用户身份启动 Elasticsearch
在 elasticsearch 用户下,进入到 Elasticsearch 安装目录并启动服务:
cd /usr/local/software/elasticsearch/bin
./elasticsearch -d
-d代表后台启动
10 访问http://192.168.150.50:9200/, 如果不能访问再往下看或者文腾讯的AI,https://cat.aichatos8.com.cn/#/home
{
"name" : "localhost.localdomain",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "udrBoGSRRwal_hpQ7ocUlQ",
"version" : {
"number" : "8.17.0",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "2b6a7fed44faa321997703718f07ee0420804b41",
"build_date" : "2024-12-11T12:08:05.663969764Z",
"build_snapshot" : false,
"lucene_version" : "9.12.0",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"
}
11 创建服务 vi /etc/systemd/system/elasticsearch.service
文件内容如下:
[Unit]
Description=Elasticsearch
Documentation=http://www.elastic.co
After=network.target
[Service]
Type=simple
ExecStart=/usr/local/software/elasticsearch/bin/elasticsearch
User=elasticsearch
Group=elasticsearch
Restart=always
LimitMEMLOCK=infinity
LimitNOFILE=65536
LimitNPROC=4096
[Install]
WantedBy=multi-user.target
替换 /path/to/elasticsearch-8.17.0 为实际路径。
12 开机启动
systemctl daemon-reload
systemctl enable elasticsearch
systemctl start elasticsearch
systemctl status elasticsearch
elasticsearch.yml
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
# Before you set out to tweak and tune the configuration, make sure you
# understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
#cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
#path.data: /path/to/data
#
# Path to log files:
#
#path.logs: /path/to/logs
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
#network.host: 192.168.0.1
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
#http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
#cluster.initial_master_nodes: ["node-1", "node-2"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
discovery.seed_hosts: ["127.0.0.1:9300"]
cluster.initial_master_nodes: ["localhost"]
# ---------------------------------- Various -----------------------------------
#
# Allow wildcard deletion of indices:
#
#action.destructive_requires_name: false
#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically
# generated to configure Elasticsearch security features on 30-12-2024 12:29:02
#
# --------------------------------------------------------------------------------
# Enable security features
xpack.security.enabled: false
xpack.security.enrollment.enabled: true
# Allow HTTP API connections from anywhere
# Connections are encrypted and require user authentication
http.host: 0.0.0.0
# Allow other nodes to join the cluster from anywhere
# Connections are encrypted and mutually authenticated
transport.host: 0.0.0.0
#----------------------- END SECURITY AUTO CONFIGURATION -------------------------
==============================安装遇到的具体问题分析==================
运行后
Elasticsearch security features have been automatically configured!
✅ Authentication is enabled and cluster connections are encrypted.
ℹ️ Password for the elastic user (reset with `bin/elasticsearch-reset-password -u elastic`):
7b9UkBY*NeEH3_ea85JG
ℹ️ HTTP CA certificate SHA-256 fingerprint:
d7a127636d720f927127c4f974f806f512eae01dd8b85af21be192dd5bbb3c3c
ℹ️ Configure Kibana to use this cluster:
• Run Kibana and click the configuration link in the terminal when Kibana starts.
• Copy the following enrollment token and paste it into Kibana in your browser (valid for the next 30 minutes):
eyJ2ZXIiOiI4LjE0LjAiLCJhZHIiOlsiMTkyLjE2OC4xNTAuNTA6OTIwMCJdLCJmZ3IiOiJkN2ExMjc2MzZkNzIwZjkyNzEyN2M0Zjk3NGY4MDZmNTEyZWFlMDFkZDhiODVhZjIxYmUxOTJkZDViYmIzYzNjIiwia2V5IjoiYVR5VkY1UUJWLTBzb19zV0UzT246UkhSangyMFRReWl1ZzZPeUtWSVJIQSJ9
ℹ️ Configure other nodes to join this cluster:
• On this node:
⁃ Create an enrollment token with `bin/elasticsearch-create-enrollment-token -s node`.
⁃ Uncomment the transport.host setting at the end of config/elasticsearch.yml.
⁃ Restart Elasticsearch.
• On other nodes:
⁃ Start Elasticsearch with `bin/elasticsearch --enrollment-token <token>`, using the enrollment token that you generated.
重要信息:
elastic user 的密码是 7b9UkBY*NeEH3_ea85JG
重置密码的命令 bin/elasticsearch-reset-password -u elastic
使用:bin/elasticsearch-create-enrollment-token -s node创建一个token, 但这个还用不上
"取消对config/exelasticsearch.yml末尾transport.host设置的注释。重新启动Elasticsearch。
8、修改elasticsearch.yml
cd /usr/local/software/elasticsearch/config
备份下
cp elasticsearch.yml elasticsearch_bak.yml
修改
vi elasticsearch.yml
把它的注释去掉,然后保存重启。
transport.host: 0.0.0.0
[2024-12-30T21:00:35,801][ERROR][o.e.b.Elasticsearch ] [localhost.localdomain] node validation exception
[2] bootstrap checks failed. You must address the points described in the following [2] lines before starting Elasticsearch. For more information see [https://www.elastic.co/guide/en/elasticsearch/reference/8.17/bootstrap-checks.html]
bootstrap check failure [1] of [2]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]; for more information see [https://www.elastic.co/guide/en/elasticsearch/reference/8.17/bootstrap-checks-file-descriptor.html]
bootstrap check failure [2] of [2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]; for more information see [https://www.elastic.co/guide/en/elasticsearch/reference/8.17/bootstrap-checks-max-map-count.html]
ERROR:
这个错误信息说明 Elasticsearch 在启动时执行了 bootstrap checks(启动检查),并且未通过两个关键的检查。具体来说,出现了以下两个问题:
错误信息解析:
max file descriptors 设置过低
错误信息:[bootstrap check failure [1] of [2]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]]
解释:Elasticsearch 需要较高的文件描述符限制,因为它会同时打开很多文件(例如索引文件、日志文件等)。默认情况下,操作系统可能只允许最多 4096 个文件描述符,而 Elasticsearch 要求至少 65535 个。
vm.max_map_count 设置过低
错误信息:[bootstrap check failure [2] of [2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]]
解释:vm.max_map_count 是操作系统设置的最大虚拟内存区域数(用于内存映射文件)。Elasticsearch 需要更高的这个值,特别是在处理大数据量时。默认值可能较低(如 65530),而 Elasticsearch 要求至少 262144。
如何解决这些问题:
1. 增加 max file descriptors 限制
你需要增加操作系统中可打开文件的最大数量。方法如下:
查看当前设置:
bash
ulimit -n
如果显示的数字小于 65535,你需要增加它。
临时修改(只对当前会话有效):
bash
ulimit -n 65535
永久修改(适用于 Linux):
编辑 /etc/security/limits.conf 文件,添加以下行:
星号(*)代表对所有用户应用该限制
* soft nofile 65535
* hard nofile 65535
如果你知道运行 Elasticsearch 的用户(例如 elasticsearch 用户),你可以替换星号为该用户名:
elasticsearch soft nofile 65535
elasticsearch hard nofile 65535
还需要修改 /etc/pam.d/common-session 或 /etc/pam.d/login 文件(具体路径取决于发行版),并添加以下行:
centos7 用这个/etc/pam.d/login
加在最后
session required pam_limits.so
最后,重新启动机器或注销当前会话后生效。
2. 增加 vm.max_map_count 限制
vm.max_map_count 控制了每个进程可以映射的最大虚拟内存区域数量。需要将其增加到至少 262144:
临时修改:
bash
sudo sysctl -w vm.max_map_count=262144
永久修改:
编辑 /etc/sysctl.conf 文件:
bash
sudo vi /etc/sysctl.conf
添加或修改以下行:
bash
vm.max_map_count=262144
运行以下命令以使配置立即生效:
bash
sudo sysctl -p
3. 重启 Elasticsearch
完成上述设置后,重启 Elasticsearch:
bash
sudo systemctl restart elasticsearch
或者如果你是手动启动 Elasticsearch,则执行:
bash
./bin/elasticsearch
总结:
max file descriptors 的问题:增加文件描述符的限制到 65535。
vm.max_map_count 的问题:增加虚拟内存映射区域的限制到 262144。
完成配置后重启 Elasticsearch,应该能够顺利启动。
如果还有其他问题,或者配置后仍然无法启动,可以查看 Elasticsearch 的日志(/usr/local/software/elasticsearch/logs/elasticsearch.log)来获取更多详细的错误信息。
启动说没权限,继续修改目录权限
如果 Elasticsearch 进程没有足够的权限来写入该目录,你可以更改该目录的权限,使得 Elasticsearch 有权访问它。假设 Elasticsearch 是以 elasticsearch 用户运行的,你可以执行以下命令来修复权限。
给目录赋予适当的权限:
bash
sudo chown -R elasticsearch:elasticsearch /usr/local/software/elasticsearch/logs/
这条命令将目录的所有权授予 elasticsearch 用户和组。
确保目录具有正确的读写权限:
bash
sudo chmod -R 755 /usr/local/software/elasticsearch/logs/
这样,目录将具有所有者的读、写和执行权限,其他用户只有读和执行权限。
3. 检查日志文件权限
同样需要确保日志文件本身(elasticsearch.log)的权限设置正确。执行以下命令来检查日志文件的权限:
查看日志文件的权限:
ls -l /usr/local/software/elasticsearch/logs/elasticsearch.log
删除elasticsearch.keystore
[root@localhost config]# rm elasticsearch.keystore
rm: remove regular file ‘elasticsearch.keystore’? y
从你提供的日志信息来看,Elasticsearch 在启动时遇到了 bootstrap 检查失败,并且因为 缺少配置 导致启动失败。错误消息中指出了如下问题:
错误描述
bootstrap check failure [1] of [1]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured;
这意味着 Elasticsearch 发现你没有配置必要的发现设置,这是在生产环境中启动集群时的强制要求。具体来说,Elasticsearch 需要知道如何找到集群的节点和确定主节点。
解决办法
编辑 Elasticsearch 配置文件
Elasticsearch 的配置文件 elasticsearch.yml 存在于你的 Elasticsearch 安装目录下的 config 目录中,例如:/usr/local/software/elasticsearch/config/elasticsearch.yml。
添加 Discovery 配置
在该文件中,你需要添加以下配置来启用节点发现机制。对于单节点部署,可以配置 discovery.seed_hosts 或 cluster.initial_master_nodes。
如果你的环境是 单节点(即只有一个 Elasticsearch 实例),你可以添加以下配置:
yaml
# discovery.seed_hosts 用于指定初始节点列表,Elasticsearch 用它来查找其他节点
discovery.seed_hosts: ["127.0.0.1:9300"]
# 或者你可以使用 cluster.initial_master_nodes 指定初始的主节点列表
cluster.initial_master_nodes: ["localhost"]
如果你部署的是 多节点集群,你需要配置集群中的所有节点的 IP 地址。例如:
yaml
discovery.seed_hosts: ["node1_ip:9300", "node2_ip:9300", "node3_ip:9300"]
cluster.initial_master_nodes: ["node1", "node2", "node3"]
discovery.seed_hosts 用于帮助节点相互发现,而 cluster.initial_master_nodes 用于在集群启动时指定初始的主节点。
重启 Elasticsearch
修改配置文件后,重启 Elasticsearch 服务。你可以使用以下命令来启动 Elasticsearch:
vi /usr/local/software/elasticsearch/config/elasticsearch.yml
discovery.seed_hosts: ["127.0.0.1:9300"]
cluster.initial_master_nodes: ["localhost"]
bash
./bin/elasticsearch