下載鏈接
https://www.elastic.co/downloads/past-releases/elasticsearch-8-17-0
https://www.elastic.co/downloads/past-releases/logstash-8-17-0
https://www.elastic.co/cn/downloads/past-releases/kibana-8-17-0https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.17.0-linux-x86_64.tar.gz
https://artifacts.elastic.co/downloads/logstash/logstash-8.17.0-linux-x86_64.tar.gz
https://artifacts.elastic.co/downloads/kibana/kibana-8.17.0-linux-x86_64.tar.gz1、上傳下載的安裝包到指定機器上,然后做準備工作1)編輯 /etc/security/limits.conf 文件,添加以下行:星號(*)代表對所有用戶應用該限制
* soft nofile 65535
* hard nofile 65535
2)編輯/etc/pam.d/login
加在最后
session required pam_limits.so3)vi /etc/sysctl.conf
添加或修改以下行:
vm.max_map_count=262144運行以下命令以使配置立即生效:
sudo sysctl -p然后重啟電腦2、解壓和改名
進入到軟件的目錄
/usr/local/software執行如下2條命令
tar -xzf elasticsearch-8.17.0-linux-x86_64.tar.gz
mv elasticsearch-8.17.0 elasticsearch3、運行
cd /usr/local/software/elasticsearch/bin
[root@localhost bin]# ./elasticsearch遇到錯誤,不能以 root 用戶身份運行 Elasticsearch
fatal exception while booting Elasticsearch java.lang.RuntimeException: can not run elasticsearch as root
這個錯誤的含義是 不能以 root 用戶身份運行 Elasticsearch。為了安全性和權限問題4、創建data目錄
在/usr/local/software/elasticsearch目錄下mkdir data5、新建用戶和授權
useradd elasticsearchchown -R elasticsearch:elasticsearch /usr/local/software/elasticsearch
chown -R elasticsearch:elasticsearch /usr/local/software/elasticsearch/datachown -R elasticsearch:elasticsearch /usr/local/software/elasticsearch/logs/
chmod -R 755 /usr/local/software/elasticsearch/logs/6、刪除elasticsearch.keystore[root@localhost config]# rm elasticsearch.keystore
rm: remove regular file ‘elasticsearch.keystore’? y7、修改elasticsearch.yml cd /usr/local/software/elasticsearch/configvi /usr/local/software/elasticsearch/config/elasticsearch.yml備份下
cp elasticsearch.yml elasticsearch_bak.yml修改
vi elasticsearch.ymldiscovery.seed_hosts: ["127.0.0.1:9300"]
cluster.initial_master_nodes: ["localhost"]xpack.security.enabled: false
xpack.security.enrollment.enabled: truehttp.host: 0.0.0.0transport.host: 0.0.0.0修改elasticsearch的堆內存
cd /usr/local/software/elasticsearch/config/jvm.options.d/
沒有文件就創建一個
touch heap-size.options
-Xms2g
-Xmx2g下面 Memory: 2.6G就是證明改變更了[root@localhost ~]# systemctl status elasticsearch
● elasticsearch.service - ElasticsearchLoaded: loaded (/etc/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)Active: active (running) since Tue 2024-12-31 16:00:36 CST; 1min 46s agoDocs: http://www.elastic.coMain PID: 992 (java)Tasks: 87Memory: 2.6G8 切換到 elasticsearch 用戶
sudo su - elasticsearch9 以 elasticsearch 用戶身份啟動 Elasticsearch
在 elasticsearch 用戶下,進入到 Elasticsearch 安裝目錄并啟動服務:cd /usr/local/software/elasticsearch/bin
./elasticsearch -d-d代表后臺啟動10 訪問http://192.168.150.50:9200/, 如果不能訪問再往下看或者文騰訊的AI,https://cat.aichatos8.com.cn/#/home
{"name" : "localhost.localdomain","cluster_name" : "elasticsearch","cluster_uuid" : "udrBoGSRRwal_hpQ7ocUlQ","version" : {"number" : "8.17.0","build_flavor" : "default","build_type" : "tar","build_hash" : "2b6a7fed44faa321997703718f07ee0420804b41","build_date" : "2024-12-11T12:08:05.663969764Z","build_snapshot" : false,"lucene_version" : "9.12.0","minimum_wire_compatibility_version" : "7.17.0","minimum_index_compatibility_version" : "7.0.0"},"tagline" : "You Know, for Search"
}11 創建服務 vi /etc/systemd/system/elasticsearch.service
文件內容如下:[Unit]
Description=Elasticsearch
Documentation=http://www.elastic.co
After=network.target[Service]
Type=simple
ExecStart=/usr/local/software/elasticsearch/bin/elasticsearch
User=elasticsearch
Group=elasticsearch
Restart=always
LimitMEMLOCK=infinity
LimitNOFILE=65536
LimitNPROC=4096[Install]
WantedBy=multi-user.target替換 /path/to/elasticsearch-8.17.0 為實際路徑。12 開機啟動
systemctl daemon-reload
systemctl enable elasticsearch
systemctl start elasticsearch
systemctl status elasticsearchelasticsearch.yml
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
# Before you set out to tweak and tune the configuration, make sure you
# understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
#cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
#path.data: /path/to/data
#
# Path to log files:
#
#path.logs: /path/to/logs
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
#network.host: 192.168.0.1
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
#http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
#cluster.initial_master_nodes: ["node-1", "node-2"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
discovery.seed_hosts: ["127.0.0.1:9300"]
cluster.initial_master_nodes: ["localhost"]
# ---------------------------------- Various -----------------------------------
#
# Allow wildcard deletion of indices:
#
#action.destructive_requires_name: false#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically
# generated to configure Elasticsearch security features on 30-12-2024 12:29:02
#
# --------------------------------------------------------------------------------# Enable security features
xpack.security.enabled: false
xpack.security.enrollment.enabled: true# Allow HTTP API connections from anywhere
# Connections are encrypted and require user authentication
http.host: 0.0.0.0# Allow other nodes to join the cluster from anywhere
# Connections are encrypted and mutually authenticated
transport.host: 0.0.0.0#----------------------- END SECURITY AUTO CONFIGURATION -------------------------
==============================安裝遇到的具體問題分析==================運行后Elasticsearch security features have been automatically configured!
? Authentication is enabled and cluster connections are encrypted.?? Password for the elastic user (reset with `bin/elasticsearch-reset-password -u elastic`):7b9UkBY*NeEH3_ea85JG?? HTTP CA certificate SHA-256 fingerprint:d7a127636d720f927127c4f974f806f512eae01dd8b85af21be192dd5bbb3c3c?? Configure Kibana to use this cluster:
? Run Kibana and click the configuration link in the terminal when Kibana starts.
? Copy the following enrollment token and paste it into Kibana in your browser (valid for the next 30 minutes):eyJ2ZXIiOiI4LjE0LjAiLCJhZHIiOlsiMTkyLjE2OC4xNTAuNTA6OTIwMCJdLCJmZ3IiOiJkN2ExMjc2MzZkNzIwZjkyNzEyN2M0Zjk3NGY4MDZmNTEyZWFlMDFkZDhiODVhZjIxYmUxOTJkZDViYmIzYzNjIiwia2V5IjoiYVR5VkY1UUJWLTBzb19zV0UzT246UkhSangyMFRReWl1ZzZPeUtWSVJIQSJ9?? Configure other nodes to join this cluster:
? On this node:? Create an enrollment token with `bin/elasticsearch-create-enrollment-token -s node`.? Uncomment the transport.host setting at the end of config/elasticsearch.yml.? Restart Elasticsearch.
? On other nodes:? Start Elasticsearch with `bin/elasticsearch --enrollment-token <token>`, using the enrollment token that you generated.重要信息:
elastic user 的密碼是 7b9UkBY*NeEH3_ea85JG
重置密碼的命令 bin/elasticsearch-reset-password -u elastic使用:bin/elasticsearch-create-enrollment-token -s node創建一個token, 但這個還用不上"取消對config/exelasticsearch.yml末尾transport.host設置的注釋。重新啟動Elasticsearch。8、修改elasticsearch.yml cd /usr/local/software/elasticsearch/config備份下
cp elasticsearch.yml elasticsearch_bak.yml修改
vi elasticsearch.yml把它的注釋去掉,然后保存重啟。
transport.host: 0.0.0.0[2024-12-30T21:00:35,801][ERROR][o.e.b.Elasticsearch ] [localhost.localdomain] node validation exception
[2] bootstrap checks failed. You must address the points described in the following [2] lines before starting Elasticsearch. For more information see [https://www.elastic.co/guide/en/elasticsearch/reference/8.17/bootstrap-checks.html]
bootstrap check failure [1] of [2]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]; for more information see [https://www.elastic.co/guide/en/elasticsearch/reference/8.17/bootstrap-checks-file-descriptor.html]
bootstrap check failure [2] of [2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]; for more information see [https://www.elastic.co/guide/en/elasticsearch/reference/8.17/bootstrap-checks-max-map-count.html]
ERROR: 這個錯誤信息說明 Elasticsearch 在啟動時執行了 bootstrap checks(啟動檢查),并且未通過兩個關鍵的檢查。具體來說,出現了以下兩個問題:錯誤信息解析:
max file descriptors 設置過低錯誤信息:[bootstrap check failure [1] of [2]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]]
解釋:Elasticsearch 需要較高的文件描述符限制,因為它會同時打開很多文件(例如索引文件、日志文件等)。默認情況下,操作系統可能只允許最多 4096 個文件描述符,而 Elasticsearch 要求至少 65535 個。
vm.max_map_count 設置過低錯誤信息:[bootstrap check failure [2] of [2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]]
解釋:vm.max_map_count 是操作系統設置的最大虛擬內存區域數(用于內存映射文件)。Elasticsearch 需要更高的這個值,特別是在處理大數據量時。默認值可能較低(如 65530),而 Elasticsearch 要求至少 262144。
如何解決這些問題:
1. 增加 max file descriptors 限制
你需要增加操作系統中可打開文件的最大數量。方法如下:查看當前設置:bash
ulimit -n
如果顯示的數字小于 65535,你需要增加它。臨時修改(只對當前會話有效):bash
ulimit -n 65535
永久修改(適用于 Linux):編輯 /etc/security/limits.conf 文件,添加以下行:星號(*)代表對所有用戶應用該限制
* soft nofile 65535
* hard nofile 65535如果你知道運行 Elasticsearch 的用戶(例如 elasticsearch 用戶),你可以替換星號為該用戶名:elasticsearch soft nofile 65535
elasticsearch hard nofile 65535還需要修改 /etc/pam.d/common-session 或 /etc/pam.d/login 文件(具體路徑取決于發行版),并添加以下行:
centos7 用這個/etc/pam.d/login
加在最后
session required pam_limits.so
最后,重新啟動機器或注銷當前會話后生效。2. 增加 vm.max_map_count 限制
vm.max_map_count 控制了每個進程可以映射的最大虛擬內存區域數量。需要將其增加到至少 262144:臨時修改:
bash
sudo sysctl -w vm.max_map_count=262144永久修改:
編輯 /etc/sysctl.conf 文件:bash
sudo vi /etc/sysctl.conf
添加或修改以下行:bash
vm.max_map_count=262144
運行以下命令以使配置立即生效:bash
sudo sysctl -p
3. 重啟 Elasticsearch
完成上述設置后,重啟 Elasticsearch:bash
sudo systemctl restart elasticsearch
或者如果你是手動啟動 Elasticsearch,則執行:bash
./bin/elasticsearch
總結:
max file descriptors 的問題:增加文件描述符的限制到 65535。
vm.max_map_count 的問題:增加虛擬內存映射區域的限制到 262144。
完成配置后重啟 Elasticsearch,應該能夠順利啟動。如果還有其他問題,或者配置后仍然無法啟動,可以查看 Elasticsearch 的日志(/usr/local/software/elasticsearch/logs/elasticsearch.log)來獲取更多詳細的錯誤信息。啟動說沒權限,繼續修改目錄權限
如果 Elasticsearch 進程沒有足夠的權限來寫入該目錄,你可以更改該目錄的權限,使得 Elasticsearch 有權訪問它。假設 Elasticsearch 是以 elasticsearch 用戶運行的,你可以執行以下命令來修復權限。給目錄賦予適當的權限:bash
sudo chown -R elasticsearch:elasticsearch /usr/local/software/elasticsearch/logs/
這條命令將目錄的所有權授予 elasticsearch 用戶和組。確保目錄具有正確的讀寫權限:bash
sudo chmod -R 755 /usr/local/software/elasticsearch/logs/
這樣,目錄將具有所有者的讀、寫和執行權限,其他用戶只有讀和執行權限。3. 檢查日志文件權限
同樣需要確保日志文件本身(elasticsearch.log)的權限設置正確。執行以下命令來檢查日志文件的權限:查看日志文件的權限:ls -l /usr/local/software/elasticsearch/logs/elasticsearch.log刪除elasticsearch.keystore[root@localhost config]# rm elasticsearch.keystore
rm: remove regular file ‘elasticsearch.keystore’? y從你提供的日志信息來看,Elasticsearch 在啟動時遇到了 bootstrap 檢查失敗,并且因為 缺少配置 導致啟動失敗。錯誤消息中指出了如下問題:錯誤描述
bootstrap check failure [1] of [1]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured;
這意味著 Elasticsearch 發現你沒有配置必要的發現設置,這是在生產環境中啟動集群時的強制要求。具體來說,Elasticsearch 需要知道如何找到集群的節點和確定主節點。解決辦法
編輯 Elasticsearch 配置文件Elasticsearch 的配置文件 elasticsearch.yml 存在于你的 Elasticsearch 安裝目錄下的 config 目錄中,例如:/usr/local/software/elasticsearch/config/elasticsearch.yml。添加 Discovery 配置在該文件中,你需要添加以下配置來啟用節點發現機制。對于單節點部署,可以配置 discovery.seed_hosts 或 cluster.initial_master_nodes。
如果你的環境是 單節點(即只有一個 Elasticsearch 實例),你可以添加以下配置:yaml
# discovery.seed_hosts 用于指定初始節點列表,Elasticsearch 用它來查找其他節點
discovery.seed_hosts: ["127.0.0.1:9300"]# 或者你可以使用 cluster.initial_master_nodes 指定初始的主節點列表
cluster.initial_master_nodes: ["localhost"]
如果你部署的是 多節點集群,你需要配置集群中的所有節點的 IP 地址。例如:
yaml
discovery.seed_hosts: ["node1_ip:9300", "node2_ip:9300", "node3_ip:9300"]
cluster.initial_master_nodes: ["node1", "node2", "node3"]
discovery.seed_hosts 用于幫助節點相互發現,而 cluster.initial_master_nodes 用于在集群啟動時指定初始的主節點。重啟 Elasticsearch修改配置文件后,重啟 Elasticsearch 服務。你可以使用以下命令來啟動 Elasticsearch:vi /usr/local/software/elasticsearch/config/elasticsearch.yml
discovery.seed_hosts: ["127.0.0.1:9300"]
cluster.initial_master_nodes: ["localhost"]bash
./bin/elasticsearch
)
)
 安裝到個人目錄 linux)
