Elastic Stack 组件可以在 Linux 和 Windows 环境中运行很容易。这些组件作为独立产品运行,不提供任何类型的编排或自动化功能。本书将重点介绍 Linux 环境;有关基于 Windows 的环境的说明可以在 Elasticsearch 参考指南中找到:https://www.elastic.co/guide/en/elasticsearch/reference/8.14/zip-windows.html

Debian 软件包安装 Elasticsearch 官方参考:https://www.elastic.co/guide/en/elasticsearch/reference/8.14/deb.html

ELASTICSEARCH 包含 来自 JDK 维护者 (GPLV2+CE)的OPENJDK捆绑版本。

1. 在线使用 APT 存储库安装

  1. 导入Elasticsearch PGP密钥。此密钥用于验证从APT存储库下载的包的完整性:
$ wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
  1. 安装apt-transport-https以使用安全的TLS连接下载Debian软件包:
$ sudo apt-get install apt-transport-https
  1. 将Elastic APT存储库添加到源列表中
$ echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list
  1. 安装Elasticsearch包

安装 Elasticsearch 时,默认启用并配置安全功能。安装 Elasticsearch 时,会自动进行以下安全配置:

  • 启用身份验证和授权,并为elastic内置超级用户生成密码。
  • 为传输层和 HTTP 层生成 TLS 的证书和密钥,并使用这些密钥和证书启用和配置 TLS。
  • 安装过程默认配置单节点集群。
$ sudo apt-get update && sudo apt-get install elasticsearch

注意,APT将自动在APT存储库中安装最新的可用包。要安装特定版本,可以在install命令中显式定义版本号:

$ sudo apt-get install elasticsearch=8.14.1

2. 离线使用 Debian 软件包安装

$ wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.14.1-amd64.deb
$ wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.14.1-amd64.deb.sha512
$ shasum -a 512 -c elasticsearch-8.14.1-amd64.deb.sha512
elasticsearch-8.14.1-amd64.deb: OK

$ sudo dpkg -i elasticsearch-8.14.1-amd64.deb
Selecting previously unselected package elasticsearch.
(Reading database ... 66144 files and directories currently installed.)
Preparing to unpack elasticsearch-8.14.1-amd64.deb ...
Creating elasticsearch group... OK
Creating elasticsearch user... OK
Unpacking elasticsearch (8.14.1) ...
Setting up elasticsearch (8.14.1) ...
--------------------------- Security autoconfiguration information ------------------------------

Authentication and authorization are enabled.
TLS for the transport and HTTP layers is enabled and configured.

The generated password for the elastic built-in superuser is : 2Da_xpurkZk7-P0Owt1C       // 生成的 elastic 密码

If this node should join an existing cluster, you can reconfigure this with
'/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <token-here>'
after creating an enrollment token on your existing cluster.        // 加入现有集群

You can complete the following actions at any time:

Reset the password of the elastic built-in superuser with                   // 重置密码
'/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.

Generate an enrollment token for Kibana instances with             // 生成一个 kibana 连接使用的 token
 '/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.

Generate an enrollment token for Elasticsearch nodes with           // 为其他 elasticsearch node 加入集群生成的token
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.

-------------------------------------------------------------------------------------------------
### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
 sudo systemctl daemon-reload
 sudo systemctl enable elasticsearch.service
### You can start elasticsearch service by executing
 sudo systemctl start elasticsearch.service

3. 使用 systemd 启动 Elasticsearch 服务

配置Elasticsearch在系统启动时自动启动,使用如下命令:

$ sudo systemctl daemon-reload
$ sudo systemctl enable elasticsearch.service
$ sudo systemctl start elasticsearch.service

默认情况下,Elasticsearch服务不会在systemd日志中记录信息。要启用journalctl日志记录,必须从 elasticsearch.service 中的ExecStart 命令行中删除 --quiet 选项。

当启用systemd logging时,可以使用journalctl命令获取日志信息:

跟踪日志:

$ sudo journalctl -f

列出elasticsearch服务的日志条目。

$ sudo journalctl --unit elasticsearch

列出从给定时间开始的elasticsearch服务的日志条目:

$ sudo journalctl --unit elasticsearch --since  "2024-06-14 18:17:16"

4. 验证 Elasticsearch

你可以通过发送一个HTTPS请求到本地主机的9200端口来测试你的Elasticsearch节点正在运行:

$ export ELASTIC_PASSWORD="2Da_xpurkZk7-P0Owt1C"
$ sudo curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic:$ELASTIC_PASSWOR
D https://localhost:9200
{
  "name" : "u8010204",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "4EZuXNgoRDipPEREBvdYQA",
  "version" : {
    "number" : "8.14.1",
    "build_flavor" : "default",
    "build_type" : "deb",
    "build_hash" : "93a57a1a76f556d8aee6a90d1a95b06187501310",
    "build_date" : "2024-06-10T23:35:17.114581191Z",
    "build_snapshot" : false,
    "lucene_version" : "9.10.0",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
}

$ sudo apt-get install jq
$ sudo curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic:$ELASTIC_PASSWORD https://localhost:9200/_cluster/health | jq .
...
{
  "cluster_name": "elasticsearch",
  "status": "green",
  "timed_out": false,
  "number_of_nodes": 1,
  "number_of_data_nodes": 1,
  "active_primary_shards": 1,
  "active_shards": 1,
  "relocating_shards": 0,
  "initializing_shards": 0,
  "unassigned_shards": 0,
  "delayed_unassigned_shards": 0,
  "number_of_pending_tasks": 0,
  "number_of_in_flight_fetch": 0,
  "task_max_waiting_in_queue_millis": 0,
  "active_shards_percent_as_number": 100
}

4. 扩展

(1)阻止包的自动更新

您还可以选择通过持有包来阻止APT自动更新包。这在生产环境中很重要,因为你不想在没有计划的情况下无意中触发Elasticsearch的升级:

sudo apt-mark hold elasticsearch

你可以通过运行下面的命令来移除对包的保留:

sudo apt-mark unhold elasticsearch