如何在Rocky Linux 8上安装和配置Elasticsearch

简介

Elasticsearch 是一个用于分布式实时搜索和数据分析的平台。它以其易用性、强大的功能和可扩展性而备受青睐。

本文将指导您安装Elasticsearch 8.x,并为您的使用情况进行配置,保护您的安装,并开始使用Elasticsearch服务器。

先决条件

在跟随本教程之前,您将需要:

  • A Rocky Linux 8 server with 2GB RAM and 2 CPUs set up with a non-root sudo user. You can achieve this by following the Initial Server Setup with Rocky Linux 8

由于Elasticsearch默认分配大约1GB的RAM,因此它可能对资源需求较高,所以要记住在内存有限的环境中可能需要启用交换空间。你的Elasticsearch服务器所需的CPU、RAM和存储量取决于你生成的记录数量。

步骤1 — 安装和配置Elasticsearch

Before installing Elasticsearch, you’ll want to make sure that you have a usable text editor installed. The default text editor that comes with Rocky Linux 8 is vi. vi is an extremely powerful text editor, but it can be somewhat obtuse for users who lack experience with it. You might want to install a more user-friendly editor such as nano to facilitate editing configuration files on your Rocky Linux 8 server:

  1. sudo dnf install nano -y

 

Now you can proceed to install Elasticsearch. The Elasticsearch components are not available in Rocky’s default package repositories. They can instead be involved from repositories maintained by the Elasticsearch project.

All of the packages are signed with the Elasticsearch signing key in order to protect your system from package spoofing. Packages which have been authenticated using the key will be considered trusted by your package manager. In this step, you will import the Elasticsearch public GPG key and add the Elastic package source list in order to install Elasticsearch.

To begin, use the rpm package tool to import the key from elastic.co:

  1. rpm –import https://artifacts.elastic.co/GPG-KEY-elasticsearch

 

Next, using nano or your favorite text editor, create a file called elasticsearch.repo in the /etc/yum.repos.d/ directory, so your package manager can connect to the Elasticsearch repository:

  1. sudo nano /etc/yum.repos.d/elasticsearch.repo

 

/etc/yum.repos.d/elasticsearch.repo
[elasticsearch]
name=Elasticsearch repository for 8.x packages
baseurl=https://artifacts.elastic.co/packages/8.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=0
autorefresh=1
type=rpm-md

The gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch portion of the file instructs your package manager to use the key that you downloaded to verify repository and file information for Elasticsearch packages.

Save and close the file. If you’re using nano, you can save and quit by using Ctrl+X, then when prompted, Y and then Enter.

Finally, install Elasticsearch with the dnf package manager:

  1. sudo dnf install –enablerepo=elasticsearch elasticsearch

 

Press y when prompted to confirm installation.

Part of the Elasticsearch installation output should include Security autoconfiguration information, and, most importantly, the auto-generated Elasticsearch admin password:

Output

————————— Security autoconfiguration information —————————— Authentication and authorization are enabled. TLS for the transport and HTTP layers is enabled and configured. The generated password for the elastic built-in superuser is : CH77_qG8ji8QCxwUCr3w

Make a note of this password as you will be using it later in this tutorial, and you will need it to create other Elasticsearch users. Elasticsearch is now installed and ready to be configured.

Step 2 — Configuring Elasticsearch

To configure Elasticsearch, you will edit its main configuration file elasticsearch.yml, where most of its configuration options are stored. This file is located in the /etc/elasticsearch directory.

Open Elasticsearch’s configuration file, using nano or your favorite text editor:

  1. sudo nano /etc/elasticsearch/elasticsearch.yml

 

Note

Note: Elasticsearch’s configuration file is in YAML format, which means that you need to maintain the indentation syntax. Be sure that you do not add extra spaces as you edit this file.

The elasticsearch.yml file provides configuration options for your cluster, node, paths, memory, network, discovery, and gateway. Most of these options are preconfigured in the file but you can change them according to your needs. For the purpose of this single-server configuration, you will only adjust the settings for the network host.

Elasticsearch listens for traffic from everywhere on port 9200. This is not as much of an issue in Elasticsearch 8.x as it was in prior versions, as Elasticsearch now requires authentication by default. Still, you will most likely need to restrict outside access to your Elasticsearch instance to prevent outsiders from reading your data or shutting down your Elasticsearch cluster through its [REST API] (https://en.wikipedia.org/wiki/Representational_state_transfer). To restrict access, find the line that specifies network.host, uncomment it by removing the # at the start of the line, and replace its value with localhost so it reads like this:

/etc/elasticsearch/elasticsearch.yml
. . .
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: localhost
. . .

Specifying localhost allows Elasticsearch to listen on all interfaces and bound IPs. If you want it to listen only on a specific interface, you can specify its IP in place of localhost. Save and close elasticsearch.yml. If you’re using nano, you can save and quit by using Ctrl+X, then when prompted, Y and then Enter.

These are the minimum settings you can start with in order to use Elasticsearch. Now you can start Elasticsearch for the first time.

Start the Elasticsearch service with systemctl. Give Elasticsearch a few moments to start up. Otherwise, you may get errors about not being able to connect.

  1. sudo systemctl start elasticsearch

 

Next, run the following command to enable Elasticsearch to start up every time your server boots:

  1. sudo systemctl enable elasticsearch

 

With Elasticsearch enabled upon startup, let’s move on to the next step to discuss security.

Step 3 — Securing Elasticsearch

Elasticsearch can be controlled by anyone who can access the HTTP API. This is not necessarily a security risk, because you have already configured Elasticsearch to listen only on localhost, and because Elasticsearch 8+ sets up an admin password by default.

If you need to allow remote access to the HTTP API, you can limit the network exposure with firewalld. This firewall should already be enabled if you followed the steps in the prerequisite Initial Server Setup with Rocky Linux 8 tutorial. Elasticsearch runs on port 9200, so if you need select outside access, you can create a firewall profile that opens or restricts port 9200.

If you want to invest in additional protection, Elasticsearch offers the commercial Shield plugin for purchase.

Step 4 — Testing Elasticsearch

By now, Elasticsearch should be running on port 9200. You can test it by making a standard HTTP GET request to localhost:9200 with curl. As of Elasticsearch 8.x, the Elasticsearch API requires HTTPS authentication by default, so you can include its provided certificate in the request by using the –cacert argument. Finally, include the -u elastic argument to specify the default admin username, elastic.

  1. curl –cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200

 

You’ll be prompted to enter the admin password that you received on installation. After authenticating, you should receive the following response:

Output

{ “name” : “elasticrocky”, “cluster_name” : “elasticsearch”, “cluster_uuid” : “_hb4dLuuR-ipiloXHT_AMw”, “version” : { “number” : “8.5.3”, “build_flavor” : “default”, “build_type” : “rpm”, “build_hash” : “4ed5ee9afac63de92ec98f404ccbed7d3ba9584e”, “build_date” : “2022-12-05T18:22:22.226119656Z”, “build_snapshot” : false, “lucene_version” : “9.4.2”, “minimum_wire_compatibility_version” : “7.17.0”, “minimum_index_compatibility_version” : “7.0.0” }, “tagline” : “You Know, for Search” }

If you receive a response similar to the one above, Elasticsearch is working properly. If not, make sure that you have followed the installation instructions correctly and you have allowed some time for Elasticsearch to fully start.

To perform a more thorough check of Elasticsearch, try querying the _nodes endpoint, and add ?pretty to the end of the query to get human-readable text formatting:

  1. curl –cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200/_nodes?pretty

 

[secondary label Output]
{
  "_nodes" : {
    "total" : 1,
    "successful" : 1,
    "failed" : 0
  },
  "cluster_name" : "elasticsearch",
  "nodes" : {
    "7TgeSgV2Tma0quqd6Mw6hQ" : {
…

This way, you can verify all the current settings for the node, cluster, application paths, modules, and more.

Step 5 — Using Elasticsearch

To start using Elasticsearch, let’s first add some data. Elasticsearch uses a RESTful API, which responds to the usual CRUD commands: create, read, update, and delete. To send data to the API, you’ll use curl again, but this time you’ll make a PUT rather than a GET request by specifying -X PUT and including some JSON-formatted data on the command line using -d.

You can add your first entry like so:

  1. curl –cacert /etc/elasticsearch/certs/http_ca.crt -u elastic -X PUT “https://localhost:9200/test/_doc/1?pretty” -k -H ‘Content-Type: application/json’ -d ‘{“counter” : 1, “tags” : [“red”]}’

 

You should receive the following response:

Output

{ “_index” : “test”, “_id” : “1”, “_version” : 1, “result” : “created”, “_shards” : { “total” : 2, “successful” : 1, “failed” : 0 }, “_seq_no” : 0, “_primary_term” : 1 }

With cURL, you have sent an HTTP PUT request to the Elasticsearch server. The URI of the request was /test/_doc/1 with several parameters:

  • test is the index of the data in Elasticsearch.
  • _doc is the type.
  • 1 is the ID of our entry under the above index and type.

You can retrieve this first entry with an HTTP GET request.

  1. curl –cacert /etc/elasticsearch/certs/http_ca.crt -u elastic -X GET “https://localhost:9200/test/_doc/1?pretty” -k -H ‘Content-Type: application/json’

 

This should be the resulting output:

Output

{ “_index” : “test”, “_id” : “1”, “_version” : 1, “_seq_no” : 0, “_primary_term” : 1, “found” : true, “_source” : { “counter” : 1, “tags” : [ “red” ] } }

To modify an existing entry, you can use an HTTP PUT request.

  1. curl –cacert /etc/elasticsearch/certs/http_ca.crt -u elastic -X PUT “https://localhost:9200/test/_doc/1?pretty” -k -H ‘Content-Type: application/json’ -d ‘{“counter” : 1, “tags” : [“blue”]}’

 

Elasticsearch should acknowledge successful modification like this:

Output

{ “_index” : “test”, “_id” : “1”, “_version” : 2, “result” : “updated”, “_shards” : { “total” : 2, “successful” : 1, “failed” : 0 }, “_seq_no” : 1, “_primary_term” : 1 }

In the above example we have modified the message of the first entry to “Hello, People!”. With that, the version number has been automatically increased to 2.

You may have noticed the extra argument pretty in the above requests. It adds formatting format so that you can write each data field on a new row. Without pretty, Elasticsearch output is returned without line breaks or indentations. This is fine for API communication, but harder to read in command line output.

You have now added and queried data in Elasticsearch. To learn about the other operations please check the API documentation.

Conclusion

You have now installed, configured, and begun to use Elasticsearch. To further explore Elasticsearch’s functionality, please refer to the official Elasticsearch documentation.

发表回复 0

Your email address will not be published. Required fields are marked *


广告
将在 10 秒后关闭
bannerAds