zoukankan      html  css  js  c++  java
  • 全文搜索引擎 Elasticsearch 安装

    全文搜索引擎 Elasticsearch 安装

    学习了:http://www.ruanyifeng.com/blog/2017/08/elasticsearch.html

    拼音:https://www.cnblogs.com/wenbronk/p/6564962.html

    head:https://github.com/mobz/elasticsearch-head

    head 有chrome插件:http://sina.lt/ftSr 

    head 插件csdn下载:https://download.csdn.net/download/lu1005287365/10468104

    head 启动 npm run start

    yml中不能有Tab符号;

    head for es5 之后必须单独运行了;

     =======================================

    学习了:http://www.cnblogs.com/techroad4ca/p/7748293.html

     =======================================

    elastic search 启动: 

    binelasticsearch 

    binelasticsearch  -d 表示后台启动

    elastic search head 启动:

    npm install 安装  注意这里可以用 cnpm install安装

    npm run start 启动

    ========================================

    对于head插件的使用,修改elasticsearch.yml文件,增加如下内容:

      http.cors.enabled: true

      http.cors.allow-origin: "*"
     
    ik分词安装:

    ik: https://github.com/medcl/elasticsearch-analysis-ik

    方法1,install https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v6.2.4/elasticsearch-analysis-ik-6.2.4.zip 

                查看安装的目录结果是 elasticsearch-6.2.4pluginsanalysis-ik,下面是如下内容:

    commons-codec-1.9.jar
    commons-logging-1.2.jar
    elasticsearch-analysis-ik-6.2.4.jar
    httpclient-4.5.2.jar
    httpcore-4.4.4.jar
    plugin-descriptor.properties

    方法2,下载https://github.com/medcl/elasticsearch-analysis-ik/releases中对应的版本,解压到elasticsearch-6.2.4pluginsanalysis-ik目录,
     
    pinyin插件安装:
    解压到plugins目录下面,把文件夹改个名字;
     
    ==============================================================================
    所谓的cat API:https://www.elastic.co/guide/en/elasticsearch/reference/current/cat.html
    所谓的Cluster API: https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster-state.html
    例如:http://localhost:9200/_cluster/health  查看集群名称;

    =============================================================
    学习了:https://blog.csdn.net/qq_16164711/article/details/78892904
    官方下载:https://www.elastic.co/guide/en/elasticsearch/reference/6.2/installing-xpack-es.html
    xpack默认只能install,在install说明界面有offline安装链接;
    https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-6.2.4.zip
    下载的文件,包含了x-pack for elasticsearch, kibana, 和logstash
    安装命令: ./bin/elasticsearch-plugin install file:///path/to/x-pack-6.2.4.zip
    在https://github.com/mobz/elasticsearch-head的官网说明了需要进行的配置:
    在elasticsearch中的config/elasticsearch.yml中增加:
    http.cors.enabled: true
    http.cors.allow-origin: "*"
    http.cors.allow-headers: Authorization----这个有问题的
    用这两个都可以
    http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type # from ldb
    http.cors.allow-headers: Authorization,Origin, X-Requested-With, Content-Type, Accept # from php
    这个也可以:
        http.cors.allow-headers: Authorization, Content-Type

    使用elasticsearch/bin/x-pack/setup-passwords interactive进行密码设置,search8**
    但是只能设置一次;
    设置之后就可以使用该密码访问http://localhost:9200了;
    启动head之后,http://localhost:9100/?auth_user=elastic&auth_password=search8**进行测试
    就可以正常访问了;

    =============================================================
    kibana安装
    下载了就可以用,如果需要认证elasticsearch,在kibana-6.2.4-darwin-x86_64/config/kibana.yml中增加es的用户名密码

    帮助官网:https://www.elastic.co/guide/index.html  这个可以查看,就在官网的下面就有这个链接  

    kibana-plugin install file:///servers/elk/install/x-pack-6.2.4.zip   这个比较慢,即便是使用file本地安装也是比较慢的;

    还是需要通过邮件进行license的下载,而且需要设置xpack.secutiry.enabled: false; 否则无法正常curl破解license;

    6.2.4 x-pack破解:https://www.cnblogs.com/chengjiawei/p/8991859.html

    破解java文件,覆盖elasticsearch/plugins/x-pack/x-pack-core/x-pack-core-6.2.4.jar 传送门: x-pack-core-6.2.4.tar
    在elastic.yml中进行xpack.security.enabled: false的设定;

    申请license,然后手动修改;

    curl -XPUT -u elastic:pass 'http://ip:9200/_xpack/license' -H "Content-Type: application/json" -d @license.json

    不输入密码会在执行的时候提示一下输入,但是现在还没有设置密码呢; 

    使用elasticsearch/bin/x-pack/setup-passwords interactive设置密码之后,就可以进行http://localhost:9100/?auth_user=elastic&auth_password=pass访问了; 

    设置完密码之后,kibana/config/kibana.yml 中进行elasticsearch user/pass的设置,然后就可以使用kibana访问了;

    这时,在elasticsearch启动中可以看到platinum显示,中kibana启动中可以看到platinum和有效期的显示;而且curl -u user:pass localhost:9200可以访问;

    而且使用java中设置用户名密码可以访问;但是中elasticsearch启动中会出现warning,提示要xpack.security.ssl.transport.enabled 设置为true;

    =============================================================

    增加ssl通信证书

    使用certgen -in instances.yml命令生成PEM格式证书;https://www.elastic.co/guide/en/elasticsearch/reference/6.0/certgen.html

    该方法depecated了,现在还可以用;elasticsearch.yml中的node.name与instances.yml名字不一致没事;

    java客户端可以与es使用同一个证书文件;elasticsearch.yml中不指定network.host,没事;

    注意进行密码设置:

    bin/elasticsearch-keystore add xpack.security.transport.ssl.secure_key_passphrase

    在elasticsearch.yml中进行配置如下,可以使用相对路径配置key/crt/ca.crt等

    xpack.security.enabled: true
    xpack.security.transport.ssl.enabled: true
    xpack.security.transport.ssl.verification_mode: certificate 
    xpack.security.transport.ssl.key: node1/node1.key
    xpack.security.transport.ssl.certificate: node1/node1.crt
    xpack.security.transport.ssl.certificate_authorities: ca/ca.crt

    中java客户端使用如下代码,红色部分与官网手册中不一致;

            TransportClient client = new PreBuiltXPackTransportClient(Settings.builder()
                    .put("cluster.name", "elasticsearch")
                    .put("xpack.security.user", "elastic:elastic")
                    .put("xpack.security.transport.ssl.enabled", "true")
                    .put("xpack.security.transport.ssl.verification_mode", "certificate")  
                    .put("xpack.ssl.key", "/servers/elk/ca/node1.key")
                    .put("xpack.ssl.certificate", "/servers/elk/ca/node1.crt")
                    .put("xpack.ssl.certificate_authorities", "/servers/elk/ca/ca.crt")
    //                .put("client.transport.ping_timeout", "50s")
                    .build())
                    .addTransportAddress(new TransportAddress(InetAddress.getByName("localhost"), 9300));

    注意maven中增加es的repository

        <repositories>
            <!-- add the elasticsearch repo -->
            <repository>
                <id>elasticsearch-releases</id>
                <url>https://artifacts.elastic.co/maven</url>
                <releases>
                    <enabled>true</enabled>
                </releases>
                <snapshots>
                    <enabled>false</enabled>
                </snapshots>
            </repository>
        </repositories>

    如果用python,人生苦短!

    class ElasticObj:
        def __init__(self, index_name="trademark_around_index", index_type="location_type", ip="localhost"):
            self.index_name = index_name  # 索引名称
            self.index_type = index_type  # 索引类型
            # 无用户名密码状态,这样也会可以的
            # self.es = Elasticsearch(
            #     [
            #         'http://elastic:pass@localhost:9200/'
            #     ],
            #     verify_certs=True
            # )
            # 用户名密码状态
            self.es = Elasticsearch([ip], http_auth=('elastic', 'pass'), port=9200)

    使用certutil ca / certutil cert --ca elastic-stack-ca.p12命令来生成PKCS#12格式的密钥,https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-tls.html

    这是官方推荐的方式,但是命令位于bin/x-pack/certutil中,与官方文档不符;

    在生成证书过程中需要输入密码,之后需要使用命令进行密码的存储:

    bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
    
    bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password

    在elasticsearch.yml中进行配置:

    xpack.security.enabled: true
    xpack.security.transport.ssl.enabled: true
    xpack.security.transport.ssl.verification_mode: certificate 
    xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12 
    xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12 

    在java客户端使用代码如下,注意红色部分是根据错误提示之后增加的内容,官方帮助:https://www.elastic.co/guide/en/elasticsearch/reference/current/security-settings.html

            TransportClient client = new PreBuiltXPackTransportClient(Settings.builder()
                    .put("cluster.name", "elasticsearch")
                    .put("xpack.security.user", "elastic:elastic")
                    .put("xpack.security.transport.ssl.enabled", "true")
                    .put("xpack.security.transport.ssl.verification_mode", "certificate")
                    .put("xpack.ssl.keystore.path","/servers/elk/ca/elastic-certificates.p12")
                    .put("xpack.ssl.keystore.password","elastic")
    //                .put("client.transport.ping_timeout", "50s")
                    .build())
                    .addTransportAddress(new TransportAddress(InetAddress.getByName("localhost"), 9300));

    ==================================================================

    说点啥好呢;es7.1.0已经默认包含x-pack了,并且默认都安装了;

    在config/elasticsearch.yml中配置:

    xpack.security.enabled: true

    然后启动es,这个时候就已经不能匿名访问了;就可以进行密码交互设置:

    ➜  elasticsearch-7.1.0 bin/elasticsearch-setup-passwords interactive

    在kibana/config/kibana.yml中进行用户名密码的配置,输入的是elasticSearch的用户名密码:

    elasticsearch.username: "elastic"
    elasticsearch.password: "elastic"

    这样就可以进行用户认证了;

    =============================================================

    在config/elasticsearch.yml中配置:

    http.cors.enabled: true
    http.cors.allow-origin: "*"
    
    xpack.security.enabled: true
    
    xpack.security.transport.ssl.enabled: true
    xpack.security.transport.ssl.verification_mode: certificate
    xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
    xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
    xpack.security.transport.ssl.keystore.type: PKCS12
    xpack.security.transport.ssl.keystore.password: elastic
    xpack.security.transport.ssl.truststore.type: PKCS12
    xpack.security.transport.ssl.truststore.password: elastic

    其中的elastic-certificates.p12文件生成方法如下:

    bin/elasticsearch-certutil ca
    bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
    
    bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
    
    bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password

    这个时候就可以进行密码的设置了,这里有个坑,先不要设置客户端ssl认证,如果设置了客户端ssl认证,无法进行密码的设置:

    ➜  elasticsearch-7.1.0 bin/elasticsearch-setup-passwords interactive
    Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
    You will be prompted to enter passwords as the process progresses.
    Please confirm that you would like to continue [y/N]y
    
    
    Enter password for [elastic]:
    Reenter password for [elastic]:
    Enter password for [apm_system]:
    Reenter password for [apm_system]:
    Enter password for [kibana]:
    Reenter password for [kibana]:
    Enter password for [logstash_system]:
    Reenter password for [logstash_system]:
    Enter password for [beats_system]:
    Reenter password for [beats_system]:
    Enter password for [remote_monitoring_user]:
    Reenter password for [remote_monitoring_user]:
    Changed password for user [apm_system]
    Changed password for user [kibana]
    Changed password for user [logstash_system]
    Changed password for user [beats_system]
    Changed password for user [remote_monitoring_user]
    Changed password for user [elastic]

    ====================================

    es 7.1.0线上配置:

    cluster.name: my-application
    node.name: node-1
    network.host: 0.0.0.0 
    discovery.seed_hosts: ["0.0.0.0", "[::1]"]
    cluster.initial_master_nodes: ["node-1"]
    xpack.security.enabled: true
    xpack.security.transport.ssl.enabled: true
    bootstrap.memory_lock: false
    bootstrap.system_call_filter: false
    http.cors.enabled: true
    http.cors.allow-origin: /.*/

    还需要配置:

    /etc/security/limits.conf

    root soft nofile 65535
    root hard nofile 65535
    * soft nofile 65536
    * hard nofile 131072
    * soft nproc 2048
    * hard nproc 4096
    vm.max_map_count=655360

    /etc/security/limits.d/20-nproc.conf

    * soft nproc 4096
    root soft nproc unlimited

    /etc/sysctl.conf 
    vm.max_map_count=655360

    执行 sysctl -p

    =====================多个节点的设置============================= 

    /etc/hosts
    node-110 192.168.0.110
    node-111 192.168.0.111
    node-112 192.168.0.112
    
    # 生成p12认证文件
    bin/elasticsearch-certutil ca
    bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
    
    elasticsearch.yml
    discovery.seed_hosts: ["192.168.0.110", "192.168.0.111","192.168.0.112"]
    xpack.security.transport.ssl.verification_mode: certificate 
    xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12 
    xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12 
    
    # 进行密码存储
    bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
    bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
    # 可以使用 list/remove 命令进行已经存储内容的显示和删除;
    # 存储了一个错误的值,导致无法启动;
    # 第三个节点没有进行密码的设置,可以正常使用

     

     

  • 相关阅读:
    Representation Data in OpenCascade BRep
    Render OpenCascade Geometry Surfaces in OpenSceneGraph
    Render OpenCascade Geometry Curves in OpenSceneGraph
    OpenCascade Shape Representation in OpenSceneGraph
    Geometry Surface of OpenCascade BRep
    Geometry Curve of OpenCascade BRep
    Tyvj2017清北冬令营入学测试
    Spfa算法模板
    洛谷1016 旅行家的预算
    洛谷1290 欧几里得的游戏
  • 原文地址:https://www.cnblogs.com/stono/p/8890613.html
Copyright © 2011-2022 走看看