ubuntu 部署 ELK

vm.max_map_count=262144

192.168.131.131 es-node1192.168.131.132 es-node2192.168.131.133 es-node3

# cat /etc/security/limits.conf# End of fileroot soft core unlimitedroot hard core unlimitedroot soft nproc 1000000root hard nproc 1000000root soft nofile 1000000root hard nofile 1000000root soft memlock 32000root hard memlock 32000root soft msgqueue 8192000root hard msgqueue 8192000* soft core unlimited* hard core unlimited* soft nproc 1000000* hard nproc 1000000* soft nofile 1000000* hard nofile 1000000* soft memlock 32000* hard memlock 32000* soft msgqueue 8192000* hard msgqueue 8192000

# groupadd -g 2888 elasticsearch && useradd elasticsearch -u 2888 -g 2888 -r -m -s /bin/bash # password elasticsearchroot@es3:~# passwd elasticsearchNew password:Retype new password:passwd: password updated successfully# mkdir -pv /data/esdata /data/eslogs /apps   &&  chown elasticsearch.elasticsearch -R /data /apps/ 

# tar xvf elasticsearch-8.5.1-linux-x86_64.tar.gz  &&  ln -sv /apps/elasticsearch-8.5.1 /apps/elasticsearch# reboot

签发证书：root@es1:~# su - elasticsearchelasticsearch@es1:~$ cd /apps/elasticsearch/apps/elasticsearch$ vim instances.ymlinstances: - name: "es1.example.com" ip: - "172.31.2.101" - name: "es2.example.com" ip: - "172.31.2.102" - name: "es3.example.com" ip: - "172.31.2.103"#⽣成CA私钥，默认名字为elastic-stack-ca.p12/apps/elasticsearch$ bin/elasticsearch-certutil ca#⽣产CA公钥，默认名称为elastic-certificates.p12/apps/elasticsearch$ bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12#签发elasticsearch集群主机证书：elasticsearch@es1:/apps/elasticsearch$ bin/elasticsearch-certutil cert --silent --ininstances.yml --out certs.zip --pass magedu123 --ca elastic-stack-ca.p12 #指定证书密码为magedu123Enter password for CA (elastic-stack-ca.p12) : #CA私钥如果没有密码就直接按回⻋确认

证书分发：#本机(node1)证书：elasticsearch@es1:/apps/elasticsearch$ unzip certs.zipelasticsearch@es1:/apps/elasticsearch$ mkdir config/certselasticsearch@es1:/apps/elasticsearch$ cp -rp es1.example.com/es1.example.com.p12 config/certs/node2证书：elasticsearch@es2:/apps/elasticsearch$ mkdir config/certselasticsearch@es1:/apps/elasticsearch$ scp -rp es2.example.com172.31.2.102:/apps/elasticsearch/config/certs/node3证书：elasticsearch@es3:/apps/elasticsearch$ mkdir config/certselasticsearch@es1:/apps/elasticsearch$ scp -rp es3.example.com172.31.2.103:/apps/elasticsearch/config/certs/

#⽣成 keystore ⽂件(keystore是保存了证书密码的认证⽂件magedu123)elasticsearch@es1:/apps/elasticsearch$ ./bin/elasticsearch-keystore create #创建keystore⽂件Created elasticsearch keystore in /apps/elasticsearch/config/elasticsearch.keystoreelasticsearch@es1:/apps/elasticsearch$ ./bin/elasticsearch-keystore addxpack.security.transport.ssl.keystore.secure_passwordEnter value for xpack.security.transport.ssl.keystore.secure_password: #magedu123elasticsearch@es1:/apps/elasticsearch$ ./bin/elasticsearch-keystore addxpack.security.transport.ssl.truststore.secure_passwordEnter value for xpack.security.transport.ssl.truststore.secure_password: #magedu123

分发认证⽂件：node2:elasticsearch@es1:/apps/elasticsearch$ scp -rp es2.example.com/es2.example.com.p12172.31.2.102:/apps/elasticsearch/config/certs/node3:elasticsearch@es1:/apps/elasticsearch$ scp -rp es3.example.com/es3.example.com.p12172.31.2.103:/apps/elasticsearch/config/certs/