文档地址：

官网文档地址： https://www.elastic.co/guide/index.html
rpm包/源码下载地址：https://www.elastic.co/cn/downloads

源码安装-环境准备：

node-01       192.168.95.174
node-02       192.168.95.173
node-03       192.168.95.172
 
在每台机器上都下载源码包
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.10.1-linux-x86_64.tar.gz    # ES的，我用的7.14.0版本
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.10.1-linux-x86_64.tar.gz   # Kibana 的，版本要一致，只在node-001上安装
 
 
修改一下解析hosts文件，这一步每台机器都要配置
vim /etc/hosts
192.168.95.174 node-01
192.168.95.173 node-02
192.168.95.172 node-03


修改服务器配置参数
#### 每台ES服务器都需要执行
 
vim /etc/security/limits.conf
 
* soft nofile 65535
* hard nofile 65537
 
vim /etc/sysctl.conf
vm.max_map_count = 655360
vm.swappiness=0
 
sysctl -p

解压ES源码包

每一台ES机器都需要执行
 
# 切到工作目录
mkdir /data/maycur/unzip && cd /data/maycur/unzip
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.10.1-linux-x86_64.tar.gz
 
tar -xvzf elasticsearch-7.10.1-linux-x86_64.tar.gz ../
 
cd elasticsearch-7.10.1

修改ES集群配置文件

#集群名称和节点名称
cluster.name: my-es-cluster
node.name: node-1
network.host: 0.0.0.0
# 用于集群内各机器间通信,对外使用，其他机器访问本机器的es服务，一般为本机宿主机IP
network.publish_host: 192.168.95.174
node.master: true # 使节点有资格成为主节点
node.data: true # 使节点可以存储数据
#最大集群节点数
node.max_local_storage_nodes: 3
# 列出所有节点的私有IP地址
discovery.seed_hosts: ["192.168.95.174:9300", "192.168.95.173:9300","192.168.95.172:9300"]
# 首次启动时指定的候选主节点列表
cluster.initial_master_nodes: ["node-1", "node-2", "node-3"]

#是否允许跨域
http.cors.enabled: true
http.cors.allow-origin: "*"

#安全认证部分
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

#集群名称和节点名称
cluster.name: my-es-cluster
node.name: node-2
network.host: 0.0.0.0
# 用于集群内各机器间通信,对外使用，其他机器访问本机器的es服务，一般为本机宿主机IP
network.publish_host: 192.168.95.173
node.master: true # 使节点有资格成为主节点
node.data: true # 使节点可以存储数据
#最大集群节点数
node.max_local_storage_nodes: 3
# 列出所有节点的私有IP地址
discovery.seed_hosts: ["192.168.95.174:9300", "192.168.95.173:9300","192.168.95.172:9300"]
# 首次启动时指定的候选主节点列表
cluster.initial_master_nodes: ["node-1", "node-2", "node-3"]

#是否允许跨域
http.cors.enabled: true
http.cors.allow-origin: "*"

#安全认证部分
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

#集群名称和节点名称
cluster.name: my-es-cluster
node.name: node-3
network.host: 0.0.0.0
# 用于集群内各机器间通信,对外使用，其他机器访问本机器的es服务，一般为本机宿主机IP
network.publish_host: 192.168.95.172
node.master: true # 使节点有资格成为主节点
node.data: true # 使节点可以存储数据
#最大集群节点数
node.max_local_storage_nodes: 3
# 列出所有节点的私有IP地址
discovery.seed_hosts: ["192.168.95.174:9300", "192.168.95.173:9300","192.168.95.172:9300"]
# 首次启动时指定的候选主节点列表
cluster.initial_master_nodes: ["node-1", "node-2", "node-3"]

#是否允许跨域
http.cors.enabled: true
http.cors.allow-origin: "*"

#安全认证部分
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

以上配置文件开启了安装认证，如果不开启认证则可以注释，如果开启则需要执行一下操作步骤：

安全认证操作步骤

在192.168.95.174 node-01节点操作

去到cd /path/elasticsearch-7.10.1/bin

1.生成CA证书
// 生成CA证书,执行命令后,系统还会提示你输入密码,可以直接留空
./elasticsearch-certutil ca

会在config下生成一个elastic-stack-ca.p12文件
ls -al ../config/elastic-stack-ca.p12 
-rw-------. 1 elastic elastic 2527 May 21 14:29 ../config/elastic-stack-ca.p12

2.根据elastic-stack-ca.p12文件 生成elastic-certificates.p12
//生成证书和私钥,系统还会提示你输入密码，你可以输入证书和密钥的密码，也可以留空
./elasticsearch-certutil cert --ca elastic-stack-ca.p12

将节点node-01上生成的两个文件拷贝到另外的节点

scp elastic-stack-ca.p12 node-02:/path/elasticsearch-7.10.1/config/

scp elastic-stack-ca.p12 node-03:/path/elasticsearch-7.10.1/config/

启动ES集群服务

1、创建用户

#### 每台ES服务器都需要执行
 
# 因为ES不允许用root用户启动，所以我就创建一个普通用户来进行管理
groupadd elastic
useradd -g elastic -d /home/elastic elastic
passwd elastic
密码（password)

##修改es程序所有者和权限
chown -R elastic:elastic /maycur/elasticsearch-7.10.1

2、启动

su elastic
cd ...../elasticsearch-7.10.1/bin/
./elasticsearch -d

配置systemd服务启动es

cat > /etc/systemd/system/elasticsearch.service << EOF
[Unit]
Description=Elasticsearch service
After=syslog.target network.target

[Service]
Type=simple
User=elastic
Group=elastic
ExecStart=/data/maycur/elasticsearch-7.10.1/bin/elasticsearch
Restart=always
StandardOutput=syslog
StandardError=syslog
LimitNOFILE=65535
LimitMEMLOCK=infinity

[Install]
WantedBy=multi-user.target
EOF

设置es密码

在其中一台机器上执行,我这里在 192.168.95.174 node-01节点机器操作,我这里密码全部设置为（123456）

cd cd /path/elasticsearch-7.10.1/bin
./elasticsearch-setup-passwords interactive

Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y


Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

用过用户名密码验证集群状态

curl -u elastic 'http://192.168.95.174:9200/_cat/health?v'

curl -u elastic 'http://192.168.95.174:9200/_cat/nodes?v'