elasticsearch 安装错误记录
Q1:Caused by: java.security.AccessControlException: access denied ("java.io.FilePermission" "/data/elasticsearch/config" "read")
chmod -R 777 config*
Q2:ERROR: [1] bootstrap checks failed
[1]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
vi /etc/sysctl.conf
vm.max_map_count = 262144
sysctl -p
Q3:Cause: Cluster state has not been recovered yet, cannot write to the [null] index
此行代码放到配置文件elasticsearch.yml中重新启动 “node”=要设置为主节点的名称
cluster.initial_master_nodes: [“node”]
Q4.xpack 安全验证
借助elasticsearch-certutil命令生成证书
bin/elasticsearch-certutil ca -out config/elastic-certificates.p12 -pass ""
借助:
elasticsearch-setup-passwords 设置集群密码。
elasticsearch-setup-passwords 支持的参数如下:
核心:
auto - 随机生成密码。
interactive - 自定义不同用户的密码。
注意:必须配置好xpack之后,才能设置密码。否则会报错
执行设置用户名和密码的命令,这里需要为4个用户分别设置密码,elastic, kibana, logstash_system,beats_system
bin/elasticsearch-setup-passwords interactive
ERROR: Failed to set password for user [apm_system].
手动设置密码时报错
可以使用自动模式
bin/elasticsearch-setup-passwords auto
修改密码命令如下
curl -H "Content-Type:application/json" -XPOST -u elastic 'http://127.0.0.1:9200/_xpack/security/user/elastic/_password' -d '{ "password" : "123456" }'
curl -H "Content-Type:application/json" -XPOST -u elastic 'http://10.5.5.12:9200/_xpack/security/user/elastic/_password' -d '{ "password" : "EM@wP87o%G" }'
curl http://10.5.5.12:9200/_cat/indices -u elastic:EM@wP87o%G
fb@2021elk
curl http://10.5.4.6:9200/_cat/indices -u elastic:EM@wP87o%G
curl --user elastic:EM@wP87o%G -XGET '10.5.5.12:9200/_cat/health?v&pretty'
#查看用户
bin/elasticsearch-users list
#创建用户
./bin/elasticsearch-users useradd elastic -p EM@wP87o%G -r superuser
Q5:密码错误初始化
#elasticsearch.yml
cluster.name: fb-es-cluster-sanbox
node.name: sanbox-node-1
network.host: 10.5.5.12
discovery.seed_hosts: ["10.5.5.12:9300"]
cluster.initial_master_nodes: ["sanbox-node-1"]
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /data/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /data/elasticsearch/config/elastic-certificates.p12
#
cd /data/elasticsearch
bin/elasticsearch-certutil.bat ca -out config/elastic-certificates.p12 -pass ""
会在config 下生成 elastic-certificates.p12
修改权限
chmod 777 elastic-certificates.p12
启动es
cd /data/elasticsearch/bin
./elasticsearch -d
在 config 下生成 elasticsearch.keystore
手动配置密码
cd /data/elasticsearch/bin
./elasticsearch-setup-passwords interactive
验证集群
curl --user elastic:fb@2021elk -XGET '10.5.5.12:9200/_cat/health?v&pretty'
curl http://10.5.5.12:9200/_cat/indices -u elastic:fb@2021elk
Q6.nested: IllegalArgumentException[Custom Analyzer [ik] failed to find tokenizer under name [ik]]; ","status":400
node.master 设置为 false ,需设置为true
Q7.Likely root cause: ElasticsearchParseException[malformed, expected settings to start with 'object', instead was [VALUE_STRING]]
配置之间需要空格
/opt/elasticsearch-2.3.0/config/elasticsearch.yml
cluster.name:hkes
node.name:hkes1
Q8.java.lang.RuntimeException: don't run elasticsearch as root.
创建 tomcat 账号,切换,并运行
Q9.提示错误
master_not_discovered_exception
检查节点状态:curl
http://10.0.12.124:9200/_cat/nodes?pretty
配置:
node.name: mhjy-1
cluster.initial_master_nodes: ["mhjy-1"]
curl 'http://10.0.12.124:9200/_cat/indices?v'
curl http://10.0.12.124:9200/_cluster/health
Q10.filebeat太神秘了,自己的log文件什么也不写,出问题也不知道怎么查,记两个debug的命令
sudo filebeat -e -d “*”
sudo filebeat setup -e
#filebeat.yaml
----------Elasticsearch template setting ----------
setup.ilm.enabled: false
setup.template.name: "filebeat-124"
setup.template.pattern: "filebeat-124-*"
setup.template.settings:
index.number_of_shards: 1
index.number_of_replicas: 0
index.codec: best_compression
----------Elasticsearch Output----------
hosts: ["10.0.12.124:9200"]
index: "filebeat-124-%{+yyyy.MM.dd}"
删除索引