--- tags: AAT disqus: hackmd --- # Elastic ElasticSearch 不可以用複製的，因為Node安裝時會產生自己的UUID。單純虛擬機的複製是不可行的，除非知道怎麼重設ES Node UUID。 更新工具及OS > sudo yum -y update > sudo yum -y install wget > sudo yum -y install vim 安裝Java > sudo dnf install java-11-openjdk-devel.x86_64 下載 Elasticsearch RPM 檔 > wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.6.0-x86_64.rpm > wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.8.0-x86_64.rpm 開通防火牆 > sudo firewall-cmd --add-port=9200/tcp --permanent > sudo firewall-cmd --add-port=9300/tcp --permanent > sudo firewall-cmd --reload // 防火牆全開或是全關 >sudo systemctl stop firewalld > sudo systemctl start firewalld 安裝 Elasticsearch RPM 檔 sudo rpm --install elasticsearch-7.6.0-x86_64.rpm sudo rpm --install elasticsearch-7.8.0-x86_64.rpm 設定 JVM Option >sudo vim /etc/elasticsearch/jvm.options 注意 -Xms4g -Xmx4g (兩個值須一致，不超過30G) [以上會建立一個CentOs磁碟機，裝好Jdk, 下載好工具] ------------------------------------------------------------------------------ [以下是打包好的VM後開始執行的項目] --- 網路設定 (或是從桌面進去做) > nmtui 設定 Elasticsearch >>sudo vim /etc/elasticsearch/elasticsearch.yml 備註1：載明所有可能出現的host清冊 discovery.seed_hosts: ["172.xx.*.16", "172.xx.*.17", "172.xx.*.18", "172.xx.*.19", "172.xx.*.20"] #azure => network.host: 10.xx.xx.x #若只要Single Node Cluster, 加上這行 discovery.type: single-node 若多台則打開cluster.initial_master_nodes那行 修改成每台ip或是node.name 常駐Elk >sudo systemctl daemon-reload >sudo systemctl enable elasticsearch.service >sudo systemctl start elasticsearch.service #測試是否安裝成功 > curl "http://localhost:9200/" # 卸載es yum remove elasticsearch sudo rm -rf /var/lib/elasticsearch/ sudo rm -rf /etc/elasticsearch https://serverfault.com/questions/699977/ubuntu-uninstall-elasticsearch/749019 ---------------------------------------------------------------------------------------------------------------- 遷移資料 1.下載node.js >wget https://nodejs.org/dist/v10.13.0/node-v10.13.0-linux-x64.tar.gz 2.解壓縮 node.js >wget https://nodejs.org/dist/v10.13.0/node-v10.13.0-linux-x64.tar.gz 3.建立鏈接 >ln -s ~/node-v10.13.0-linux-x64/bin/node /usr/bin/node >ln -s ~/node-v10.13.0-linux-x64/bin/npm /usr/bin/npm 4.測試安裝成功與否(查看版本號) >node -v >npm -v 5.安裝elasticdump >npm install elasticdump -g 6.進到elasticdump資料夾內 >cd node_modules/elasticdump/bin 7.取出數據存為json output的資料夾自己建 #mapping >./elasticdump --input=http://xx.xx.xx.4:9200 --output=data/my_index_mapping.json --type=mapping #data >./elasticdump --input=http://xx.xx.xx.xx:9200 --output=data/index.json --type=data #analyzer >./elasticdump --input=http://xx.xx.xx.xx:9200 --output=data/analyzer.json --type=analyzer ----------------------------- 8.將數據導入es中 >./elasticdump --output=http://172.xx.x.xx:9200 --input=/data/index.json --type=data >./elasticdump --output=http://172.xx.x.xx:9200 --input=/data/index_mapping.json --type=mapping 9. postman 打http://172.xx.x.xxx:9200/_cluster/setting { "persistent": { "search.max_open_scroll_context": 10000 }, "transient": { "search.max_open_scroll_context": 10000 } } 建有public ip 的vm 進去裝es 再刪除Public ip 就可以了 >ssh dvc@ip //進去 #刪ssh >ssh-keygen -R "you server #查看index curl 'localhost:9200/_cat/indices?v' curl 'xx.1xx.xx.xx:9200/_cat/indices?v' # meow attack https://blog.csdn.net/GJLNaughtyCat/article/details/107830083?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522160032839219724836727414%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fall.%2522%257D&request_id=160032839219724836727414&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~all~first_rank_v2~rank_v25-2-107830083.pc_search_result_cache&utm_term=meow&spm=1018.2118.3001.4187 ## knowledge for ES ## CRUD > using postman or insominia ### create index :::info [number_of_shards]: 每個索引的主分片數，默認值是 5 。這個配置在索引創建後不能修改。 [number_of_replicas]: 每個主分片的副本數，默認值是 1 。對於活動的索引庫，這個配置可以隨時修改。 ::: > json body ```shell= PUT /user { "settings": { "number_of_shards": 5 }, "mappings": { "properties": { "account": { "type": "text"}, "password": { "type": "text"}, "user_name": { "type": "text"}, "display":{ "type": "boolean"} } } } ``` > return ```shell= { "acknowledged": true, "shards_acknowledged": true, "index": "user" } ``` ### delete index 不允許通過指定 _all 來刪除指定index。 >> elasticsearch.yml >> action.destructive_requires_name: true ```shell= DELETE /user ``` OR ```shell= DELETE /index_one,index_two DELETE /index_* ``` ### create a document ```shell= POST user/_doc/ { "account": "admin", "password": "admin", "user_name": "admin", "display": true } ```https://meet.google.com/xek-phra-mgy ## question or exception - cluster_block_exception read_only_allow_delete - 儲存空間不足所造成