설치
Ubuntu 환경
여기 다양한 설치 방법이 있는데 나는 도커 같은거 안 쓰고 apt-get 쓰는 게 좋다
명령어
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
sudo apt-get install apt-transport-https
echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list
sudo apt-get update && sudo apt-get install elasticsearch이 때
------------- Security autoconfiguration information ---------------
Authentication and authorization are enabled.
TLS for the transport and HTTP layers is enabled and configured.
The generated password for the elastic built-in superuser is : [암호]
If this node should join an existing cluster, you can reconfigure this with
'/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <token-here>'
after creating an enrollment token on your existing cluster.
You can complete the following actions at any time:
Reset the password of the elastic built-in superuser with
'/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.
Generate an enrollment token for Kibana instances with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.
Generate an enrollment token for Elasticsearch nodes with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.
--------------------------------------------------------------------
### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
### You can start elasticsearch service by executing
sudo systemctl start elasticsearch.service라면서 비밀번호를 알려주는데,
바로 export ELASTIC_PASSWORD="암호" 로 환경변수에 넣어버린다.
자동으로 켜지지 않으니 아래쪽 있는 명령어로 서비스 관리하면 된다
실행
컴퓨터 킬 때마다 자동 실행
sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable elasticsearch.service실행, 중지, 상태 확인
sudo systemctl start elasticsearch.service
sudo systemctl stop elasticsearch.service
sudo systemctl status elasticsearch.service확인
system 명령어로 status 확인했을 예쁜 초록색으로 보인다면
curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic:$ELASTIC_PASSWORD https://localhost:9200
이걸 날렸을 때
{
"name" : "",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "",
"version" : {
"number" : "8.15.1",
"build_flavor" : "default",
"build_type" : "deb",
"build_hash" : "",
"build_date" : "2024-09-02T22:04:47.310170297Z",
"build_snapshot" : false,
"lucene_version" : "9.11.1",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"Elasticsearch 서버의 상태를 보여주는 응답이 온다.
CACERT
cacert가 제대로 안 들어가면
curl -X GET "http://localhost:9200/"
curl: (52) Empty reply from server응답이 오지 않는다만
curl -X GET "https://localhost:9200/"
curl: (77) error setting certificate verify locations:
CAfile: /etc/ssl/certs/http_ca.crt
CApath: none이럴 때도 있다.
내가 CAfile 경로를 어따가 설정해놓고 까먹은 모양이다.
sudo ls /etc/ssl/certs/ 확인해보니 안 들어있다. 보통 더 많은 파일들이 저장되어 있으니 눈을 크게 뜨고 봐야 한다.
여기는 아까 확인해볼때 crt파일이 있다고 했던 경로이고 잘 들어있다.
sudo ls /etc/elasticsearch/certs
sudo cp /etc/elasticsearch/certs/http_ca.crt /etc/ssl/certs
CAfile로 설정된 경로에 복사해주면
curl -u elastic:$ELASTIC_PASSWORD -X GET "https://localhost:9200"
{
"name" : "",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "",
"version" : {
"number" : "8.15.1",
"build_flavor" : "default",
"build_type" : "deb",
"build_hash" : "",
"build_date" : "2024-09-02T22:04:47.310170297Z",
"build_snapshot" : false,
"lucene_version" : "9.11.1",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"--cacert 옵션 없이도 정상적으로 응답이 온다.
curl: (60) SSL certificate problem: self-signed certificate in certificate chain
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above이럴 때도 마찬가지임
비슷하게 해결하세요
음음