介绍 (Introduction)

Elasticsearch is a platform for distributed search and analysis of data in real time. It is a popular choice due to its usability, powerful features, and scalability.

Elasticsearch是一个用于实时分布式搜索和数据分析的平台。 由于它的可用性，强大的功能和可伸缩性，它是一个受欢迎的选择。

This article will guide you through installing Elasticsearch, configuring it for your use case, securing your installation, and beginning to work with your Elasticsearch server.

本文将指导您完成安装Elasticsearch，为您的用例进行配置，保护安装并开始与Elasticsearch服务器一起使用。

先决条件 (Prerequisites)

Before following this tutorial, you will need:

在学习本教程之前，您需要：

• An Ubuntu 18.04 server with 4GB RAM and 2 CPUs set up with a non-root sudo user. You can achieve this by following the Initial Server Setup with Ubuntu 18.04

  带有4GB RAM和2个CPU的Ubuntu 18.04服务器，使用非root用户sudo用户设置。 您可以通过遵循Ubuntu 18.04的初始服务器设置来实现此目的

• OpenJDK 11 installed. For instructions, see our guide How To Install Java with Apt on Ubuntu 18.04.

  已安装OpenJDK 11。 有关说明，请参阅我们的指南《 如何在Ubuntu 18.04上使用Apt安装Java》 。

For this tutorial, we will work with the minimum amount of CPU and RAM required to run Elasticsearch. Note that the amount of CPU, RAM, and storage that your Elasticsearch server will require depends on the volume of logs that you expect.

在本教程中，我们将使用运行Elasticsearch所需的最少CPU和RAM。 请注意，Elasticsearch服务器所需的CPU，RAM和存储量取决于所需的日志量。

第1步-安装Elasticsearch (Step 1 — Installing Elasticsearch)

The Elasticsearch components are not available in Ubuntu’s default package repositories. They can, however, be installed with APT after adding Elastic’s package source list.

Elasticsearch组件在Ubuntu的默认软件包存储库中不可用。 但是，可以在添加Elastic的软件包源列表之后将它们与APT一起安装。

All of the packages are signed with the Elasticsearch signing key in order to protect your system from package spoofing. Packages which have been authenticated using the key will be considered trusted by your package manager. In this step, you will import the Elasticsearch public GPG key and add the Elastic package source list in order to install Elasticsearch.

所有软件包都使用Elasticsearch签名密钥签名，以保护您的系统免受软件包欺骗的侵害。 使用密钥进行了身份验证的软件包将被您的软件包管理器视为受信任的软件包。 在此步骤中，您将导入Elasticsearch公共GPG密钥并添加Elastic软件包源列表，以便安装Elasticsearch。

To begin, use cURL, the command line tool for transferring data with URLs, to import the Elasticsearch public GPG key into APT. Note that we are using the arguments -fsSL to silence all progress and possible errors (except for a server failure) and to allow cURL to make a request on a new location if redirected. Pipe the output of the cURL command into the apt-key program, which adds the public GPG key to APT.

首先，使用cURL(用于通过URL传输数据的命令行工具)将Elasticsearch公共GPG密钥导入APT。 请注意，我们正在使用参数-fsSL来使所有进度和可能的错误(服务器故障除外)保持沉默，并允许cURL重定向后在新位置上发出请求。 将cURL命令的输出传递到apt-key程序中，该程序将公共GPG密钥添加到APT。

Next, add the Elastic source list to the sources.list.d directory, where APT will look for new sources:

接下来，将弹性源列表添加到sources.list.d目录，APT将在其中查找新源：

Next, update your package lists so APT will read the new Elastic source:

接下来，更新您的软件包列表，以便APT读取新的Elastic源：

Then install Elasticsearch with this command:

然后使用以下命令安装Elasticsearch：

Elasticsearch is now installed and ready to be configured.

现在已安装Elasticsearch并准备对其进行配置。

第2步-配置Elasticsearch (Step 2 — Configuring Elasticsearch)

To configure Elasticsearch, we will edit its main configuration file elasticsearch.yml where most of its configuration options are stored. This file is located in the /etc/elasticsearch directory.

要配置Elasticsearch，我们将编辑其主要配置文件elasticsearch.yml ，其中存储了大多数配置选项。 该文件位于/etc/elasticsearch目录中。

Use your preferred text editor to edit Elasticsearch’s configuration file. Here, we’ll use nano:

使用您喜欢的文本编辑器来编辑Elasticsearch的配置文件。 在这里，我们将使用nano ：

Note: Elasticsearch’s configuration file is in YAML format, which means that we need to maintain the indentation format. Be sure that you do not add any extra spaces as you edit this file.

注意： Elasticsearch的配置文件为YAML格式，这意味着我们需要维护缩进格式。 确保在编辑此文件时不要添加任何多余的空格。

The elasticsearch.yml file provides configuration options for your cluster, node, paths, memory, network, discovery, and gateway. Most of these options are preconfigured in the file but you can change them according to your needs. For the purposes of our demonstration of a single-server configuration, we will only adjust the settings for the network host.

elasticsearch.yml文件提供集群，节点，路径，内存，网络，发现和网关的配置选项。 这些选项中的大多数已在文件中预先配置，但是您可以根据需要进行更改。 为了演示单服务器配置，我们将仅调整网络主机的设置。

Elasticsearch listens for traffic from everywhere on port 9200. You will want to restrict outside access to your Elasticsearch instance to prevent outsiders from reading your data or shutting down your Elasticsearch cluster through its REST API. To restrict access and therefore increase security, find the line that specifies network.host, uncomment it, and replace its value with localhost so it looks like this:

Elasticsearch在9200端口上监听来自各处的流量。 您将希望限制对Elasticsearch实例的外部访问，以防止外部人员通过其REST API读取数据或关闭Elasticsearch集群。 要限制访问并因此提高安全性，请找到指定network.host的行，取消注释，然后将其值替换为localhost ，如下所示：

. . .
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: localhost
. . .

We have specified localhost so that Elasticsearch listens on all interfaces and bound IPs. If you want it to listen only on a specific interface, you can specify its IP in place of localhost. Save and close elasticsearch.yml. If you’re using nano, you can do so by pressing CTRL+X, followed by Y and then ENTER .

我们指定了localhost以便Elasticsearch侦听所有接口和绑定的IP。 如果希望它仅在特定接口上侦听，则可以指定其IP代替localhost 。 保存并关闭elasticsearch.yml 。 如果您使用的是nano ，则可以先按CTRL+X ，再按Y ，然后按ENTER 。

These are the minimum settings you can start with in order to use Elasticsearch. Now you can start Elasticsearch for the first time.

这些是您可以使用Elasticsearch开始的最低设置。 现在，您可以第一次启动Elasticsearch。

Start the Elasticsearch service with systemctl. Give Elasticsearch a few moments to start up. Otherwise, you may get errors about not being able to connect.

使用systemctl启动Elasticsearch服务。 给Elasticsearch一会儿启动时间。 否则，您可能会收到有关无法连接的错误信息。

Next, run the following command to enable Elasticsearch to start up every time your server boots:

接下来，运行以下命令以使Elasticsearch在每次服务器启动时启动：

With Elasticsearch enabled upon startup, let’s move on to the next step to discuss security.

在启动时启用Elasticsearch的情况下，让我们继续下一步以讨论安全性。

步骤3 —保护Elasticsearch (Step 3 — Securing Elasticsearch)

By default, Elasticsearch can be controlled by anyone who can access the HTTP API. This is not always a security risk because Elasticsearch listens only on the loopback interface (that is, 127.0.0.1), which can only be accessed locally. Thus, no public access is possible and as long as all server users are trusted, security may not be a major concern.

默认情况下，任何可以访问HTTP API的人都可以控制Elasticsearch。 这并不总是存在安全风险，因为Elasticsearch仅侦听只能在本地访问的环回接口(即127.0.0.1 )。 因此，不可能进行公共访问，并且只要所有服务器用户都受信任，安全性就不是主要问题。

If you need to allow remote access to the HTTP API, you can limit the network exposure with Ubuntu’s default firewall, UFW. This firewall should already be enabled if you followed the steps in the prerequisite Initial Server Setup with Ubuntu 18.04 tutorial.

如果需要允许远程访问HTTP API，则可以使用Ubuntu的默认防火墙UFW限制网络暴露。 如果遵循先决条件“ 使用Ubuntu 18.04进行初始服务器设置”教程中的步骤，则应该已启用此防火墙。

We will now configure the firewall to allow access to the default Elasticsearch HTTP API port (TCP 9200) for the trusted remote host, generally the server you are using in a single-server setup, such as198.51.100.0. To allow access, type the following command:

现在，我们将防火墙配置为允许访问受信任的远程主机的默认Elasticsearch HTTP API端口(TCP 9200)，通常是您在单服务器设置中使用的服务器，例如198.51.100.0 。 要允许访问，请键入以下命令：

Once that is complete, you can enable UFW with the command:

完成后，您可以使用以下命令启用UFW：

Finally, check the status of UFW with the following command:

最后，使用以下命令检查UFW的状态：

If you have specified the rules correctly, the output should look like this:

如果正确指定了规则，则输出应如下所示：

   

    Output
   
Status: active

To                         Action      From
--                         ------      ----
9200                       ALLOW      198.51.100.0
22                         ALLOW       Anywhere
22 (v6)                    ALLOW       Anywhere (v6)

The UFW should now be enabled and set up to protect Elasticsearch port 9200.

现在应该启用并设置UFW以保护Elasticsearch端口9200。

If you want to invest in additional protection, Elasticsearch offers the commercial Shield plugin for purchase.

如果您想投资于其他保护，Elasticsearch提供了商业Shield插件供您购买。

步骤4 —测试Elasticsearch (Step 4 — Testing Elasticsearch)

By now, Elasticsearch should be running on port 9200. You can test it with cURL and a GET request.

到目前为止，Elasticsearch应该在端口9200上运行。您可以使用cURL和GET请求对其进行测试。

You should see the following response:

您应该看到以下响应：

   

    Output
   
{
  "node.name" : "My First Node",
  "cluster.name" : "mycluster1",
  "version" : {
    "number" : "2.3.1",
    "build_hash" : "bd980929010aef404e7cb0843e61d0665269fc39",
    "build_timestamp" : "2020-04-04T12:25:05Z",
    "build_snapshot" : false,
    "lucene_version" : "5.5.0"
  },
  "tagline" : "You Know, for Search"
}

If you see a response similar to the one above, Elasticsearch is working properly. If not, make sure that you have followed the installation instructions correctly and you have allowed some time for Elasticsearch to fully start.

如果您看到与上述类似的响应，则表明Elasticsearch正常工作。 如果不是，请确保您正确遵循了安装说明，并为Elasticsearch完全启动留出了一些时间。

To perform a more thorough check of Elasticsearch execute the following command:

要对Elasticsearch进行更彻底的检查，请执行以下命令：

In the output from the above command you can verify all the current settings for the node, cluster, application paths, modules, and more.

在以上命令的输出中，您可以验证节点，集群，应用程序路径，模块等的所有当前设置。

步骤5 —使用Elasticsearch (Step 5 — Using Elasticsearch)

To start using Elasticsearch, let’s first add some data. Elasticsearch uses a RESTful API, which responds to the usual CRUD commands: create, read, update, and delete. To work with it, we’ll use the cURL command again.

要开始使用Elasticsearch，首先让我们添加一些数据。 Elasticsearch使用一个RESTful API，它响应于通常的CRUD命令c reate，R EAD，U PDATE，和d elete。 要使用它，我们将再次使用cURL命令。

You can add your first entry like so:

您可以像这样添加第一个条目：

You should receive the following response:

您应该收到以下回复：

   

    Output
   
{"_index":"tutorial","_type":"helloworld","_id":"1","_version":2,"result":"updated","_shards":{"total":2,"successful":1,"failed":0},"_seq_no":1,"_primary_term":1}

With cURL, we have sent an HTTP POST request to the Elasticsearch server. The URI of the request was /tutorial/helloworld/1 with several parameters:

使用cURL，我们已将HTTP POST请求发送到Elasticsearch服务器。 请求的URI是/tutorial/helloworld/1其中包含几个参数：

• tutorial is the index of the data in Elasticsearch.

  tutorial是Elasticsearch中数据的索引。

• helloworld is the type.

  helloworld是类型。

• 1 is the ID of our entry under the above index and type.

  1是上述索引和类型下我们条目的ID。

You can retrieve this first entry with an HTTP GET request.

您可以使用HTTP GET请求检索此第一项。

This should be the resulting output:

这应该是结果输出：

   

    Output
   
{"_index":"tutorial","_type":"helloworld","_id":"1","_version":1,"found":true,"_source":{ "message": "Hello, World!" }}

To modify an existing entry, you can use an HTTP PUT request.

要修改现有条目，可以使用HTTP PUT请求。

Elasticsearch should acknowledge successful modification like this:

Elasticsearch应该承认成功的修改是这样的：

   

    Output
   
{
  "_index" : "tutorial",
  "_type" : "helloworld",
  "_id" : "1",
  "_version" : 2,
  "_shards" : {
    "total" : 2,
    "successful" : 1,
    "failed" : 0
  },
  "created" : false
}

In the above example we have modified the message of the first entry to “Hello, People!”. With that, the version number has been automatically increased to 2.

在上面的示例中，我们将第一个条目的message修改为“ Hello，People！”。 这样，版本号已自动增加到2 。

You may have noticed the extra argument pretty in the above request. It enables human-readable format so that you can write each data field on a new row. You can also “prettify” your results when retrieving data to get a more readable output by entering the following command:

您可能已经注意到了额外的参数pretty的上述请求。 它启用了人类可读的格式，因此您可以将每个数据字段写在新行上。 您还可以通过输入以下命令来“整理”您的结果以获取更易读的输出数据：

Now the response will be formatted for a human to parse:

现在，响应将被格式化以供人类解析：

   

    Output
   
{
  "_index" : "tutorial",
  "_type" : "helloworld",
  "_id" : "1",
  "_version" : 2,
  "found" : true,
  "_source" : {
    "message" : "Hello, People!"
  }
}

We have now added and queried data in Elasticsearch. To learn about the other operations please check the API documentation.

现在，我们已经在Elasticsearch中添加和查询了数据。 要了解其他操作，请查看API文档 。

结论 (Conclusion)

You have now installed, configured, and begun to use Elasticsearch. Since the original release of Elasticsearch, Elastic has developed three additional tools — Logstash, Kabana, and Beats — to be used in conjunction with Elasticsearch as part of the Elastic Stack. Used together, these tools allow you to search, analyze, and visualize logs generated from any source and in any format in a practice known as centralized logging. To get started with the Elastic Stack on Ubuntu 18.04, please see our guide How To Install Elasticsearch, Logstash, and Kibana (Elastic Stack) on Ubuntu 18.04.

您现在已经安装，配置并开始使用Elasticsearch。 自从Elasticsearch的最初版本发布以来，Elastic已经开发了三个附加工具-Logstash，Kabana和Beats-与Elasticsearch一起作为Elastic Stack的一部分使用。 这些工具一起使用，使您可以在称为集中式日志记录的实践中搜索，分析和可视化从任何来源以任何格式生成的日志。 要在Ubuntu 18.04上开始使用Elastic Stack，请参阅我们的指南如何在Ubuntu 18.04上安装Elasticsearch，Logstash和Kibana(弹性堆栈) 。

翻译自: https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-elasticsearch-on-ubuntu-18-04