Elasticsearch集群安装
1 先决条件
1.1 JDK
Elasticsearch由Java构建,其内置JDK,官方推荐使用内置JDK来运行Elasticsearch。如果没有安装JDK,那么无需另行安装,启动时会自动使用内置JDK;如果已经安装JDK且试图使用已安装的JDK来运行Elasticsearch,那么需要删除内置JDK目录,然后配置JAVA_HOME环境变量即可。
1.2 下载
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.9.1-linux-x86_64.tar.gz
tar -xzvf elasticsearch-7.9.1-linux-x86_64.tar.gz
解压后目录结构如下:
-
bin -
config -
lib -
modules -
plugins -
jdk
1.3 vm.max_map_count配置
sudo sysctl -w vm.max_map_count=262144
1.4 Elasticsearch Head安装
在Chrome应用市场搜索elasticsearch-head插件,点击安装即可。
1.5 创建用户
因为Elasticsearch只能以非root
用户启动,所以你应该新建相关的用户与用户组。
2 CA与CE证书
本环节旨在实现Elasticsearch集群各节点加密通信,首先要确保xpack.security.enabled=true
。
2.1 CA证书
CA(Certificate Authority),即证书颁发机构,该机构会有一个private key
用来对CE证书进行签名。Elasticsearch要想成为一个证书颁发机构,那么就要有一张自己的CA证书。
./bin/elasticsearch-certutil ca
紧接着输入private key
后,在config
目录下就生成了一个CA证书文件elastic-stack-ca.p12
。
2.2 CE证书
CE(Certificate),CE证书也有一个private key
,CE证书每个节点保留一份。
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
紧接着输入CA证书private key
,然后输入CE证书private key
,那么此时在config目录下CE证书elastic-certificates.p12
就生成了(CA证书与CE证书秘钥可以一致)。
2.3 CA与CE证书配置
首先,在config目录下新增certs目录,将CA与CE证书移动到该目录下,然后在elasticsearch.yml
配置文件中新增以下配置项:
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
你也许已经注意到了,在生成CE证书的时候,并没有将证书与特定主机IP
绑定,也就是说这张CE证书elastic-certificates.p12
在Elasticsearch集群中具有通用性,那么我们只需要将这张证书传到所有节点指定目录下就行了。而至于CA证书和CA证书签名秘钥做好备份后删除。
3 Elasticsearch配置
3.1 jvm.options
# Xms represents the initial size of total heap space
-Xms4g
# Xmx represents the maximum size of total heap space
-Xmx4g
3.2 elasticsearch.yml
# a.b.c.d节点
# ---------------------------------- Cluster -----------------------------------
cluster.name: elaticsearch-cluster
# ------------------------------------ Node ------------------------------------
node.name: node-1
node.roles [ "data", "master" ]
# ----------------------------------- Paths ------------------------------------
path.data: /apps/elk/elasticsearch-7.9.1/data
path.logs: /apps/elk/elasticsearch-7.9.1/logs
# ---------------------------------- Network -----------------------------------
network.host: 0.0.0.0
http.port: 9200
# --------------------------------- Discovery ----------------------------------
discovery.seed_hosts: ["a.b.c.d", "a.b.c.e", "a.b.c.f"]
cluster.initial_master_nodes: ["node-1"]
# ---------------------------------- X-Pack -----------------------------------
http.cors.enabled: true
http.cors.allow-origin: "*"
xpack.license.self_generated.type: basic
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
# a.b.c.e节点
# ---------------------------------- Cluster -----------------------------------
cluster.name: elaticsearch-cluster
# ------------------------------------ Node ------------------------------------
node.name: node-2
node.roles [ "data", "master" ]
# ----------------------------------- Paths ------------------------------------
path.data: /apps/elk/elasticsearch-7.9.1/data
path.logs: /apps/elk/elasticsearch-7.9.1/logs
# ---------------------------------- Network -----------------------------------
network.host: 0.0.0.0
http.port: 9200
# --------------------------------- Discovery ----------------------------------
discovery.seed_hosts: ["a.b.c.d", "a.b.c.e", "a.b.c.f"]
cluster.initial_master_nodes: ["node-1"]
# ---------------------------------- X-Pack -----------------------------------
http.cors.enabled: true
http.cors.allow-origin: "*"
xpack.license.self_generated.type: basic
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
# a.b.c.f节点
# ---------------------------------- Cluster -----------------------------------
cluster.name: elaticsearch-cluster
# ------------------------------------ Node ------------------------------------
node.name: node-3
node.roles [ "data", "master" ]
# ----------------------------------- Paths ------------------------------------
path.data: /apps/elk/elasticsearch-7.9.1/data
path.logs: /apps/elk/elasticsearch-7.9.1/logs
# ---------------------------------- Network -----------------------------------
network.host: 0.0.0.0
http.port: 9200
# --------------------------------- Discovery ----------------------------------
discovery.seed_hosts: ["a.b.c.d", "a.b.c.e", "a.b.c.f"]
cluster.initial_master_nodes: ["node-1"]
# ---------------------------------- X-Pack -----------------------------------
http.cors.enabled: true
http.cors.allow-origin: "*"
xpack.license.self_generated.type: basic
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
4 重置密码
./bin/elasticsearch-setup-passwords interactive
然后输入每个账号的密码即可,建议所有账号密码一致。重置密码之后,ES集群中会新增一个名为.security-7
的索引,其内容如下:
_index | _type | _id | password | type | enabled |
---|---|---|---|---|---|
.security-7 | _doc | reserved-user-logstash_system | pwd | reserved-user | true |
.security-7 | _doc | reserved-user-remote_monitoring_user | pwd | reserved-user | true |
..security-7 | _doc | reserved-user-kibana_system | pwd | reserved-user | true |
.security-7 | _doc | reserved-user-beats_system | pwd | reserved-user | true |
.security-7 | _doc | reserved-user-elastic | pwd | reserved-user | true |
.security-7 | _doc | reserved-user-apm_system | pwd | reserved-user | true |
.security-7 | _doc | reserved-user-kibana | pwd | reserved-user | true |
5 启动
nohup ./bin/elasticsearch>/dev/null 2>&1 &
原文始发于微信公众号(程序猿杜小头):Elasticsearch集群安装
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。
文章由极客之音整理,本文链接:https://www.bmabk.com/index.php/post/222371.html