Centos7.6部署Elasticsearch-7.5.0集群

一、实验环境

master   192.168.14.210
node-1   192.168.14.211
node-2   192.168.14.213

主机系统统一使用：cat /etc/redhat-release 
CentOS Linux release 7.6.1810 (Core)


软件包
elasticsearch-7.5.0-linux-x86_64.tar.gz    （三台需要）
jdk-11.0.5_linux-x64_bin.tar.gz            （三台需要）
kibana-7.5.0-linux-x86_64.tar.gz           （主节点需要）

二、安装elasticsearch

以下实验都是使用软件包解压安装，为了使路径一致请选择此方法；当然也可以使用rpm包安装；

第1-9步，三台主机操作步骤一致，再次不再重复
第10步，根据主机修改配置文件
第11步，以上通过再统一启动

1、关闭selinux和防火墙（或者防火墙放行端口）

[root@master ~]# sed  -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
[root@master ~]# systemctl stop firewalld

或者
[root@master ~]# firewall-cmd --permanent --add-port=5601/tcp
[root@master ~]# firewall-cmd --permanent --add-port=9200/tcp
[root@master ~]# firewall-cmd --permanent --add-port=9300/tcp
[root@master ~]# firewall-cmd --reload

添加主机解析
[root@master ~]# vi /etc/hosts
192.168.14.210	node-1
192.168.14.211	node-2
192.168.14.213	node-3

2、解压jdk

[root@master ~]# tar -zxvf jdk-11.0.5_linux-x64_bin.tar.gz  -C /usr/local/

3、配置环境变量

[root@master ~]# vi /etc/profile
#底部添加
export JAVA_HOME=/usr/local/jdk-11.0.5/
export PATH=$PATH:$JAVA_HOME/bin
export CLASSPATH=.:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar:$CLASSPATH

[root@master ~]# source  /etc/profile

4、验证jdk

[root@master ~]# java -version
java version "11.0.5" 2019-10-15 LTS
Java(TM) SE Runtime Environment 18.9 (build 11.0.5+10-LTS)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.5+10-LTS, mixed mode)

5、解压elasticsearch

[root@master ~]# tar -zxvf elasticsearch-7.5.0-linux-x86_64.tar.gz  -C /usr/local/

6、配置环境变量

[root@master ~]# vi /etc/profile
export PATH=$PATH:/usr/local/elasticsearch-7.5.0/bin

[root@master ~]# source  /etc/profile

7、创建用户（elasticsearch不能使用root用户启动）

[root@master ~]# useradd -s /sbin/nologin elk

8、添加权限

[root@master ~]# chown -R elk:elk /usr/local/elasticsearch-7.5.0

9、修改系统配置文件（不然会影响启动）

1、最大文件打开数调整/etc/security/limits.conf
[root@master ~]# vi /etc/security/limits.conf
*	-	nofile	65535

2、最大打开进程数调整/etc/security/limits.d/20-nproc.conf
[root@master ~]# vi /etc/security/limits.d/20-nproc.conf
*	-	nproc	10240

3、内核参数调整/etc/sysctl.conf
[root@master ~]# vi /etc/sysctl.conf
vm.max_map_count = 262144

[root@master ~]# sysctl -p
建议重启一次系统

10、重点：修改elasticsearch配置文件（三台都要修改）

1、主节点
[root@master ~]# vi /usr/local/elasticsearch-7.5.0/config/elasticsearch.yml
[root@master ~]# cat  /usr/local/elasticsearch-7.5.0/config/elasticsearch.yml
cluster.name: my-elk    #集群名称
node.master: true       #是否为主节点
node.name: master       #节点名称
path.data: data         #数据存储路径，会自动创建
path.logs: logs         #日志存储路径
network.host: 0.0.0.0   #监听ip，在实际环境中应设置为一个安全的ip
http.port: 9200         #es服务的端口号
discovery.seed_hosts: ["192.168.14.210", "192.168.14.211","192.168.14.213"]    #自动发现IP
cluster.initial_master_nodes: ["master"]        #主节点
xpack.ml.enabled: false

2、从节点-1
[root@node-1 ~]# vi /usr/local/elasticsearch-7.5.0/config/elasticsearch.yml
cluster.name: my-elk
node.name: node-1
node.master: false
path.data: data
path.logs: logs
network.host: 192.168.14.211
http.port: 9200
discovery.zen.ping.unicast.hosts: ["192.168.14.210","192.168.14.211","192.168.14.213"]
cluster.initial_master_nodes: ["master"]
xpack.ml.enabled: false


3、从节点-2
[root@node-2 ~]# vi /usr/local/elasticsearch-7.5.0/config/elasticsearch.yml
cluster.name: my-elk
node.name: node-2
node.master: false
path.data: data
path.logs: logs
network.host: 192.168.14.213
http.port: 9200
discovery.zen.ping.unicast.hosts: ["192.168.14.210","192.168.14.211","192.168.14.213"]
cluster.initial_master_nodes: ["master"]
xpack.ml.enabled: false

11、前台启动elasticsearch观察（等三台都执行1-8步骤之后再统一启动），没有问题再加 -d后台启动

三台操作一致
[root@master ~]# su - elk -s /bin/bash
[elk@nmaster ~]$ elasticsearch

如果启动没有异常自动退出，则可以加-d后台启动
[elk@master ~]$ elasticsearch -d

12、查看集群状态

[root@master ~]# curl '192.168.14.210:9200/_cluster/health?pretty'
{
  "cluster_name" : "my-elk",
  "status" : "green",                #绿色表示正常
  "timed_out" : false,
  "number_of_nodes" : 3,
  "number_of_data_nodes" : 3,
  "active_primary_shards" : 0,
  "active_shards" : 0,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}

三、安装Kibana

1、解压kibana

[root@master ~]# tar -zxvf kibana-7.5.0-linux-x86_64.tar.gz -C /usr/local/

[root@master ~]# cd /usr/local/
[root@master local]# mv kibana-7.5.0-linux-x86_64 kibana-7.5.0

2、配置环境变量

[root@master ~]# vi /etc/profile
export PATH=$PATH:/usr/local/kibana-7.5.0/bin

[root@master ~]# source  /etc/profile

3、添加权限

[root@master ~]# chown -R elk:elk /usr/local/kibana-7.5.0

4、修改系统配置文件

[root@master ~]# vi /usr/local/kibana-7.5.0/config/kibana.yml
server.port: 5601
server.host: "0.0.0.0"

5、使用elk用户启动

[root@master ~]# su - elk -s /bin/bash
[elk@master ~]$ nohup kibana >/tmp/kibana.log 2>&1 &

查看进程
[elk@master ~]$ ps auxf|grep kibana
elk       7065  147  1.3 1302044 217396 pts/0  Rl   22:09   0:38                  \_ /usr/local/kibana-7.5.0/bin/../node/bin/node /usr/local/kibana-7.5.0/bin/../src/cli
elk       7080  0.0  0.0 112708   968 pts/0    S+   22:09   0:00                  \_ grep --color=auto kibana

四、查看集群状态（明文方式）

1、浏览器访问，此时登录不需要用户名和密码，相对不安全。

2、启动监控本机

3、查看集群状态正常

五、配置证书

为了加强elasticsearch的安全性，需要设置密码登录

1、配置证书

[elk@master ~]$ cd /usr/local/elasticsearch-7.5.0/
[elk@master elasticsearch-7.5.0]$ ./bin/elasticsearch-certutil ca
[elk@master elasticsearch-7.5.0]$ ./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

2、拷贝文件到config目录

[elk@master elasticsearch-7.5.0]$ cp elastic-* config/

3、注意文件的权限

4、拷贝证书到从节点主机

[elk@master config]$ scp elastic-* root@192.168.14.211:/usr/local/elasticsearch-7.5.0/config/

[elk@master config]$ scp elastic-* root@192.168.14.213:/usr/local/elasticsearch-7.5.0/config/

5、重点：修改配置文件（三台都要修改）

1、主节点：
[elk@master ~]$ vi /usr/local/elasticsearch-7.5.0/config/elasticsearch.yml 
cluster.name: my-elk
node.master: true
node.name: master
path.data: data
path.logs: logs
network.host: 0.0.0.0
http.port: 9200
discovery.seed_hosts: ["192.168.14.210", "192.168.14.211","192.168.14.213"]
cluster.initial_master_nodes: ["master"]
xpack.ml.enabled: false
#添加以下配置
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

2、从节点-1
刚拷贝过来的证书需要重新设置权限
[root@node-1 ~]# chown -R elk:elk /usr/local/elasticsearch-7.5.0
[root@node-1 ~]# vi  /usr/local/elasticsearch-7.5.0/config/elasticsearch.yml 
cluster.name: my-elk
node.name: node-1
node.master: false
path.data: data
path.logs: logs
network.host: 192.168.14.211
http.port: 9200
discovery.zen.ping.unicast.hosts: ["192.168.14.210","192.168.14.211","192.168.14.213"]
cluster.initial_master_nodes: ["master"]
xpack.ml.enabled: false
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

3、从节点-2
[root@node-2 ~]# chown elk:elk /usr/local/elasticsearch-7.5.0
[root@node-2 ~]# vi /usr/local/elasticsearch-7.5.0/config/elasticsearch.yml
cluster.name: my-elk
node.name: node-2
node.master: false
path.data: data
path.logs: logs
network.host: 192.168.14.213
http.port: 9200
discovery.zen.ping.unicast.hosts: ["192.168.14.210","192.168.14.211","192.168.14.213"]
cluster.initial_master_nodes: ["master"]
xpack.ml.enabled: false
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

6、设置密码（master节点设置即可）

[root@master ~]# /usr/local/elasticsearch-7.5.0/bin/elasticsearch-setup-passwords   interactive

7、在kibana配置文件添加用户和密码

[root@master ~]# vi /usr/local/kibana-7.5.0/config/kibana.yml

[root@master ~]# cat /usr/local/kibana-7.5.0/config/kibana.yml |grep elasticsearch|egrep -v ^#
elasticsearch.username: "kibana"
elasticsearch.password: "password"

六、查看集群状态（加密方式）

1、修改elasticsearch和kibana之后尽量重启服务，在master节点可以看到集群状态改变

2、浏览器登录已经需要密码，三台主机集群之间传送数据也是加密的

3、查看集群状态正常

4、查看主机状态正常

5、假设一台从节点故障

6、集群状态会先变为yellow

7、然后再自动从yellow改变为green

8、紧急情况下两台从节点都故障也能正常使用，因为默认的最少节点为1（-u后面跟用户名和密码）

七、故障说明

1、主节点启动正常，但是从节点没有找到主节点，主节点需要从节点的选举

[2020-03-29T20:39:07,581][WARN ][o.e.c.c.ClusterFormationFailureHelper] [master] master not discovered yet, this node has not previously joined a bootstrapped (v7+) cluster, and this node must discover master-eligible nodes [node-1] to bootstrap a cluster: have discovered [{master}{p4N0aL9dTs6KV7kqFnnwlg}{Uy0gnf_HQyqr1ZRGxB4axA}{192.168.14.210}{192.168.14.210:9300}{dim}{xpack.installed=true}]; discovery will continue using [192.168.14.211:9300, 192.168.14.213:9300] from hosts providers and [{master}{p4N0aL9dTs6KV7kqFnnwlg}{Uy0gnf_HQyqr1ZRGxB4axA}{192.168.14.210}{192.168.14.210:9300}{dim}{xpack.installed=true}] from last-known cluster state; node term 0, last-accepted version 0 in term 0

文章由极客之音整理，本文链接：https://www.bmabk.com/index.php/post/95179.html