Elasticsearch集群安装
Elasticsearch集群安装
1 先决条件
1.1 JDK
Elasticsearch由Java构建,其内置JDK,官方推荐使用内置JDK来运行Elasticsearch。如果没有安装JDK,那么无需另行安装,启动时会自动使用内置JDK;如果已经安装JDK且试图使用已安装的JDK来运行Elasticsearch,那么需要删除内置JDK目录,然后配置JAVA_HOME环境变量即可。
1.2 下载
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.9.1-linux-x86_64.tar.gz
tar -xzvf elasticsearch-7.9.1-linux-x86_64.tar.gz
解压后目录结构如下:
- bin
- config
- lib
- modules
- plugins
- jdk
1.3 vm.max_map_count配置
sudo sysctl -w vm.max_map_count=262144
1.4 Elasticsearch Head安装
在Chrome应用市场搜索elasticsearch-head插件,点击安装即可。
1.5 创建用户
因为Elasticsearch只能以非root用户启动,所以你应该新建相关的用户与用户组。
2 CA与CE证书
本环节旨在实现Elasticsearch集群各节点加密通信,首先要确保xpack.security.enabled=true。
2.1 CA证书
CA(Certificate Authority),即证书颁发机构,该机构会有一个private key用来对CE证书进行签名。Elasticsearch要想成为一个证书颁发机构,那么就要有一张自己的CA证书。
./bin/elasticsearch-certutil ca
紧接着输入private key后,在config目录下就生成了一个CA证书文件elastic-stack-ca.p12。
2.2 CE证书
CE(Certificate),CE证书也有一个private key,CE证书每个节点保留一份。
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
紧接着输入CA证书private key,然后输入CE证书private key,那么此时在config目录下CE证书elastic-certificates.p12就生成了(CA证书与CE证书秘钥可以一致)。
2.3 CA与CE证书配置
首先,在config目录下新增certs目录,将CA与CE证书移动到该目录下,然后在elasticsearch.yml配置文件中新增以下配置项:
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
你也许已经注意到了,在生成CE证书的时候,并没有将证书与特定主机IP绑定,也就是说这张CE证书elastic-certificates.p12在Elasticsearch集群中具有通用性,那么我们只需要将这张证书传到所有节点指定目录下就行了。而至于CA证书和CA证书签名秘钥做好备份后删除。
3 Elasticsearch配置
3.1 jvm.options
# Xms represents the initial size of total heap space
-Xms4g
# Xmx represents the maximum size of total heap space
-Xmx4g
3.2 elasticsearch.yml
# a.b.c.d节点
# ---------------------------------- Cluster -----------------------------------
cluster.name: elaticsearch-cluster
# ------------------------------------ Node ------------------------------------
node.name: node-1
node.roles [ "data", "master" ]
# ----------------------------------- Paths ------------------------------------
path.data: /apps/elk/elasticsearch-7.9.1/data
path.logs: /apps/elk/elasticsearch-7.9.1/logs
# ---------------------------------- Network -----------------------------------
network.host: 0.0.0.0
http.port: 9200
# --------------------------------- Discovery ----------------------------------
discovery.seed_hosts: ["a.b.c.d", "a.b.c.e", "a.b.c.f"]
cluster.initial_master_nodes: ["node-1"]
# ---------------------------------- X-Pack -----------------------------------
http.cors.enabled: true
http.cors.allow-origin: "*"
xpack.license.self_generated.type: basic
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
# a.b.c.e节点
# ---------------------------------- Cluster -----------------------------------
cluster.name: elaticsearch-cluster
# ------------------------------------ Node ------------------------------------
node.name: node-2
node.roles [ "data", "master" ]
# ----------------------------------- Paths ------------------------------------
path.data: /apps/elk/elasticsearch-7.9.1/data
path.logs: /apps/elk/elasticsearch-7.9.1/logs
# ---------------------------------- Network -----------------------------------
network.host: 0.0.0.0
http.port: 9200
# --------------------------------- Discovery ----------------------------------
discovery.seed_hosts: ["a.b.c.d", "a.b.c.e", "a.b.c.f"]
cluster.initial_master_nodes: ["node-1"]
# ---------------------------------- X-Pack -----------------------------------
http.cors.enabled: true
http.cors.allow-origin: "*"
xpack.license.self_generated.type: basic
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
# a.b.c.f节点
# ---------------------------------- Cluster -----------------------------------
cluster.name: elaticsearch-cluster
# ------------------------------------ Node ------------------------------------
node.name: node-3
node.roles [ "data", "master" ]
# ----------------------------------- Paths ------------------------------------
path.data: /apps/elk/elasticsearch-7.9.1/data
path.logs: /apps/elk/elasticsearch-7.9.1/logs
# ---------------------------------- Network -----------------------------------
network.host: 0.0.0.0
http.port: 9200
# --------------------------------- Discovery ----------------------------------
discovery.seed_hosts: ["a.b.c.d", "a.b.c.e", "a.b.c.f"]
cluster.initial_master_nodes: ["node-1"]
# ---------------------------------- X-Pack -----------------------------------
http.cors.enabled: true
http.cors.allow-origin: "*"
xpack.license.self_generated.type: basic
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
4 重置密码
./bin/elasticsearch-setup-passwords interactive
然后输入每个账号的密码即可,建议所有账号密码一致。重置密码之后,ES集群中会新增一个名为.security-7的索引,其内容如下:
_index | _type | _id | password | type | enabled |
|---|---|---|---|---|---|
.security-7 | _doc | reserved-user-logstash_system | pwd | reserved-user | true |
.security-7 | _doc | reserved-user-remote_monitoring_user | pwd | reserved-user | true |
..security-7 | _doc | reserved-user-kibana_system | pwd | reserved-user | true |
.security-7 | _doc | reserved-user-beats_system | pwd | reserved-user | true |
.security-7 | _doc | reserved-user-elastic | pwd | reserved-user | true |
.security-7 | _doc | reserved-user-apm_system | pwd | reserved-user | true |
.security-7 | _doc | reserved-user-kibana | pwd | reserved-user | true |
5 启动
nohup ./bin/elasticsearch>/dev/null 2>&1 &