Elasticsearch:部署 ECE (Elastic Cloud Enterprise)

Elasticsearch
1,796 阅读4分钟

Elasticsearch 公司提供 Elastic Cloud Enterprise (ECE),它与 Elasticsearch Cloud (www.elastic.co/cloud) 中使用的工具相同,并且免费提供。 该解决方案可在 AWS、Azure 或 GCP 上的平台即服务 (PaaS) 上使用,可以在本地安装以在 Elasticsearch 之上提供企业解决方案。如果你需要跨团队或跨地域管理多个 Elastic 部署,你可以利用 ECE 集中部署管理以实现以下功能:

  • 供应
  • 监控
  • 扩展
  • 复制
  • 升级
  • 备份和恢复

使用 ECE 集中管理部署可强制实施统一的版本控制、数据治理、备份和用户策略。 通过更好的管理提高硬件利用率也可以降低总成本。

前提条件

由于此解决方案针对大量服务器的大型安装,因此最低测试要求是 8 GB RAM 节点。 ECE 解决方案依赖于 Docker 的安装,因此 Docker 必须安装在节点上。ECE 仅支持部分操作系统; 兼容性矩阵可在线获取 Support Matrix | Elastic。在其他配置上,ECE 可以工作,但在出现问题时不受支持。

安装

在安装 ECE 之前,需要检查以下先决条件:

  • 你的用户必须是启用 Docker 的用户。 如果由于非 Docker 用户而出现错误,请使用 sudo usermod -aG docker $USER 添加你的用户。
  • 如果你尝试访问 /mnt/data 时出错,请授予你的用户访问该目录的权限。你可以使用如下的命令:


1.  liuxg@liuxgu:/mnt$ pwd
2.  /mnt
3.  liuxg@liuxgu:/mnt$ sudo mkdir -p data
4.  [sudo] password for liuxg: 
5.  liuxg@liuxgu:/mnt$ sudo chmod a+rwx data/
  • 你需要将以下行添加到 /etc/sysctl.conf(需要重新启动):
vm.max_map_count = 262144
  • 为了能够使用 ECE,它必须首先安装在第一台主机上,如下所示:
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) install

安装过程应自动管理这些步骤,如以上屏幕截图所示。最后,安装程序应提供你的登录的地址,用户名及密码,以便您可以在类似的输出中访问你的集群,如下所示:



1.  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2.  Elastic Cloud Enterprise installation completed successfully

4.  Ready to copy down some important information and keep it safe?

6.  To access the Cloud UI:
7.  http://192.168.0.8:12400
8.  https://192.168.0.8:12443

10.  Admin username: admin
11.  Password: 3sugvpXysOb41QTN3aLA2CrGnXhBfGICZ3vLrLNOfz7
12.  Read-only username: readonly
13.  Password: 2YR101aqNbr0WLdfIDVGeeML0Xq7SwDV2JSWGxm0Wgx

15.  Roles tokens for adding hosts to this installation:
16.  Basic token (Don't forget to assign roles to new runners in the Cloud UI after installation.)
17.  eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJlN2UwYTQ3Mi1lZmFjLTRkM2UtOGVkZS1hZDM0N2IyMzQ4ZjciLCJyb2xlcyI6W10sImlzcyI6ImN1cnJlbnQiLCJwZXJzaXN0ZW50Ijp0cnVlfQ.lopCvBDeuOYIOZx5yvAzIPIFD77Bo-FjlaMgj09-OiI

19.  Allocator token (Simply need more capacity to run Elasticsearch clusters and Kibana? Use this token.)
20.  eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyYjc2YmM0Zi1mZWM4LTQxNjItODg0ZS1hZDUxYjU2ZTdkYzAiLCJyb2xlcyI6WyJhbGxvY2F0b3IiXSwiaXNzIjoiY3VycmVudCIsInBlcnNpc3RlbnQiOnRydWV9.B-10wl8MJAz0eErYnteVsPiSkl2FRNB3gQgd16ZcRBU

22.  Emergency token (Lost all of your coordinators? This token will save your installation.)
23.  eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIwN2U2NWJkYy1lOTliLTQ3Y2QtYTY1Ni1mZmEzODM4ZjM0YmYiLCJyb2xlcyI6WyJjb29yZGluYXRvciIsInByb3h5IiwiZGlyZWN0b3IiXSwiaXNzIjoiY3VycmVudCIsInBlcnNpc3RlbnQiOnRydWV9.BmEq4Y4npnM8X4RjWqwK4AG3iaeRULcfyqrGB7BQ2d4

25.  To add hosts to this Elastic Cloud Enterprise installation, include the following parameters when you install the software 
26.  on additional hosts: --coordinator-host 192.168.0.8 --roles-token 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJlN2UwYTQ3Mi1lZmFjLTRkM2UtOGVkZS1hZDM0N2IyMzQ4ZjciLCJyb2xlcyI6W10sImlzcyI6ImN1cnJlbnQiLCJwZXJzaXN0ZW50Ijp0cnVlfQ.lopCvBDeuOYIOZx5yvAzIPIFD77Bo-FjlaMgj09-OiI'

28.  These instructions use the basic token, but you can substitute one of the other tokens provided. You can also generate your own tokens. For example:
29.  curl -H 'Content-Type: application/json' -u admin:3sugvpXysOb41QTN3aLA2CrGnXhBfGICZ3vLrLNOfz7 http://192.168.0.8:12300/api/v1/platform/configuration/security/enrollment-tokens -d '{ "persistent": true, "roles": [ "allocator"] }'

31.  To learn more about generating tokens, see "Generate Role Tokens" in the documentation.

33.  System secrets have been generated and stored in "/mnt/data/elastic/bootstrap-state/bootstrap-secrets.json".
34.  Keep the information in the bootstrap-secrets.json file secure by removing the file and placing it into secure storage, for example.
35.  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

上面的安装将会生成很多的 docker 容器。我们可以使用如下的命令来查看:

docker ps

就我而言,我可以在以下位置 http://192.168.0.8:12400 访问已安装的界面:

我们使用上面显示的用户名及密码来进行登录。 

我们选择上面的 Create deployment 来创建一个最新的 Elasticsearch 集群:

 

如上所示,我们须保存超级用户 elastic 的密码 G4lrXzbGrTB2OYJqhyLFVR8N 以备以后使用,因为这个密码只显示一次。启动一个集群需要一点时间。如上所示,需要15 分钟左右的时间。

如上所示,我们的集群已经创建成功了。点击上面的 Continue 按钮:

 

 

 

如上所示,我们的 Kibana 已经被成功地启动起来了。点击上面的 Explore on my own 链接:

我们就进入到我们最为常见的 Kibana 界面了。这充分地说明了我们的安装是成功的。

可能你想问,如果我想把数据写入到 Elasticsearch 中,那我的这个集群的 endpoint 是什么呢?我们还是回到之前的地址  http://192.168.0.8:12400

 

 

如上所示,我们可以看到 Elastic Stack 相关的所有 endpoints。 比如,针对我的情况,Elasticsearch 的 endpoint 地址为:

https://bb58db16984843379a12a8373f8c7538.192.168.0.8.ip.es.io:9243

我们甚至可以直接点击上面的 Open 按钮来启动 APM, Kibana 及 Fleet。上面的界面和 Elastic 在 Elastic Cloud 上的界面非常相似。我们可以尝试官方的部署以得到2个星期的试用。

如何把数据写入到 Elasticsearch 中

我们首先需要得到 ECE 在安装过程中给我们生成的证书呢?我们在 Linux 机器上使用如下的命令:

openssl s_client -showcerts -connect bb58db16984843379a12a8373f8c7538.192.168.0.8.ip.es.io:9243 < /dev/zero

请注意,在上面我们的 bb58db16984843379a12a8373f8c7538.192.168.0.8.ip.es.io:9243 是 Elasticsearch 的 endpoint 的地址。上面的命令将生成如下的信息:



1.  $ openssl s_client -showcerts -connect bb58db16984843379a12a8373f8c7538.192.168.0.8.ip.es.io:9243 < /dev/zero
2.  CONNECTED(00000003)
3.  depth=2 CN = elastic ce master
4.  verify error:num=19:self signed certificate in certificate chain
5.  verify return:1
6.  depth=2 CN = elastic ce master
7.  verify return:1
8.  depth=1 CN = elastic ce proxy root
9.  verify return:1
10.  depth=0 CN = elastic ce proxy 192.168.0.8
11.  verify return:1
12.  ---
13.  Certificate chain
14.   0 s:CN = elastic ce proxy 192.168.0.8
15.     i:CN = elastic ce proxy root
16.  -----BEGIN CERTIFICATE-----
17.  MIIDqDCCApCgAwIBAgIGAYGFWBhnMA0GCSqGSIb3DQEBCwUAMCAxHjAcBgNVBAMT
18.  FWVsYXN0aWMgY2UgcHJveHkgcm9vdDAeFw0yMjA2MjEwODE5MTJaFw0yMzA3MjQw
19.  ODE5MTJaMCcxJTAjBgNVBAMTHGVsYXN0aWMgY2UgcHJveHkgMTkyLjE2OC4wLjgw
20.  ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCP2Caqwm3ClG7nQAhsywH9
21.  ltQjEaBA8qE+e9tP89UnJ09LHojYcedXhVRu5A54xh2PzhEWM1PElxBGWPh8f0a2
22.  R+uj/klosXMM23V5H/mahx+uTiS/AJFNJmwEr2w4bgBBrUnDXU87O3WBPao9+ubl
23.  Hpl0mutMKTBYwrA6sh20XvtjMiCD3yuLfTKtyTF1qX/Y2N4a7ssBSKXpaakAGAbq
24.  NEtmzIcnsZZUYO1Luh7n8nKc48amF8f0NKtPLIqnGL/o0PZHNKyua1NdX8PmTVwb
25.  KeWHsQWCPIQQw7FI9/gCcHglRf+ZO74LTBDX2EI/5WMfg/znGZKiBByqpNRasQ9T
26.  AgMBAAGjgeAwgd0wQQYDVR0RBDowOIILMTkyLjE2OC4wLjiCCzE5Mi4xNjguMC44
27.  ghYqLjE5Mi4xNjguMC44LmlwLmVzLmlvhwTAqAAIMBMGA1UdJQQMMAoGCCsGAQUF
28.  BwMBMEkGA1UdIwRCMECAFCzWAcbVXQyvYUE9Ymz/fMS+KHOcoSCkHjAcMRowGAYD
29.  VQQDExFlbGFzdGljIGNlIG1hc3RlcoIGAYGFV10yMB0GA1UdDgQWBBQkQNMkrjjF
30.  GOlRPEuFBLC+PmyKtTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIE8DANBgkqhkiG
31.  9w0BAQsFAAOCAQEAzpbU5PmGN9WuKJYohKYho0V76GCdD01PovwPF/hl650tz5Jn
32.  ifn8nh412rCXC81m+idV4igSM19Bxx+hQAhqbngs8Saz13CcjDbD4QlUkWsjLGbM
33.  ME9GicARwIgW34b+pWCEtyMf5QiVLiPOz+b0nnXzHbPWQR6/1yaV6w2IO4IZtgb1
34.  J6isOs9gmlOW6PfcHz1fOAjtV5XP2leDJk+pCDyJkvMlIxOObNZfPGJO3CUqF4HU
35.  c6Ggeiix5Ev/9zbBNT5tLRPYs4IChuzvtD142T3WfOOqYN717TpY+vd+3EU/OrEj
36.  bQF7f7S+qX94qKszsTeqPAPzXJmddaMU+kMPLw==
37.  -----END CERTIFICATE-----
38.   1 s:CN = elastic ce proxy root
39.     i:CN = elastic ce master
40.  -----BEGIN CERTIFICATE-----
41.  MIIDajCCAlKgAwIBAgIGAYGFV10yMA0GCSqGSIb3DQEBCwUAMBwxGjAYBgNVBAMT
42.  EWVsYXN0aWMgY2UgbWFzdGVyMB4XDTIyMDYyMTA4MTgyNFoXDTMyMDYxODA4MTgy
43.  NFowIDEeMBwGA1UEAxMVZWxhc3RpYyBjZSBwcm94eSByb290MIIBIjANBgkqhkiG
44.  9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ybsisHoE628Od0lfryvfAnKP6u3pWiPiWQp
45.  Sj3I11MCYWh6NKNFQfNiqE5jM3AVzq7Cuc20ygQr1LHeJ3Lpyn/fEOWVnTqKd70T
46.  pN5ubTP4rrx1jI6gkwi7Zcj1j14le0KN7sldaltmfPUt3qgf+a7j99xsBDV4Z4T+
47.  BLsVL2NHFI1a9W6a8htVnt4e43AFTavLLaYNHhJaLyt5ogBPr5tija2wqaj7GKWk
48.  hsz8on8aQ2MNVWDf/+VVT3qTsNM5zWN6sFxWbiYH5de38UBemFlf3YlRQu/NLSFg
49.  U9YtjWlef/U4Wye2SQw7KPSf6HeSFmwFzKWNg4vaJRH4nghKyQIDAQABo4GtMIGq
50.  MBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdEQQEMAKCADBJBgNVHSMEQjBAgBSR
51.  qhM9wrv0cP4YY7iI9YutryBkVqEgpB4wHDEaMBgGA1UEAxMRZWxhc3RpYyBjZSBt
52.  YXN0ZXKCBgGBhVdbEjAdBgNVHQ4EFgQULNYBxtVdDK9hQT1ibP98xL4oc5wwDAYD
53.  VR0TBAUwAwEB/zAOBgNVHQ8BAf8EBAMCAfYwDQYJKoZIhvcNAQELBQADggEBAFSh
54.  oJUK6ODHBh0E0z/rWYui3VNikqxo+f33ZDLckFQeozDj8P4G0JGdhgWCihjhUXbF
55.  oqONJxBbEwkTzHjX9KM6Drd5EvyEoovvpKvMlTIKakpm5XQW2Y3NsQj9E9Hp4BAO
56.  1J0cWdYBt3ssEHpeGiEBccEIFfyrGSdb5O2548XGSHxjptqWmxsTO+CTMno9ssEG
57.  9WjguSvrkF6pRah5UVw4I6vwub8ZMz4286clYNca9CY+U4Rc0tJkVxr+hkd4K/5w
58.  f58tMqdsLoyWBFkc/kVh/AxNixO3fL7PJcJ5xQipa74VpuT53XP2lkfkpwgX/Y87
59.  4JQgvQEJuvoaKJX/IGo=
60.  -----END CERTIFICATE-----
61.   2 s:CN = elastic ce master
62.     i:CN = elastic ce master
63.  -----BEGIN CERTIFICATE-----
64.  MIIDUTCCAjmgAwIBAgIGAYGFV1sSMA0GCSqGSIb3DQEBCwUAMBwxGjAYBgNVBAMT
65.  EWVsYXN0aWMgY2UgbWFzdGVyMB4XDTIyMDYyMTA4MTgyM1oXDTMyMDYxODA4MTgy
66.  M1owHDEaMBgGA1UEAxMRZWxhc3RpYyBjZSBtYXN0ZXIwggEiMA0GCSqGSIb3DQEB
67.  AQUAA4IBDwAwggEKAoIBAQCOzPJDF3jTtSnFpI7JLy11pZaIo5Ykvxqw6WqVUrTx
68.  o1IYTz6RftXDldBPJlJUMogEpx17JLhpKSQmXYksa5MzGFOrZBVJxCmFHGeA8Sia
69.  cikgZ4lfZHCY9gY0ymw9AG/bumYWqADUtp6139TaOJzKrSXP5LTqwYdsAQaZl+eD
70.  m+1wqY+6VDD6qdrJcUISiWjq+SZhkJWVMgx4Torqf9KGz2KuwXPHickIRD2g61oK
71.  U6UEkdguz55u1o8JXZC7rexYOhAIzXUbG8QwuA4iGNETKE7AmQ9wLL4yXj8itS2u
72.  4+XT03BVbKhVRoTZ6dVMjcSui/+q1/NDgJTegAe909z1AgMBAAGjgZgwgZUwCwYD
73.  VR0RBAQwAoIAMB0GA1UdDgQWBBSRqhM9wrv0cP4YY7iI9YutryBkVjBJBgNVHSME
74.  QjBAgBSRqhM9wrv0cP4YY7iI9YutryBkVqEgpB4wHDEaMBgGA1UEAxMRZWxhc3Rp
75.  YyBjZSBtYXN0ZXKCBgGBhVdbEjAMBgNVHRMEBTADAQH/MA4GA1UdDwEB/wQEAwIB
76.  9jANBgkqhkiG9w0BAQsFAAOCAQEAaUnNaRCe6rgJmO7QCVly1HK1pR+QIljvvjDd
77.  gwG8VaW46f8ivFnJgRsjZ9FM8PQtJgrf9ihSe0TvousvuzOE1XOOaSDVz3Ie0NxI
78.  T6dPRCH/4SDo7y0BbY7d6//HCH11+J4GTBmrEksOXnfyu4SXCQGkdB5BXTJKoJ9b
79.  vdSGGKqoG7VhRqykYoHl/kbFEXhU8/3IqhBsBm15uwDuVLX2F39B0C+xTPXgS/SG
80.  zIngtOMV2rkjpANC5KvHoX/Zol9lMeACgtR8HEGGBR2b5CGhLlO7Cxgumu+8X4ZK
81.  Nw76R8X+/iic7ftijEvIAyz/A2gNZuCLIWQv9npkb/RJ6C+8yA==
82.  -----END CERTIFICATE-----
83.  ---
84.  Server certificate
85.  subject=CN = elastic ce proxy 192.168.0.8

87.  issuer=CN = elastic ce proxy root

89.  ---
90.  No client certificate CA names sent
91.  Peer signing digest: SHA256
92.  Peer signature type: RSA-PSS
93.  Server Temp Key: X25519, 253 bits
94.  ---
95.  SSL handshake has read 3265 bytes and written 438 bytes
96.  Verification error: self signed certificate in certificate chain
97.  ---
98.  New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
99.  Server public key is 2048 bit
100.  Secure Renegotiation IS supported
101.  Compression: NONE
102.  Expansion: NONE
103.  No ALPN negotiated
104.  SSL-Session:
105.      Protocol  : TLSv1.2
106.      Cipher    : ECDHE-RSA-AES256-GCM-SHA384
107.      Session-ID: C6F4865780908827A4056B21FEFCFB39F3471A0DF0EC9DD37B587B43796C0316
108.      Session-ID-ctx: 
109.      Master-Key: 58FCE590CBCAA914832E3B9A572653CEA6ADED15A88AB52E52F6DAA34674B6EE917D41FAB7E67DF56A6D670057458568
110.      PSK identity: None
111.      PSK identity hint: None
112.      SRP username: None
113.      TLS session ticket:
114.      0000 - 3e 10 e0 ff 6a 91 f7 d5-4b 08 10 d5 29 65 c5 37   >...j...K...)e.7
115.      0010 - ac 69 07 c4 ec 3e 3b 40-8e 0e 50 ac 2f 28 b5 d1   .i...>;@..P./(..
116.      0020 - f7 17 4b 71 ce 8b 66 04-de b0 2b 66 fc 63 18 11   ..Kq..f...+f.c..
117.      0030 - ee 95 b0 87 ee 6b 71 0d-91 e5 ee ca e2 8f 61 21   .....kq.......a!
118.      0040 - 63 52 4b 89 53 e9 d5 88-3d c9 62 3b 52 43 0b 9f   cRK.S...=.b;RC..
119.      0050 - 74 d9 5e d7 c4 1b d0 77-ca 43 00 5f ac 88 93 02   t.^....w.C._....
120.      0060 - 0c 3b 7e e4 93 b4 40 9d-8f 63 68 89 5b 76 2b cc   .;~...@..ch.[v+.
121.      0070 - ea d5 28 85 9d 7d e7 e0-fe 16 df bc e9 87 18 c5   ..(..}..........
122.      0080 - 90                                                .

124.      Start Time: 1655861073
125.      Timeout   : 7200 (sec)
126.      Verify return code: 19 (self signed certificate in certificate chain)
127.      Extended master secret: no
128.  ---
129.  HTTP/1.1 431 Request Header Fields Too Large
130.  Content-Type: text/plain; charset=utf-8
131.  Connection: close

将输出中显示的最后一个证书保存到本地文件,在此示例中为 elastic-ece-ca-cert.pem:



1.  $ cat << EOF > ~/elastic-ece-ca-cert.pem
2.  > -----BEGIN CERTIFICATE-----
3.  > MIIDUTCCAjmgAwIBAgIGAYGFV1sSMA0GCSqGSIb3DQEBCwUAMBwxGjAYBgNVBAMT
4.  > EWVsYXN0aWMgY2UgbWFzdGVyMB4XDTIyMDYyMTA4MTgyM1oXDTMyMDYxODA4MTgy
5.  > M1owHDEaMBgGA1UEAxMRZWxhc3RpYyBjZSBtYXN0ZXIwggEiMA0GCSqGSIb3DQEB
6.  > AQUAA4IBDwAwggEKAoIBAQCOzPJDF3jTtSnFpI7JLy11pZaIo5Ykvxqw6WqVUrTx
7.  > o1IYTz6RftXDldBPJlJUMogEpx17JLhpKSQmXYksa5MzGFOrZBVJxCmFHGeA8Sia
8.  > cikgZ4lfZHCY9gY0ymw9AG/bumYWqADUtp6139TaOJzKrSXP5LTqwYdsAQaZl+eD
9.  > m+1wqY+6VDD6qdrJcUISiWjq+SZhkJWVMgx4Torqf9KGz2KuwXPHickIRD2g61oK
10.  > U6UEkdguz55u1o8JXZC7rexYOhAIzXUbG8QwuA4iGNETKE7AmQ9wLL4yXj8itS2u
11.  > 4+XT03BVbKhVRoTZ6dVMjcSui/+q1/NDgJTegAe909z1AgMBAAGjgZgwgZUwCwYD
12.  > VR0RBAQwAoIAMB0GA1UdDgQWBBSRqhM9wrv0cP4YY7iI9YutryBkVjBJBgNVHSME
13.  > QjBAgBSRqhM9wrv0cP4YY7iI9YutryBkVqEgpB4wHDEaMBgGA1UEAxMRZWxhc3Rp
14.  > YyBjZSBtYXN0ZXKCBgGBhVdbEjAMBgNVHRMEBTADAQH/MA4GA1UdDwEB/wQEAwIB
15.  > 9jANBgkqhkiG9w0BAQsFAAOCAQEAaUnNaRCe6rgJmO7QCVly1HK1pR+QIljvvjDd
16.  > gwG8VaW46f8ivFnJgRsjZ9FM8PQtJgrf9ihSe0TvousvuzOE1XOOaSDVz3Ie0NxI
17.  > T6dPRCH/4SDo7y0BbY7d6//HCH11+J4GTBmrEksOXnfyu4SXCQGkdB5BXTJKoJ9b
18.  > vdSGGKqoG7VhRqykYoHl/kbFEXhU8/3IqhBsBm15uwDuVLX2F39B0C+xTPXgS/SG
19.  > zIngtOMV2rkjpANC5KvHoX/Zol9lMeACgtR8HEGGBR2b5CGhLlO7Cxgumu+8X4ZK
20.  > Nw76R8X+/iic7ftijEvIAyz/A2gNZuCLIWQv9npkb/RJ6C+8yA==
21.  > -----END CERTIFICATE-----
22.  > EOF

我们把上面的证书拷贝到 Metricbeat 的安装目录的根目录中。如果你对 Metricbeat 的安装和使用还不是很熟的话,请阅读我之前的文章 “Beats:Beats 入门教程 (二)”。这样在 Metricbeat 的安装目录中是这样的:



1.  $ pwd
2.  /Users/liuxg/elastic/metricbeat-8.2.0-darwin-aarch64
3.  $ ls
4.  LICENSE.txt              fields.yml               metricbeat.yml
5.  NOTICE.txt               kibana                   module
6.  README.md                logs                     modules.d
7.  data                     metricbeat
8.  elastic-ece-ca-cert.pem  metricbeat.reference.yml

我们可以看到 elastic-ece-ca-cert.pem 已经被拷贝过来了。

我们接着按照如下的步骤来配置 metricbeat.yml 文件:

metricbeat.yml



1.  output.elasticsearch:
2.    # Array of hosts to connect to.
3.    hosts: ["https://bb58db16984843379a12a8373f8c7538.192.168.0.8.ip.es.io:9243"]

5.    # Protocol - either `http` (default) or `https`.
6.    protocol: "https"

8.    # Authentication credentials - either API key or username/password.
9.    #api_key: "id:api_key"
10.    username: "elastic"
11.    password: "G4lrXzbGrTB2OYJqhyLFVR8N"
12.    ssl.certificate_authorities: ["elastic-ece-ca-cert.pem"]

你需要根据自己的 Elasticsearch 集群的 endpoint 及密码进行相应的修改。我们接下来使用如下的命令来测试:



1.  $ ./metricbeat test config
2.  Config OK





1.  $ ./metricbeat test output
2.  elasticsearch: https://bb58db16984843379a12a8373f8c7538.192.168.0.8.ip.es.io:9243...
3.    parse url... OK
4.    connection...
5.      parse host... OK
6.      dns lookup... OK
7.      addresses: 192.168.0.8
8.      dial up... OK
9.    TLS...
10.      security: server's certificate chain verification is enabled
11.      handshake... OK
12.      TLS version: TLSv1.2
13.      dial up... OK
14.    talk to server... OK
15.    version: 8.2.0

上面显示我们的证书是成功的。我们的 Metricbeat 也可以成功地连接到 Elasticsearch。

我们接下来尝试把当前电脑的 metric 发送到 Elasticsearch 中。在做之前,我们还需要在 metricbeat.yml 文件中配置 Kibana 的 endpoint 及证书,这是因为 Kibana 的 endpoint 的 url 和 Elasticsearch 的是不一样的。我们如法炮制,生成另外一个连接 Kibana 的证书 elastic-ece-ca-cert-kibana.pem。

metricbeat.yml



1.  setup.kibana:

3.    # Kibana Host
4.    # Scheme and port can be left out and will be set to the default (http and 5601)
5.    # In case you specify and additional path, the scheme is required: http://localhost:5601/path
6.    # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
7.    host: "https://4bc402f9a15847d7a69ebf7c8880b0c1.192.168.0.8.ip.es.io:9243"

9.    protocol: "https"

11.    # Authentication credentials - either API key or username/password.
12.    username: "elastic"
13.    password: "G4lrXzbGrTB2OYJqhyLFVR8N"
14.    ssl.certificate_authorities: ["elastic-ece-ca-cert-kibana.pem"]

在上面,请注意 endpoint 和证书和 Elasticsearch 是不一样的。

我们接着使用如下的命令来进行 setup:



1.  $ ./metricbeat setup
2.  Overwriting ILM policy is disabled. Set `setup.ilm.overwrite: true` for enabling.

4.  Index setup finished.
5.  Loading dashboards (Kibana must be running and reachable)
6.  Loaded dashboards

从上面的输出中,我们可以看到是成功的。

我们接下来直接启动 Metricbeat 就可以了:

 ./metricbeat -e

我们接下来直接到 Kibana 的界面中来查看数据:

我们可以看到数据已经被成功地采集进来了。我们甚至可以查看它的 Dashboard:

移除 Elastic Cloud Enterprise

由于以下原因之一,你可能需要删除 Elastic Cloud Enterprise:

  • 如果安装过程未成功完成并且你无法解决问题。
  • 如果你要取消配置主机并希望删除已安装的 Elastic Cloud Enterprise 软件。

你可以通过移除主机上的所有 Docker 容器来移除 Elastic Cloud Enterprise:

docker rm -f frc-runners-runner frc-allocators-allocator $(docker ps -a -q); sudo rm -rf /mnt/data/elastic/ && docker ps -a

如果你计划在主机上重新安装 Elastic Cloud Enterprise,请确保先从 Cloud UI 中删除主机。 如果主机仍与你的旧 Elastic Cloud Enterprise 安装相关联,则重新安装可能会失败。

警告:在安装期间,系统会生成放入 /mnt/data/elastic/bootstrap-state/bootstrap-secrets.json 机密文件的 secrets,除非你使用 --host-storage-path 参数传入不同的路径。 通过将 bootstrap-secrets.json 文件中的信息从其默认位置移除并将其放入安全的存储位置,以确保信息的安全。

总结

ECE 执行所有配置,如果您需要监控组件和其他 X-Pack 功能,它能够自动配置您的集群以管理所有必需的功能。如果您需要管理多个 Elasticsearch/Kibana 集群,ECE 非常有用,因为它消除了所有基础架构问题。

参考:

【1】Manage security certificates | Elastic Cloud Enterprise Reference [2.3] | Elastic

avatar
文章
阅读
粉丝