Elasticsearch高可用集群搭建

阿冲Runner
813 阅读6分钟

一、搭建Elasticsearch集群的必要性:

  1. 解决单点故障:如果只部署一台,那么进程死掉或者服务器宕机则日志服务不可用
  2. 提升吞吐量:多台机器同时提供服务,比单台机器的服务能力要强很多
  3. 高可用:master节点挂掉,其它服务器可以选举出master节点继续提供服务。

不必担心脑裂问题,es内部已经做了处理,只有节点获得的票数大于节点总数的一半才能成为主节点。

二、环境准备:

1、三台虚拟机:

image.png

2、单机搭建:

单机版搭建点击这里

如果不需要用户名密码登录,就不必生成安全证书。

3、生成安全认证证书:

任选一台主机

进入elasticsearch安装目录的config目录下

使用命令:mkdir certs,创建文件夹,准备存放证书信息

然后使用../bin/elasticsearch-certutil ca签发ca证书,期间会有两次停顿,第一次问输出到elasticsearch目录下吗?第二次是需要设置密码吗?如图: image.png 回到上层目录,使用ls命令发现有名为elastic-stack-ca.p12的文件生成。

执行命令bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12生成集群通信证书,方便在集群进行安全访问

执行命令期间会有三次停顿,停顿作用也是询问类似问题,直接回车即可。如图: image.png 使用命令mv elastic-stack-ca.p12 elastic-certificates.p12 config/certs/将生成的证书移动到之前创建的文件夹中。

将文件夹中elastic-certificates.p12文件上传至其它两台服务器相同文件夹下即可。

4、修改配置文件:

修改之前先使用命令cd /opt命令进入opt目录下,使用root创建一个目录es,接着在es里创建data目录和logs目录,然后回到opt目录下,执行命令:

sudo chown -R senior es/

回到elasticsearch的安装目录下的config目录下

修改config目录下的elasticsearch.yml文件 node1:

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: xm-es-cluster
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: xm-es-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /opt/es/data
#
# Path to log files:
#
path.logs: /opt/es/logs
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
network.host: 192.168.56.101
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
discovery.seed_hosts: ["192.168.56.101:9300", "192.168.56.102:9300","192.168.56.103:9300"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes: ["xm-es-1","xm-es-2","xm-es-3"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# --------------------------------- Readiness ----------------------------------
#
# Enable an unauthenticated TCP readiness endpoint on localhost
#
#readiness.port: 9399
#
# ---------------------------------- Various -----------------------------------
#
# Allow wildcard deletion of indices:
#
#action.destructive_requires_name: false
 
  #----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically
# generated to configure Elasticsearch security features on 02-11-2022 11:36:03
#
# --------------------------------------------------------------------------------
 
# Enable security features
xpack.security.enabled: true
 
# xpack.security.enrollment.enabled: false
 
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: false
# keystore.path: certs/http.p12
 
# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/elastic-certificates.p12
  truststore.path: certs/elastic-certificates.p12
#----------------------- END SECURITY AUTO CONFIGURATION -------------------------

node2:

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: xm-es-cluster
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: xm-es-2
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /opt/es/data
#
# Path to log files:
#
path.logs: /opt/es/logs
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
network.host: 192.168.56.102
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
discovery.seed_hosts: ["192.168.56.101:9300", "192.168.56.102:9300","192.168.56.103:9300"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes: ["xm-es-1","xm-es-2","xm-es-3"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# --------------------------------- Readiness ----------------------------------
#
# Enable an unauthenticated TCP readiness endpoint on localhost
#
#readiness.port: 9399
#
# ---------------------------------- Various -----------------------------------
#
# Allow wildcard deletion of indices:
#
#action.destructive_requires_name: false
 
#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically
# generated to configure Elasticsearch security features on 02-11-2022 11:36:03
#
# --------------------------------------------------------------------------------
 
# Enable security features
xpack.security.enabled: true
 
# xpack.security.enrollment.enabled: false
 
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: false
# keystore.path: certs/http.p12
 
# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/elastic-certificates.p12
  truststore.path: certs/elastic-certificates.p12
#----------------------- END SECURITY AUTO CONFIGURATION -------------------------

node3:

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: xm-es-cluster
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: xm-es-3
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /opt/es/data
#
# Path to log files:
#
path.logs: /opt/es/logs
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
network.host: 192.168.56.103
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
discovery.seed_hosts: ["192.168.56.101:9300", "192.168.56.102:9300","192.168.56.103:9300"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes: ["xm-es-1","xm-es-2","xm-es-3"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# --------------------------------- Readiness ----------------------------------
#
# Enable an unauthenticated TCP readiness endpoint on localhost
#
#readiness.port: 9399
#
# ---------------------------------- Various -----------------------------------
#
# Allow wildcard deletion of indices:
#
#action.destructive_requires_name: false
 
#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically
# generated to configure Elasticsearch security features on 02-11-2022 11:36:03
#
# --------------------------------------------------------------------------------
 
# Enable security features
xpack.security.enabled: true
 
# xpack.security.enrollment.enabled: false
 
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: false
# keystore.path: certs/http.p12
 
# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/elastic-certificates.p12
  truststore.path: certs/elastic-certificates.p12
#----------------------- END SECURITY AUTO CONFIGURATION -------------------------

5、启动:

挨个节点启动es即可。 任选节点,参照单机版修改密码。

关于xpack.security.http.ssl,开启这个就是相当于开启https访问,还得生成http安全访问的证书。

启动完成后使用如下命令验证:

curl -XGET -u elastic:sinian9527 http://192.168.56.101:9200/_cluster/health?pretty

结果: image.png ps:关于配置中的discovery.seed_hosts和cluster.initial_master_nodes可以参考: ES官方 CSDN 简书

PS: 一个坑:当我把es集群停掉之后,再次启动使用命令:

curl -XGET -u elastic:sinian9527 http://192.168.56.101:9200/_cluster/health?pretty

就报错,错误码401,无法认证。解决办法是重新执行一次设置密码的命令,就好了。

avatar
文章
阅读
粉丝