ElasticSearch 集群安装
环境
Linux redhat8
三台机器
192.168.2.189
192.168.2.191
192.168.2.192
二、安装&配置
版本选择
全部版本链接:www.elastic.co/cn/download…
当前版本选择:7.6.2
1. ES安装包(可从官网下载)
需要下elasticsearch、kibana、ik分词器
官网下载地址:www.elastic.co/downloads/e…
ik分词器地址:github.com/medcl/elast…
2. JDK要求
JDK版本:1.8
3. 在linux上安装示例
Elasticsearch不能在 root 用户下启动,我们需要在三台机器上分别创建一个普通用户:
# 创建elastic用户
useradd elastic
# 设置用户密码
passwd elastic
# 切换到elastic用户
su elastic
分别在三台机器上的 /home/elastic/ 目录下创建elasticsearch文件夹,然后在elasticsearch文件夹下分别创建data、logs文件夹:
mkdir -p /home/elastic/elasticsearch/data
mkdir -p /home/elastic/elasticsearch/logs
在生产环境下我们要把Elasticsearch生成的索引文件数据存放到自定义的目录下**data:存储Elasticsearch索引文件数据logs:**存储日志文件
修改elasticsearch.yml
输入如下命令修改 elasticsearch.yml 配置文件:
vi elasticsearch
-
7.6
.
2
/
config
/
elasticsearch
.
yml
修改后的配置文件如下,可以直接复制:
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
# Before you set out to tweak and tune the configuration, make sure you
# understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
# 不同的机器得修改此值
node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /home/elastic/elasticsearch/data
#
# Path to log files:
#
path.logs: /home/elastic/elasticsearch/logs
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: 192.168.2.189
#
# Set a custom port for HTTP:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
discovery.seed_hosts: ["192.168.2.189", "192.168.2.191", "192.168.2.192"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes: ["node-1", "node-2", "node-3"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
#
# ---------------------------------- xpack -------------------------------------
#
xpack.monitoring.collection.enabled: true
| 端口 | 说明 | 备注 | 开放情况 |
|---|---|---|---|
| 9300 | transport.tcp.port | 设置节点之间交互的tcp端口,默认是9300,不建议修改 | 集群内访问 |
| 9200 | http.port | api接口调用 | 应用访问 |
调整jvm内存大小
conf/jvm.options #默认1G
-
Xms10G
-
Xmx10G
主要修改如下几处配置:
-
cluster.name:集群的名称,集群中所有节点的
cluster.name的值必须要相同。 -
node.name:集群中每个Elasticsearch的节点名称,不可以重复。
-
path.data:设置存放Elasticsearch索引文件数据的路径。
-
path.logs:设置存放日志文件的路径。
-
network.host:Elasticsearch绑定的IP,外界可以通过这个IP访问到当前Elasticsearch节点,一般配配置当前系统的IP,或者
0.0.0.0(任何地址都能访问到)。 -
http.port:当前启动Elasticsearch的端口号,一般默认
9200即可,当然你也可以修改 -
discovery.seed_hosts:配置所有Elasticsearch节点绑定的IP地址。
-
cluster.initial_master_nodes:配置那些节点可以有资格被选为主节点。
-
xpack.monitoring.collection.enabled:收集监控数据默认为false不收集监控数据。
我们已经配置好一台Elasticsearch节点了接下来我们只需要把这台配置好的Elasticsearch复制到另外两台机器中在做一些简单的修改就就可以了。
我们使用 scp 命令复制当前配置好的Elasticsearch到另外两台机器中:
scp -r /home/elastic/elasticsearch/elasticsearch-7.6.2 elastic@192.168.2.191:/home/elastic/elasticsearch/elasticsearch-7.6.2
scp -r /home/elastic/elasticsearch/elasticsearch-7.6.2 elastic@192.168.2.192:/home/elastic/elasticsearch/elasticsearch-7.6.2
分别在两台机器中修改几处配置:192.168.2.191 这台机器修改elasticsearch.yml配置文件如下:
node.name: node-2
network.host: 192.168.2.191
192.168.2.192 这台机器修改elasticsearch.yml配置文件如下:
node.name: node-3
network.host: 192.168.2.192
启动Elasticsearch
从命令行运行Elasticsearch
Elasticsearch可以从命令行启动,如下所示:
.
/bin/
elasticsearch
作为后台启动
要将Elasticsearch作为后台程序运行,请在命令中指定 -d,然后使用 -p将进程ID记录在文件中:
.
/bin/
elasticsearch
-
d
-
p pid
分别在三台机器上启动Elasticsearch,启动过程中建议单个机器启动成功后再启动另一台。
指定elasticsearch使用内部jdk启动
编辑/bin/elasticsearch
#添加使用ES内置的jdk
export JAVA_HOME=/home/liudaxia/elasticsearch/elasticsearch-7.6.2/jdk/
export PATH=$JAVA_HOME/bin:$PATH
source "`dirname "$0"`"/elasticsearch-env
ES_JVM_OPTIONS="$ES_PATH_CONF"/jvm.options
ES_JAVA_OPTS=`export ES_TMPDIR; "$JAVA" -cp "$ES_CLASSPATH" org.elasticsearch.tools.launchers.JvmOptionsParser "$ES_JVM_OPTIONS"`
#添加jdk判断
if [ -x "$JAVA_HOME/bin/java" ]; then
JAVA="$JAVA_HOME/bin/java"
else
JAVA=`which java`
fi
**注意:**在启动过程中如果出现错误请看下面章节
设置系统配置
下面的所有修改在生产环境下都可能不会出现,如果出现了就做相应的修改即可修改系统配置文件需要切换到 root 用户下:
su root
会提示你输入 root 用户密码,输入正确的密码即可
设置虚拟内存
将虚拟内存设置大一些,否则在启动elasticsearch时会出错导致启动失败:
ERROR: [1] bootstrap checks failed
[1]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
输入 vi/etc/sysctl.conf 命令在 sysctl.conf 中配置如下内容:
vm
.
max_map_count
=
655360
接着输入如下命令让配置生效:
sysctl
-
p
设置最大文件描述符
在启动Elasticsearch有可能会出现如下错误:
[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at
least [65536]
错误说明:elasticsearch过程的最大文件描述符 [4096] 太低,增加到 最少 [65536]
接下来我们修改最大文件描述符,输入 vi/etc/security/limits.conf 命令在 limits.conf 中配置如下内容:
* soft nofile 65536
* hard nofile 131072
* soft nproc 2048
* hard nproc 4096
设置最大线程数
在启动Elasticsearch有可能会出现如下错误:
[
2
]:
max number of threads
[
1024
]
for
user
[
elsearch
]
is
too low
,
increase to at least
[
4096
]
错误说明:线程 [1024]用户 [elsearch]的最大数量太低,增加至少 [4096]
接下来我们修改线程数,输入 vi/etc/security/limits.d/20-nproc.conf 命令在 20-nproc.conf 中配置如下内容:(redhat5\6 为90-nproc.conf)
*
soft nproc
4096
SecComp
在启动Elasticsearch有可能会出现如下错误:
[
3
]:
system call filters failed to install
;
check the logs
and
fix your configuration
or
disable system call filters at your own risk
错误说明:系统调用过滤器安装失败;检查日志和修复配置或禁用系统调用过滤器需要您自担风险 这是在因为 Centos7 不支持 SecComp ,而ES5.2.0之后默认 bootstrap.system_call_filter 为 true进行检测,所以导致检测失败,失败后直接导致ES不能启动。
接下来我们修改配置文件,输入 vim config/elasticsearch.yml 命令,在 elasticsearch.yml 中配置如下内容:
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
# 设置为false不进行检测
bootstrap.system_call_filter: false
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
检查集群
上面我们已经搭建好了三个节点的集群,并且已经启动了。
接下来我们来检查一下集群是否已经形成,给三台服务器中的任意一台发送http请求:
http
:
//192.168.2.189:9200/_cat/health?v
应该会反馈如下内容:
epoch timestamp cluster status node.total node.data shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent
1579067395 05:49:55 my-application green 3 3 22 11 0 0 0 0 - 100.0%
**cluster:显示的是当前集群的名称status:显示的是 green 表示当前集群是健康的状态node.total:**显示 3 表示当前集群有三个节点
**问题一:max file descriptors [4096] for elasticsearch process likely too low, increase to at least [65536]**解决:修改切换到root用户修改配置limits.conf 添加下面两行 命令:vi /etc/security/limits.conf * hard nofile 65536 * soft nofile 65536
**问题二:max number of threads [1024] for user [lish] likely too low, increase to at least [2048]**解决:切换到root用户,进入limits.d目录下修改配置文件。vi /etc/security/limits.d/90-nproc.conf 修改如下内容:* soft nproc 1024 #修改为 * soft nproc 2048
**问题三:max virtual memory areas vm.max_map_count [65530] likely too low, increase to at least [262144]**解决:切换到root用户修改配置sysctl.conf vi /etc/sysctl.conf 添加下面配置:vm.max_map_count=655360
并执行命令:sysctl -p
切换到es的用户。然后,重新启动elasticsearch,即可启动成功。
分词器的安装
插件下载地址(下载相对应的版本)
在elasticsearch的plugins下创建ik文件夹,将下载的解压进去,重启即可。
tar -zxvf /home/elastic/elasticsearch/elasticsearch-analysis-ik-7.6.2.tar.gz -C /home/elastic/elasticsearch/elasticsearch-7.6.2/plugins/
mv /home/elastic/elasticsearch/elasticsearch-7.6.2/plugins/elasticsearch-analysis-ik-7.6.2 /home/elastic/elasticsearch/elasticsearch-7.6.2/plugins/ik
#拷贝到其他两台机器的相应目录下
scp -r /home/elastic/elasticsearch/elasticsearch-7.6.2/plugins/ik elastic@192.168.2.191:/home/elastic/elasticsearch/elasticsearch-7.6.2/plugins/
用户名密码的设置
1、创建CA证书
.
/bin/
elasticsearch
-
certutil ca
-
v
创建完成的证书在elasticsearch的根目录下,这个命令生成格式为 PKCS#12名称为 elastic-stack-ca.p12 的keystore文件,包含CA证书和私钥。
2、创建节点间认证用的证书
.
/bin/
elasticsearch
-
certutil cert
--
ca elastic
-
stack
-
ca
.
p12
这个命令生成格式为 PKCS#12名称为 elastic-certificates.p12 的keystore文件,包含node证书、私钥、CA证书。
这个命令生成的证书内部默认是不包含主机名信息的(他没有任何 Subject Alternative Name 字段),所以证书可以用在任何的node节点上,但是你必须配置elasticsearch关闭主机名认证。
3、配置ES节点使用这个证书
mkdir config
/
certs
mv elastic-* config/certs/
#拷贝证书到其他两台机器 scp -r /home/elastic/elasticsearch/elasticsearch-7.6.2/config/certs elastic@192.168.2.191:/home/elastic/elasticsearch/elasticsearch-7.6.2/config/
配置elasticsearch.yml配置文件,注意所有的node节点都需要配置,这里的配置是使用PKCS#12格式的证书。
$ vim config/elasticsearch.yml
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate #认证方式使用证书
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
# 如果你使用--pem生成PEM格式的,那么需要使用如下的配置:
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /home/es/config/node01.key # 私钥
xpack.security.transport.ssl.certificate: /home/es/config/node01.crt # 证书
xpack.security.transport.ssl.certificate_authorities: [ "/home/es/config/ca.crt" ] # ca证书
如果你生成的node证书设置了password,那么需要把password加入到elasticsearch 的keystore,shell命令执行
PKCS#12格式:
bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
PEM格式
bin/elasticsearch-keystore add xpack.security.transport.ssl.secure_key_passphrase
#### 配置完成启动
注意:config/certs 目录中不需要拷贝CA证书文件,只拷贝cert文件即可。我这里是图方便。
同时要注意把CA证书保存好,如果设置了CA证书密钥也要保护放,方便后期增加ES节点使用。
xpack.security.transport.ssl.verification\_mode 这里配置认证方式:参考官网
* `full`,认证证书是否通过信任的CA证书签发的,同时认证server的hostname or IP address是否匹配证书中配置的。
* `certificate`,我们这里采用的方式,只认证证书是否通过信任的CA证书签发的
* `none`,什么也不认证,相当于关闭了SSL/TLS 认证,仅用于你非常相信安全的环境。
配置了,然后再次启动ES节点测试
参考
#### 4、创建密码(es启动后执行)
. /bin/ elasticsearch
setup
passwords auto
**此命令会自动创建密码,如果想自定义将auto改为interactive命令**
Changed password for user apm_system PASSWORD apm_system = F2U8SUczC6yIWsmfav4F
Changed password for user kibana PASSWORD kibana = FKoLjafoXfdqnxCsCV5g
Changed password for user logstash_system PASSWORD logstash_system = OJGp28cfiY7yHO3Ypt9c
Changed password for user beats_system PASSWORD beats_system = AlmE25XuPbJiN54LOeqx
Changed password for user remote_monitoring_user PASSWORD remote_monitoring_user = Ue6oWKHZlq5dEuqpOMCQ
Changed password for user elastic PASSWORD elastic = xEdjvS5dDqchndUUL1L2
#### 如果想重新执行该命令,需要将索引.security-7删除
### 安装kibana(指定一台机器安装即可)
#### 1、下载kibana
https : //www.elastic.co/cn/download…
#### 2、配置conf/kibana.yml
server.port: 5601 server.host: "0.0.0.0" server.name: "mykibana" elasticsearch.hosts: ["http://localhost:9200"] kibana.index: ".kibana" elasticsearch.username: "kibana" elasticsearch.password: "UKuHceHWudloJk9NvHlX"
i18n.locale: "en"
i18n.locale: "zh-CN" xpack.security.encryptionKey: Hz9yFFaPejHvCkhTddNx%WsBgxVSCQ # 自己随意生成的32位加密key
#### 3、启动kibana
nohup
./
bin
/
kibana
&
