一、背景
es节点CPU在高峰时间段使用率超过80%,业务担心支撑不了活动,申请水平扩容data节点。
KSA和WGA两套cpos es都要做水平扩容。
二、集群信息
带xpack的es
| 7.10.2 | 172.25.171.34 | mdi | 9200 | 16C/32G/300G | 2022.05.20扩容+xpack,2024.02.23磁盘扩容到600G | |
|---|---|---|---|---|---|---|
| 7.10.2 | 172.25.171.33 | mdi | 9200 | 16C/32G/300G | 2022.05.20扩容+xpack,2024.02.23磁盘扩容到600G | |
| 7.10.2 | 172.25.171.32 | mdi | 9200 | 16C/32G/300G | 2022.05.20扩容+xpack,2024.02.23磁盘扩容到600G | |
| 7.10.2 | 172.25.171.29 | di | 9200 | 16C/32G/300G | 2022.05.20扩容+xpack,2024.02.23磁盘扩容到600G | |
| 7.10.2 | 172.25.171.25 | di | 9200 | 16C/32G/300G | 2022.05.20扩容+xpack,2024.02.23磁盘扩容到600G |
配置文件路径: /opt/elasticsearch-7.10.2/config/elasticsearch.yml
插件: analysis-ik 7.10.2
ES版本: 7.10.2
jvm.option:16G
ES data路径:/opt/elasticsearch-7.10.2/data
kibana地址:http://172.25.171.33:5601
elasticsearch.username: "elastic"
elasticsearch.password: "a3b9ymeERz"
curl --user elastic:a3b9ymeERz http://172.25.171.29:9200
扩容节点使用RPM方式安装
数据路径 /data/elasticsearch/data
账号密码: yumdbuser / Stz8H6SY23
配置信息
- 172.25.171.34节点es yml
cluster.name: cpos
node.name: vm172-25-171-34.ksc.com
node.master: true
node.data: true
path.data: /data/elasticsearch/data
path.logs: /data/elasticsearch/logs
bootstrap.memory_lock: false
network.host: 172.25.171.34
http.port: 9200
discovery.seed_hosts: ["172.25.171.34","172.25.171.33","172.25.171.32","172.25.171.29","172.25.171.25"]
cluster.initial_master_nodes: ["172.25.171.34","172.25.171.33","172.25.171.32"]
action.destructive_requires_name: false
http.cors.enabled: true
http.cors.allow-origin: "*"
indices.memory.index_buffer_size: 20%
thread_pool:
search:
size: 80
queue_size: 2000
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
监控地址
infra-grafana.hwwt2.com/d/na_nxrE_m…
三、操作wbs
- 应用运维申请1个节点(新节点: 172.25.189.128)
- 资源16C/32G/600G 的中间件裸资源
- 变更报备
- 资源提供给DBA
- DBA检查资源的规格、数据盘挂载路径、数据盘文件格式等
- 初始化es服务所需的文件路径
/data/elasticsearch/data
/data/elasticsearch/log
/data/elasticsearch/backup
-
DBA部署data节点 (具体操作参考: 带XPACK的es水平扩容操作 ,这次操作的版本为
7.10.2) -
安装插件
-
配置jvm
主机内存的50%
- 配置es yml文件(注意标黄部分)
cluster.name: cpos
node.name: vm172-25-171-34.ksc.com
node.master: false
node.data: true
path.data: /data/elasticsearch/data
path.logs: /data/elasticsearch/logs
path.repo: ["/data/elasticsearch/backup"]
bootstrap.memory_lock: false
network.host: xxx.xxx.xxx.xxx
http.port: 9200
discovery.seed_hosts: ["172.25.171.34","172.25.171.33","172.25.171.32","172.25.171.29","172.25.171.25","xxx.xxx.xxx.xxx"]
cluster.initial_master_nodes: ["172.25.171.34","172.25.171.33","172.25.171.32"]
discovery.zen.minimum_master_nodes: 2
action.destructive_requires_name: false
http.cors.enabled: true
http.cors.allow-origin: "*"
indices.memory.index_buffer_size: 20%
thread_pool:
search:
size: 80
queue_size: 2000
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
- 配置xpack信息
将master上的证书文件同步到新节点的对应路径下 /etc/elasticsearch/certs/
配置用户权限
注册 elasticsearch-keystore
# 配置的为ES集群之间tcp 9300 相互通讯的密码, elastic用户的密码
# 用于存储SSL/TLS密钥库(keystore)的密码,这个密码用于保护密钥库中的私钥和证书。
/usr/share/elasticsearch/bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
# 以下同时需要执行,密码相同
# 用于存储SSL/TLS信任库(truststore)的密码,信任库包含了Elasticsearch节点信任的证书列表
/usr/share/elasticsearch/bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
- es集群分片策略调整,禁止新data加入shard平衡
- 启动新节点的es服务
- 平衡shard
- 检查
- 验证shard状态
- 监控对接
ES exporter 和 node exporter节点
如果新节点srv名字和原节点的srv不相同,应用运维提供信息后联系陈帅清洗
-
完成
四、回滚方案
-
修改分片分配策略,新节点上禁止分配shard
-
关停新节点es服务
五、补充
lue
