【Linux合集】elasticsearch叢集部署

Unfool發表於2024-12-05
LinuxElasticsearch

部署elasticsearch
注意: 本次部署的使用者為abc使用者 --需要注意當前使用者是否存在/註冊
1、檔案操作/系統配置調整

# 解壓檔案到指定目錄 /data/applications
sudo tar xf /data/softwares/elasticsearch-7.13.3-linux-x86_64.tar.gz -C /data/applications/
#做軟連線
sudo ln -s /data/applications/elasticsearch-7.13.3/ /data/applications/elasticsearch
​
如果除了這個系統配置沒做服務無法重啟則說明系統配置需要調整
在sysctl的conf檔案下追加下面的資訊即可
sudo vi /etc/sysctl.conf
vm.max_map_count=262144
然後生效:sysctl -p
執行: 
sudo sysctl -p

2、服務化內容:

# 服務化編寫
sudo vi /usr/lib/systemd/system/elasticsearch.service
[Unit]  
Description=Elasticsearch  
Documentation=http://www.elastic.co  
Wants=network-online.target  
After=network-online.target  
  
[Service]  
Environment="ES_JAVA_HOME=/data/applications/elasticsearch/jdk"
Environment="ES_HOME=/data/applications/elasticsearch"  
Environment="CONF_DIR=/data/applications/elasticsearch/config"  
Environment="DATA_DIR=/data/applications/elasticsearch_data/data"  
Environment="LOG_DIR=/data/applications/elasticsearch_data/logs"  
Environment="PID_DIR=/data/applications/elasticsearch/pids"  
  
User=abc 
Group=abc 
ExecStart=/data/applications/elasticsearch/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid --quiet  
ExecStop=/bin/kill -s TERM $MAINPID  
Restart=on-failure  
RestartSec=5  
LimitNOFILE=65536  
  
[Install]  
WantedBy=multi-user.target

3、修改目錄許可權

sudo chown -R abc:abc /data/*

4、服務載入/重啟

sudo systemctl daemon-reload 
sudo systemctl start elasticsearch.service 
sudo systemctl status elasticsearch.service

5、做證書/密碼認證

cd /data/applications/elasticsearch
./bin/elasticsearch-certutil ca
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

6、其他節點證書分配

mv elastic-* /data/applications/elasticsearch/config/certs/
生成的證書直接傳到其他節點機器
(除了證書生成這步驟--第5步之外,其他操作在其他節點都一樣操作)

7、編寫elasticsearch的yml檔案
在其他節點的時候需要先編寫elasticsearch.yml檔案
sudo mv /data/applications/elasticsearch/config/elasticsearch.yml /data/applications/elasticsearch/config/elasticsearch.yml_bak

sudo vi /data/applications/elasticsearch/config/elasticsearch.yml
#叢集名稱
cluster.name: cluster-p-es
#節點名稱
node.name: cluster-p-es-0004
#資料儲存路徑
path.data: /data/applications/elasticsearch/data
#日誌儲存路徑
path.logs: /data/applications/elasticsearch/logs
#網路配置,用於指定 ES 節點的 IP 地址和埠號
network.host: 172.202.21.19
http.port: 9200
#啟動時不鎖定記憶體
bootstrap.memory_lock: false
#這裡指定參與叢集的主機節點
discovery.seed_hosts: ["172.202.21.16:9300", "172.202.21.17:9300", "172.202.21.18:9300", "172.202.21.19:9300", "172.202.21.20:9300"]
cluster.initial_master_nodes: ["172.202.21.16", "172.202.21.17", "172.202.21.18", "172.202.21.19", "172.202.21.20"]
#在配置檔案末尾新增以下內容,後面es-head連線es群集時需要
http.cors.enabled: true                #新增該行,開啟跨域訪問支援
http.cors.allow-origin: "*"            #新增該行,跨域訪問允許的域名地址
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers: "X-Requested-With, Content-Type, Content-Length, X-User"
​
​
#欄位資料快取大小,用於指定 ES 的欄位資料快取大小。
indices.fielddata.cache.size: 40%
#是否啟用 X-Pack 安全,如果設定為 true,則將啟用 X-Pack 安全。
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-stack-ca.p12
xpack.security.transport.ssl.keystore.password: abc123@456
xpack.security.transport.ssl.truststore.password: abc123@456

8、配置密碼

叢集配置好之後需要配置密碼:
./elasticsearch-setup-passwords interactive
abc123@456
./bin/elasticsearch-users useradd elastic -p 'abc123@456'
​

9、驗證叢集狀態

curl -u elastic:abc123@456 -X GET "http://172.202.21.16:9200/_cluster/health?pretty"
{
  "cluster_name" : "cluster-p-es",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 5,
  "number_of_data_nodes" : 5,
  "active_primary_shards" : 0,
  "active_shards" : 0,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}

如果未透過的狀態:

{
  "error" : {
    "root_cause" : [
      {
        "type" : "security_exception",
        "reason" : "unable to authenticate user [elastic] for REST request [/_cluster/health?pretty]",
        "header" : {
          "WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
        }
      }
    ],
    "type" : "security_exception",
    "reason" : "unable to authenticate user [elastic] for REST request [/_cluster/health?pretty]",
    "header" : {
      "WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
    }
  },
  "status" : 401
}

相關文章