ES7.10集群部署

仙长道号-Linux真人

已于 2023-08-24 17:14:56 修改

阅读量276

点赞数

文章标签：运维 elasticsearch es linux elk

于 2023-08-24 17:08:53 首次发布

本文链接：https://blog.youkuaiyun.com/a1808862593/article/details/132478491

版权

ES7.10集群部署

准备3台机器

节点	IP
node1	50.50.50.128
node2	50.50.50.129
node3	50.50.50.130

一、安装

单机部署ES7

elasticsearch-7.10.0

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.10.0-x86_64.rpm

yum install -y elasticsearch-7.10.0-x86_64.rpm

mkdir -p /data/elasticsearch/{logs,data,apps}

chmod -R 750 /data/elasticsearch/{data,logs}

二、配置

修改配置文件

elasticsearch.yml

vim /data/elasticsearch/elasticsearch.yml

cluster.name: ES7-cluster
node.name: ES7-node1
network.host: 0.0.0.0
path.data: /data/elasticsearch/data
path.logs: /data/elasticsearch/logs
node.master: true
node.data: true
bootstrap.memory_lock: false
http.port: 9200
discovery.seed_hosts: ["50.50.50.128:9300","50.50.50.129:9300","50.50.50.131:9300"]
cluster.initial_master_nodes: ["ES7-node1","ES7-node2","ES7-node3"]
bootstrap.system_call_filter: false
#xpack.security.enabled: true
#xpack.security.transport.ssl.enabled: true
#xpack.security.transport.ssl.verification_mode: certificate
#xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
#xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
http.cors.enabled: true
http.cors.allow-origin: "*"

jvm.options

配置 elasticsearch 运行时使用的 Java 虚拟机参数。

vim /data/elasticsearch/jvm.options

## JVM configuration

################################################################
## IMPORTANT: JVM heap size
################################################################
##
## You should always set the min and max JVM heap
## size to the same value. For example, to set
## the heap to 4 GB, set:
##
## -Xms4g
## -Xmx4g
##
## See https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html
## for more information
##
################################################################

# Xms represents the initial size of total heap space
# Xmx represents the maximum size of total heap space

-Xms1g
-Xmx1g

################################################################
## Expert settings
################################################################
##
## All settings below this section are considered
## expert settings. Don't tamper with them unless
## you understand what you are doing
##
################################################################

## GC configuration
8-13:-XX:+UseConcMarkSweepGC
8-13:-XX:CMSInitiatingOccupancyFraction=75
8-13:-XX:+UseCMSInitiatingOccupancyOnly

## G1GC Configuration
# NOTE: G1 GC is only supported on JDK version 10 or later
# to use G1GC, uncomment the next two lines and update the version on the
# following three lines to your version of the JDK
# 10-13:-XX:-UseConcMarkSweepGC
# 10-13:-XX:-UseCMSInitiatingOccupancyOnly
14-:-XX:+UseG1GC
14-:-XX:G1ReservePercent=25
14-:-XX:InitiatingHeapOccupancyPercent=30

## JVM temporary directory
-Djava.io.tmpdir=\${ES_TMPDIR}

## heap dumps

# generate a heap dump when an allocation from the Java heap fails
# heap dumps are created in the working directory of the JVM
-XX:+HeapDumpOnOutOfMemoryError

# specify an alternative path for heap dumps; ensure the directory exists and
# has sufficient space
-XX:HeapDumpPath=/var/lib/elasticsearch

# specify an alternative path for JVM fatal error logs
-XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log

## JDK 8 GC logging
8:-XX:+PrintGCDetails
8:-XX:+PrintGCDateStamps
8:-XX:+PrintTenuringDistribution
8:-XX:+PrintGCApplicationStoppedTime
8:-Xloggc:/var/log/elasticsearch/gc.log
8:-XX:+UseGCLogFileRotation
8:-XX:NumberOfGCLogFiles=32
8:-XX:GCLogFileSize=64m

# JDK 9+ GC logging
9-:-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m

三、优化

系统优化

limits.conf

vim /etc/security/limits.conf

* soft  nofile 65536
* hard  nofile 65536

90-nproc.conf

vim /etc/security/limits.d/90-nproc.conf

# Default limit for number of user's processes to prevent
# accidental fork bombs.
# See rhbz #432903 for reasoning.

*          soft    nproc     4096
root       soft    nproc     unlimited

sysctl.conf

vim /etc/sysctl.conf

# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
# sysctl.conf(5) for more details.

# Controls IP packet forwarding
net.ipv4.ip_forward = 0

# Controls source route verification
net.ipv4.conf.default.rp_filter = 1

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1

# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1

# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

# Controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65536

# Controls the maximum size of a message, in bytes
kernel.msgmax = 65536

# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736

# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296

vm.max_map_count = 655360

############ TCP Optimize ############
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_keepalive_time = 30
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 1024    65000
net.ipv4.tcp_timestamps = 0
kernel.msgmni = 128
net.ipv4.tcp_max_tw_buckets = 10000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 8192 8388608 16777216
net.ipv4.tcp_wmem = 8192 8388608 16777216
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_mem = 94500000 915000000 927000000
########################################

sysctl -p

四、启动

sed -i '10a JAVA_HOME=/usr/share/elasticsearch/jdk' /etc/sysconfig/elasticsearch

CentOS 7

systemctl start elasticsearch

CentOS 6

/etc/init.d/elasticsearch start

五、查看集群节点

curl localhost:9200/_cat/nodes?pretty

六、集群添加用户安全认证

node1创建证书、秘钥，将证书、秘钥上传至node2、node3。

node1-3修改集群配置重启服务，添加用户密码，最后查看集群节点验证

6.1创建证书

/usr/share/elasticsearch/bin/elasticsearch-certutil ca

6.2颁发证书

/usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

6.3保存证书密码

/usr/share/elasticsearch/bin/elasticsearch-keystore create

6.4将证书放在安装目录下

cp /usr/share/elasticsearch/elastic-certificates.p12 /etc/elasticsearch/

6.5添加读写权限

chmod 664 elastic-certificates.p12
chmod 664 elasticsearch.keystore

6.6停止服务

systemctl stop elasticsearch

6.7将证书密钥上传至其他节点

tar zcf K.tar.gz elastic-certificates.p12 elasticsearch.keystore

6.8修改配置

vim /etc/elasticsearch/elasticsearch.yml

cluster.name: ES7-cluster
node.name: ES7-node1
network.host: 0.0.0.0
path.data: /data/elasticsearch/data
path.logs: /data/elasticsearch/logs
node.master: true
node.data: true
bootstrap.memory_lock: false
http.port: 9200
discovery.seed_hosts: ["50.50.50.128:9300","50.50.50.129:9300","50.50.50.131:9300"]
cluster.initial_master_nodes: ["ES7-node1","ES7-node2","ES7-node3"]
bootstrap.system_call_filter: false
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
http.cors.enabled: true
http.cors.allow-origin: "*"

6.9启动

systemctl start elasticsearch

6.10查看集群节点

curl localhost:9200/_cat/nodes?pretty

6.11添加用户密码

/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive

6.12查看集群节点

curl --user elastic:elasticsearch localhost:9200/_cat/nodes?pretty