elasticsearch 集群搭建

es部署文档

### 规划

| 内网ip | 浮动ip | 角色 |
| :------------ | ------------- | ----- |
| 192.168.0.182 | 100.127.7.189 | node1 |
| 192.168.0.184 | 100.127.1.95 | node2 |
| 192.168.0.59 | 100.127.6.224 | node3 |

## 步骤

1. 安装jdk

1. 如果不存在,需要安装

2. ~~~shel
yum install -y java-1.8.0-openjdk-devel
~~~

2. 环境配置

1. 关闭防火墙和selinux

2. ~~~shell
setenforce 0
systemctl stop firewalld
systemctl disable firewalld
~~~

3. 修改系统打开最大文件句柄

1. ~~~shell
vi /etc/security/limits.conf
~~~

2. ~~~shell
# End of file

* soft nofile 655350

* hard nofile 655350

* soft nproc 20000

* hard nproc 20000
~~~

3. 修改内核参数

1. ~~~shell
vi /etc/sysctl.conf
vm.max_map_count=262144
~~~

2. ~~~shell
sysctl -p
~~~

3. 以上步骤需要在三台机器上都配置

4. 安装

1. 下载安装包

1. wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.7.0-x86_64.rpm

2. 执行安装

1. ~~~shel
rpm -ivh elasticsearch-7.7.0-x86_64.rpm
~~~

3. 创建数据存储、日志路径,并授权

1. ~~~shell
mkdir -p /app/data/elasticsearch/{data,log}
chown -R elasticsearch.elasticsearch /app/data/elasticsearch/
chmod -R 777 /app/data/elasticsearch/
~~~

4. 修改配置文件

1. ~~~shell
vi etc/elasticsearch/elasticsearch.yml
cluster.name: es-cluster
node.name: node-3
node.master: true
node.data: true
path.data: /app/data/elasticsearch/data
path.logs: /app/data/elasticsearch/log
network.host: 192.168.0.59
http.port: 9200
transport.tcp.compress: true
transport.tcp.port: 9300
discovery.seed_hosts: ["192.168.0.184:9300","192.168.0.182:9300","192.168.0.59:9300"]
cluster.initial_master_nodes: ["node-1"]
http.cors.enabled: true
http.cors.allow-origin: "*"
node.max_local_storage_nodes: 3
~~~

2. 其他两台服务器上仅仅需要修改下面两个参数,即可

1. ~~~shell
node.name: node-1 #node2
network.host: 192.168.0.184 #本机ip
~~~

3. 分别启动三台服务器

1. ~~~shell
systemctl enable elasticsearch.service
systemctl start elasticsearch
systemctl daemon-reload
~~~

4. 分别访问各自地址

1. ~~~shell
curl http://192.168.0.59:9200
~~~

2. 三台均启动后查看集群节点信息

3. ~~~shell
curl http://112.91.137.187:9200/_cat/nodes?pretty
~~~

5. 密码设置(在三台机器上选择一台机器执行)

1. ~~~shell
cd /usr/share/elasticsearch/
#生成密码文件
./bin/elasticsearch-certutil ca -out config/certs/elastic-certificates.p12 -pass
mkdir /etc/elasticsearch/certs
mv /usr/share/elasticsearch/config/certs/elastic-certificates.p12 /etc/elasticsearch/certs

#发送密码文件到其他两台服务器
scp /etc/elasticsearch/certs/elastic-certificates.p12 root@192.168.0.182:/etc/elasticsearch/certs
~~~

2. ~~~shell
#修改配置文件
vi /etc/elasticsearch/elasticsearch.yml

# 开启xpack
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
# 证书配置
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
~~~

3. ~~~shell
重启
systemctl restart elasticsearch
~~~

4. 在其他两台机器上分别执行第2,3步

5. 密码设置(只需要在其中一个节点上执行)

1. ~~~shell
cd /usr/share/elasticsearch/bin
./elasticsearch-setup-passwords interactive
设置各个用户密码即可
~~~

2. 忘记密码之后,密码重置

1. ~~~shell
1.停止Elasticsearch服务
2.编辑elasticsearch.yml文件,设置以下两项为false;
xpack.security.enabled: false
xpack.security.transport.ssl.enabled: false
3.重启es服务,删除.security-7索引
curl -XDELETE -u elastic:changeme http://localhost:9200/.security-7
3.关闭ES服务设置以下两项为true;
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
4.重启es服务,进入es的bin目录下
./elasticsearch-setup-passwords interactive
依次设置每个账号密码即可
~~~

 

posted @ 2022-11-08 16:30  哦~杰克  阅读(149)  评论(0编辑  收藏  举报