Stories

Detail Return Return

ElasticSearch-8.7.1集羣部署 - Stories Detail

單機部署

  • 解壓文件

    tar -zxvf elasticsearch-8.7.1-linux-x86_64.tar.gz
mv elasticsearch-8.7.1 /usr/local/share/

  • 創建用户組

    groupadd elastic

  • 創建ES啓動用户

    • es不能以root用户啓動,單獨新建一個普通用户
    useradd elastic -g elastic -p elastic

  • 創建前置目錄

    • 數據存儲目錄
    mkdir /var/lib/elasticsearch_data
    • 日誌存儲目錄
    mkdir /var/log/elasticsearch_log
    • PID目錄
    mkdir /var/run/elasticsearch

  • 修改目錄權限

    chown -R elastic:elastic /usr/local/share/elasticsearch-8.7.1
chown -R elastic:elastic /var/lib/elasticsearch_data
chown -R elastic:elastic /var/log/elasticsearch_log
chown -R elastic:elastic /var/run/elasticsearch

  • 修改節點內存參數

    echo -e "vm.max_map_count=655350 \nvm.overcommit_memory=1">>/etc/sysctl.conf 
sysctl -p

  • 修改節點limit參數

    # echo -e "* soft nofile 65536 \n* hard nofile 65536 \n* soft nproc 65536 \n* hard nproc 65536 \n* hard memlock unlimited \n* soft memlock unlimited" >>/etc/security/limits.conf

  • 創建證書

    • 集羣部署時,生成的證書壓縮包ca.zip,需要分發到其他機器上,保證所有機器都是同一份證書 
    ./bin/elasticsearch-certutil ca --pem --out ca.zip --days 36500 -s

# 解壓
unzip ca.zip

  • 修改elasticsearch.yml配置文件

    cluster.name: cluster-es
#配置各節點hostname
node.name: node-01 
path.data: /var/lib/elasticsearch_data
path.logs: /var/log/elasticsearch_log
#配置各節點IP
network.host: 0.0.0.0 
http.port: 9200
discovery.seed_hosts: ["es01", "es02","es03"]
cluster.initial_master_nodes: ["es01", "es02","es03"]
http.cors.enabled: true
http.cors.allow-origin: "*"
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /home/elasticsearch-8.7.1/config/cert/ca/ca.key   #上一步驟生成的證書
xpack.security.transport.ssl.certificate: /home/elasticsearch-8.7.1/config/cert/ca/ca.crt

  • 節點啓動

    • 測試單台機子上是否能夠成功運行
    # 後台運行
nohup /usr/local/share/elasticsearch-8.7.1/bin/elasticsearch >/var/log/elasticsearch_log/cluster-es.log 2>&1 &

curl -u "es用户名:es用户密碼"  127.0.0.1:9200

  • 設置密碼訪問

    • 設置密碼訪問,需注意節點上es要保持啓動狀態
    • 集羣部署時,只要其中一個節點進行該步驟即可
    # 按照提示一步步生成即可,這裏圖方便將所有的密碼都設置成一樣
./bin/elasticsearch-setup-passwords interactive
    • ps;假如密碼忘記,或者有人手欠將.security-7索引刪除,可登錄一個節點重置密碼
    # 重置密碼需要指定賬户 -u [用户名]
./bin/elasticsearch-reset-passwords -u elastic

服務化配置

  • 創建service文件

    vim /etc/systemd/system/elasticsearch.service

    service文件內容如下

    [Unit]
Description=elasticsearch
After=network.target

[Service]
# data根目錄
Environment="DATA_DIR=/var/lib/elasticsearch_data"
# log根目錄
Environment="LOG_DIR=/var/log/elasticsearch_log"
# PID根目錄
Environment="PID_DIR=/var/run/elasticsearch"
User=elastic
Group=elastic
ExecStart=/usr/local/share/elasticsearch-8.7.1/bin/elasticsearch -p ${PlD DlR)/elasticsearch.pid --quiet
ExecStop=/bin/kill -s TERM $MAINPID
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

  • 刷新elasticsearch.service配置信息

    systemctl daemon-reload

  • 重啓服務

    systemctl restart elasticsearch.service

  • 查看節點運行狀況

    systemctl status elasticsearch.service

  • 設置開機自啓動

    systemctl enable elasticsearch.service

    集羣部署

參考【單機部署】【服務化配置】,我們已成功運行一個節點,在另外2台機器上重複上述安裝步驟即可,以下再強調集羣部署中的一些踩坑點
  • 證書需要確保每個節點均保持一直
  • 設置密碼訪問時,只要在其中一個節點進行即可
elasticsearch , 中間件
Favorites

Add a new Comments

Some HTML is okay.