Elasticsearch 生产集群部署终极方案

Elasticsearch 集群部署

  • 1.集群部署
    • [1.1 新增用户](#1.1 新增用户)
    • [1.2 优化操作系统](#1.2 优化操作系统)
    • [1.3 JDK](#1.3 JDK)
    • [1.4 elasticsearch](#1.4 elasticsearch)
    • [1.5 开机自启动](#1.5 开机自启动)
  • 2.安全认证功能
    • [2.1 生成CA证书](#2.1 生成CA证书)
    • [2.2 生成密钥](#2.2 生成密钥)
    • [2.3 上传至其他节点](#2.3 上传至其他节点)
    • [2.4 修改属主、属组](#2.4 修改属主、属组)
    • [2.5 配置文件添加参数](#2.5 配置文件添加参数)
    • [2.6 各节点添加密钥库密码](#2.6 各节点添加密钥库密码)
    • [2.7 设置用户密码](#2.7 设置用户密码)

1.集群部署

1.1 新增用户

shell 复制代码
useradd es  -m  -s  /bin/bash

1.2 优化操作系统

shell 复制代码
cat /etc/security/limits.conf
*               soft    nofile          65536
*               hard    nofile          65536

cat /etc/sysctl.conf
vm.max_map_count=262144

sysctl -p

1.3 JDK

shell 复制代码
tar xf jdk-8u441-linux-x64.tar.gz -C  /usr/local/
ln -s /usr/local/jdk1.8.0_441    /usr/local/jdk1.8.0
su - es
echo -e 'export JAVA_HOME=/usr/local/jdk1.8.0\nexport CLASSPATH=.:$JAVA_HOME/lib:$JAVA_HOME/jre/lib\nexport PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$PATH' >>  ~/.bashrc

1.4 elasticsearch

shell 复制代码
wget  https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.6.1-linux-x86_64.tar.gz
tar xvf elasticsearch-7.6.1-linux-x86_64.tar.gz -C /usr/local/
ln -s /usr/local/elasticsearch-7.6.1   /usr/local/elasticsearch
chown -R  es.es  /usr/local/elasticsearch
chown -R  es.es  /usr/local/elasticsearch-7.6.1/
cat > /usr/local/elasticsearch/config/elasticsearch.yml <<EOF
cluster.name: es-cluster
node.name: es-node1
node.master: true
node.data: true
path.data: /home/elasticsearch/data
path.logs: /home/elasticsearch/logs
network.host: 0.0.0.0
http.port: 9200
transport.tcp.port: 9300
discovery.seed_hosts: ["172.16.2.8", "172.16.2.9","172.16.2.10"]
cluster.initial_master_nodes: ["172.16.2.8", "172.16.2.9","172.16.2.10"]
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,X-Requested-With,Content-Type,Content-Length
EOF
mkdir -p /home/elasticsearch/{data,logs}
chown -R es:es /home/elasticsearch 

1.5 开机自启动

shell 复制代码
cat > /usr/lib/systemd/system/elasticsearch.service <<EOF
[Unit]
Description=Elasticsearch
Documentation=https://www.elastic.co
Wants=network-online.target
After=network-online.target

[Service]
User=es
Group=es
ExecStart=/usr/local/elasticsearch/bin/elasticsearch

[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable elasticsearch.service
systemctl start elasticsearch.service

2.安全认证功能

2.1 生成CA证书

shell 复制代码
su - es
./bin/elasticsearch-certutil ca --pass "elastic"  --out ./

2.2 生成密钥

shell 复制代码
mkdir ./config/certificates
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 --pass "elastic" --out ./config/certificates/

2.3 上传至其他节点

shell 复制代码
scp -i id_rsa config/certificaties/elastic-certificates.p12 root@172.16.2.9:/usr/local/elasticsearch/config/certificaties
scp -i id_rsa config/certificaties/elastic-certificates.p12 root@172.16.2.10:/usr/local/elasticsearch/config/certificaties

2.4 修改属主、属组

shell 复制代码
chown -R es:es certificaties/

2.5 配置文件添加参数

复制代码
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/local/elasticsearch/config/certificates/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/local/elasticsearch/config/certificates/elastic-certificates.p12

2.6 各节点添加密钥库密码

shell 复制代码
./bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
./bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
#输入生成密钥时的密码,例:elastic;如果生成密钥没有设置密码,则不需执行。
systemctl restart elasticsearch

2.7 设置用户密码

shell 复制代码
./bin/elasticsearch-setup-passwords  interactive

systemctl restart elasticsearch
相关推荐
Elasticsearch1 天前
深入解析 simdvec:Elasticsearch 如何利用神经网络和视频编解码 CPU 指令实现向量搜索
elasticsearch
Elasticsearch2 天前
一条命令。自然语言。你的 Elasticsearch 数据,直接进入终端
elasticsearch
vivo互联网技术2 天前
从 10 分钟到 1 秒:ES 深度分页任意跳页的三轮优化实战
服务器·数据库·redis·elasticsearch·深度分页
Elasticsearch2 天前
热力直达:使用 Elasticsearch 插件将 ES|QL 引入你的 Grafana 仪表板
elasticsearch
小猿姐2 天前
唯品会大规模数据库云原生实践:基于 KubeBlocks 管理数千实例的统一运维之路
运维·elasticsearch·云原生
Elasticsearch3 天前
使用 Elastic Agent Builder 和 Sarvam AI 构建多语言语音 agent
elasticsearch
武子康7 天前
调查研究-197 FAISS vs Elasticsearch 全面对比:从向量检索、全文搜索到 RAG 选型指南
人工智能·elasticsearch·agent
Elasticsearch8 天前
Elasticsearch ES|QL:现已支持视图、子查询和读取时模式定义
elasticsearch
Elasticsearch11 天前
Kibana 中的 SNMP 拓扑数据:从采集到 Canvas
elasticsearch