Elasticsearch 生产集群部署终极方案

Elasticsearch 集群部署

  • 1.集群部署
    • [1.1 新增用户](#1.1 新增用户)
    • [1.2 优化操作系统](#1.2 优化操作系统)
    • [1.3 JDK](#1.3 JDK)
    • [1.4 elasticsearch](#1.4 elasticsearch)
    • [1.5 开机自启动](#1.5 开机自启动)
  • 2.安全认证功能
    • [2.1 生成CA证书](#2.1 生成CA证书)
    • [2.2 生成密钥](#2.2 生成密钥)
    • [2.3 上传至其他节点](#2.3 上传至其他节点)
    • [2.4 修改属主、属组](#2.4 修改属主、属组)
    • [2.5 配置文件添加参数](#2.5 配置文件添加参数)
    • [2.6 各节点添加密钥库密码](#2.6 各节点添加密钥库密码)
    • [2.7 设置用户密码](#2.7 设置用户密码)

1.集群部署

1.1 新增用户

shell 复制代码
useradd es  -m  -s  /bin/bash

1.2 优化操作系统

shell 复制代码
cat /etc/security/limits.conf
*               soft    nofile          65536
*               hard    nofile          65536

cat /etc/sysctl.conf
vm.max_map_count=262144

sysctl -p

1.3 JDK

shell 复制代码
tar xf jdk-8u441-linux-x64.tar.gz -C  /usr/local/
ln -s /usr/local/jdk1.8.0_441    /usr/local/jdk1.8.0
su - es
echo -e 'export JAVA_HOME=/usr/local/jdk1.8.0\nexport CLASSPATH=.:$JAVA_HOME/lib:$JAVA_HOME/jre/lib\nexport PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$PATH' >>  ~/.bashrc

1.4 elasticsearch

shell 复制代码
wget  https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.6.1-linux-x86_64.tar.gz
tar xvf elasticsearch-7.6.1-linux-x86_64.tar.gz -C /usr/local/
ln -s /usr/local/elasticsearch-7.6.1   /usr/local/elasticsearch
chown -R  es.es  /usr/local/elasticsearch
chown -R  es.es  /usr/local/elasticsearch-7.6.1/
cat > /usr/local/elasticsearch/config/elasticsearch.yml <<EOF
cluster.name: es-cluster
node.name: es-node1
node.master: true
node.data: true
path.data: /home/elasticsearch/data
path.logs: /home/elasticsearch/logs
network.host: 0.0.0.0
http.port: 9200
transport.tcp.port: 9300
discovery.seed_hosts: ["172.16.2.8", "172.16.2.9","172.16.2.10"]
cluster.initial_master_nodes: ["172.16.2.8", "172.16.2.9","172.16.2.10"]
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,X-Requested-With,Content-Type,Content-Length
EOF
mkdir -p /home/elasticsearch/{data,logs}
chown -R es:es /home/elasticsearch 

1.5 开机自启动

shell 复制代码
cat > /usr/lib/systemd/system/elasticsearch.service <<EOF
[Unit]
Description=Elasticsearch
Documentation=https://www.elastic.co
Wants=network-online.target
After=network-online.target

[Service]
User=es
Group=es
ExecStart=/usr/local/elasticsearch/bin/elasticsearch

[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable elasticsearch.service
systemctl start elasticsearch.service

2.安全认证功能

2.1 生成CA证书

shell 复制代码
su - es
./bin/elasticsearch-certutil ca --pass "elastic"  --out ./

2.2 生成密钥

shell 复制代码
mkdir ./config/certificates
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 --pass "elastic" --out ./config/certificates/

2.3 上传至其他节点

shell 复制代码
scp -i id_rsa config/certificaties/elastic-certificates.p12 root@172.16.2.9:/usr/local/elasticsearch/config/certificaties
scp -i id_rsa config/certificaties/elastic-certificates.p12 root@172.16.2.10:/usr/local/elasticsearch/config/certificaties

2.4 修改属主、属组

shell 复制代码
chown -R es:es certificaties/

2.5 配置文件添加参数

复制代码
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/local/elasticsearch/config/certificates/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/local/elasticsearch/config/certificates/elastic-certificates.p12

2.6 各节点添加密钥库密码

shell 复制代码
./bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
./bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
#输入生成密钥时的密码,例:elastic;如果生成密钥没有设置密码,则不需执行。
systemctl restart elasticsearch

2.7 设置用户密码

shell 复制代码
./bin/elasticsearch-setup-passwords  interactive

systemctl restart elasticsearch
相关推荐
gorgor在码农27 分钟前
Elasticsearch 的聚合(Aggregations)操作详解
大数据·elasticsearch·搜索引擎
Hello.Reader30 分钟前
Elasticsearch安全审计日志设置与最佳实践
安全·elasticsearch·jenkins
虚伪的空想家4 小时前
记录es收集日志报错问题as the final mapping would have more than 1 type[XXX,doc]
大数据·elasticsearch·搜索引擎·容器·kubernetes·log-pilot
Hello.Reader13 小时前
Go-Elasticsearch v9 安装与版本兼容性
elasticsearch·golang·jenkins
mykyle16 小时前
Elasticsearch-ik分析器
大数据·elasticsearch·jenkins
Penge6661 天前
Elasticsearch深度分页解决方案
elasticsearch
Penge6661 天前
Elasticsearch match_phrase 查询 slop 参数详解文档
elasticsearch
Penge6661 天前
Elasticsearch 中的 copy_to:一文掌握字段合并搜索的利器
elasticsearch
mykyle2 天前
Elasticsearch-8.17.0 centos7安装
大数据·elasticsearch·jenkins
躲在云朵里`2 天前
Git的使用
大数据·git·elasticsearch