首先批量部署基础服务,可参照ansible-playbook脚本 install_es.yml
---
- name: install elasticsearch
hosts: "{{ ip }}"
user: root
vars:
- elasticsearch_version: 7.8.1
- hostip: "{{ansible_default_ipv4['address']}}"
tasks:
- name: create dir
file: path={{ item }} state=directory
with_items:
- /opt/elasticsearch
- name: copy file
copy: src={{ item.src }} dest={{ item.dest }} mode='0755'
with_items:
- {src: "elasticsearch-{{ elasticsearch_version }}-linux-x86_64.tar.gz",
dest: "/opt/elasticsearch/"}
- name: unarchinve the tar package
unarchive: src=/opt/elasticsearch/elasticsearch-{{ elasticsearch_version }}-linux-x86_64.tar.gz dest=/usr/local/ copy=no
- name: modify config
lineinfile:
path: /usr/local/elasticsearch-{{ elasticsearch_version }}/config/elasticsearch.yml
regexp: "{{ item.old }}"
line: "{{ item.new }}"
with_items:
- {old: '#node.name',new: 'node.name: node-1' }
- {old: '#bootstrap.memory_lock',new: 'bootstrap.memory_lock: false' }
- {old: '#bootstrap.system_call_filter',new: 'bootstrap.system_call_filter: false' }
- {old: '#cluster.initial_master_nodes',new: 'cluster.initial_master_nodes: ["node-1"]' }
- {old: '#http.cors.enabled',new: 'http.cors.enabled: true' }
- {old: '#http.cors.allow-origin',new: 'http.cors.allow-origin: "*"' }
- {old: '#network.host',new: 'network.host: 0.0.0.0' }
- {old: '#http.port',new: 'http.port: 9200' }
- {old: '#transport.host',new: 'transport.host: {{ hostip }}' }
- {old: '#transport.tcp.port',new: 'transport.tcp.port: 9300' }
- {old: '#xpack.security.enabled',new: 'xpack.security.enabled: true' }
- {old: '#xpack.security.transport.ssl.enabled',new: 'xpack.security.transport.ssl.enabled: true' }
- {old: '#xpack.security.transport.ssl.verification_mode',new: 'xpack.security.transport.ssl.verification_mode: certificate' }
- {old: '#xpack.security.transport.ssl.keystore.path',new: 'xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12' }
- {old: '#xpack.security.transport.ssl.truststore.path',new: 'xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12' }
- {old: '#discovery.zen.ping.unicast.hosts',new: 'discovery.zen.ping.unicast.hosts: [{{ ip }}]' }
- {old: '#discovery.zen.minimum_master_nodes',new: 'discovery.zen.minimum_master_nodes: 2' }
- {old: '#node.master',new: 'node.master: true' }
- {old: '#node.data',new: 'node.data: false' }
- {old: '#node.ingest',new: 'node.ingest: false' }
- name: modify jvm
lineinfile:
path: /usr/local/elasticsearch-{{ elasticsearch_version }}/config/jvm.options
regexp: "{{ item.old1 }}"
line: "{{ item.new1 }}"
with_items:
- {old1: '-Xms1g',new1: '-Xms16g' }
- {old1: '-Xmx1g',new1: '-Xmx16g' }
- name: create dir for certs
file: path={{ item }} state=directory
with_items:
- /usr/local/elasticsearch-{{ elasticsearch_version }}/config/certs
- name: create user es
user:
name: es
state: present
- name: update the dir user onwer
shell: chown -R es:es /usr/local/elasticsearch-{{ elasticsearch_version }}然后通过命令,批量部署至相关服务器
ansible-playbook install_es.yml -e "ip"="192.168.0.100,192.168.0.101,192.168.0.102"通过以上操作,仅完成基础部分部署,还需要做小部分的微调修改
第一部:进入master主机 192.168.0.100 部署路径:/usr/local/elasticsearch-7.8.1
根目录生成CA证书
bin/elasticsearch-certutil ca中间密码无需设置,直接回车下一步
第二步:使用第一步生成的证书,产生p12密钥
bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12第三步:拷贝p12文件至certs目录
cp *.p12 config/certs/第四步:拷贝p12文件至其它子节点的服务器相同路径下
第五步: 所有子节点的配置为
node.name: node-2 #依次递增
node.master: false
node.data: true第五步:启动master节点,然后再启动各子节点
bin/elasticsearch -d第六步:在master服务器设置密码,子节点无需设置,会自动同步
bin/elasticsearch-setup-passwords interactive注:根据提示,依次输入密码,即可完成密码设置
8302
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
