Elastic agent集群部署及注意事项

原本想用独立模式,最后没部署成功,后面替换成fleet模式,测试时与独立模式也混合测试了下

版本选择

Es8.5.3 kibana8.5.3 centos7.9

部署es8.5.3

#单机没有部署成功,所有换成集群

#修改es默认环境

#修改文件打开数,需要重新切换用户进入才生效

vim /etc/security/limits.conf

* soft nofile 655350

* hard nofile 655350

* soft nproc 4096

* hard nproc 4096

vim /etc/sysctl.conf

vm.max_map_count = 655350

#执行以下命令进行生效

sysctl -p

#关闭防火墙

systemctl stop firewall

systemctl disable firewall

#下载文件

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.5.3-linux-x86_64.tar.gz

#解压

tar zxvf elasticsearch-8.5.3-linux-x86_64.tar.gz

#证书部分,只需要在第一台服务器上操作即可,其他直接复制过去就可以使用

#生成ca证书

./bin/elasticsearch-certutil ca

默认回车,在elasticsearch-8.5.3生成elastic-stack-ca.p12

#用ca证书生成节点证书

./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

默认回车,在elasticsearch-8.5.3生成elastic-certificates.p12

#生成http证书

./bin/elasticsearch-certutil http

默认回车,在elasticsearch-8.5.3生成elasticsearch-ssl-http.zip

#证书存放

cp *.p12 /opt/elasticsearch-8.5.3/config/certs

unzip elasticsearch-ssl-http.zip

cp cp elasticsearch/http.p12 config/

#修改文件归属

chown -R ezaccur:ezaccur /opt/elasticsearch-8.5.3

#需要切换用户执行,否则无法加入权限

bin/elasticsearch-keystore add xpack.security.http.ssl.keystore.secure_password

#修改配置文件

vim elasticsearch.yml

cluster.name: ezaccur

node.name: node-1

node.roles: [data, master]

network.host: 192.168.1.21

http.port: 9200

http.cors.allow-origin: "*"

http.cors.enabled: true

http.max_content_length: 200mb

discovery.seed_hosts: ["192.168.1.21", "192.168.1.22","192.168.1.23"]

cluster.initial_master_nodes: ["node-1", "node-2","node-3"]

xpack.security.http.ssl.enabled: true

xpack.security.http.ssl.keystore.path: "/opt/elasticsearch-8.5.3/config/http.p12"

xpack.security.enabled: true

xpack.security.transport.ssl.enabled: true

xpack.security.transport.ssl.verification_mode: none

xpack.security.transport.ssl.keystore.path: /opt/elasticsearch-8.5.3/config/certs/elastic-certificates.p12

xpack.security.transport.ssl.truststore.path: /opt/elasticsearch-8.5.3/config/certs/elastic-certificates.p12

ingest.geoip.downloader.enabled: false

#其他服务器同样的操作,只需要修改对应值就可以

重置elastic、kibana密码步骤

./elasticsearch-reset-password -u elastic -i

./elasticsearch-reset-password -u kibana -i

部署kibana8.5.3

下载:wget https://artifacts.elastic.co/downloads/kibana/kibana-8.5.3-linux-x86_64.tar.gz

解压:tar zxvf kibana-8.5.3-linux-x86_64.tar.gz

修改配置文件(PEM证书在安装es时,生成http时已生成,直接复用)

vim kibana.yml

server.port: 5601

server.host: "192.168.1.21"

elasticsearch.hosts: ["https://192.168.1.21:9200","https://192.168.1.22:9200","https://192.168.1.23:9200"]

elasticsearch.username: "kibana"

elasticsearch.password: "123456"

elasticsearch.ssl.verificationMode: full

elasticsearch.ssl.certificateAuthorities: [ "/opt/elasticsearch-8.5.3/kibana/elasticsearch-ca.pem" ]

然后登陆页面部署fleet、fleet server,elastic agent

默认elastic账号密码登录

所有安装步骤按照说明文档来即可

注意事项:

1、在Install Fleet Server to a centralized host这一步需要注意下,因为涉及到加密认证,可能会安装失败,如:

Error: fleet-server failed: context canceled

For help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/8.5/fleet-troubleshooting.html

Error: enroll command failed with exit code: 1

For help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/8.5/fleet-troubleshooting.html

该问题官网也有描述:https://www.elastic.co/guide/en/fleet/8.4/fleet-troubleshooting.html#agent-enrollment-certs

有两个处理方式,均可以尝试下:

  1. 加入—insecure

2)加入指定证书--fleet-server-es-ca=/opt/elasticsearch-8.5.3/kibana/elasticsearch-ca.pem

2、filebeat或者其他beat,一定有两个进程,没有则需要重新安装或者修改配置

查看配置方式:

./elastic-agent inspect output --output default -p filebeat

./elastic-agent inspect output --output default -p metricbeat

如果未查到配置,则可能是未启动

3、fleet模式装好后,默认进程都正常,但是独立模式下,filebeat只有monitoring进程,原因暂未找到。可以通过修改fleet模式下发的filebeat配置文件,修改output输出到未加密的es集群,重启即可查看采集效果。

效果:

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值