ES7.10 集群部署

仙长道号-Linux真人

已于 2023-09-07 11:28:29 修改

阅读量235

点赞数

文章标签：运维 es linux centos elk elasticsearch

于 2023-09-07 11:16:30 首次发布

本文链接：https://blog.csdn.net/a1808862593/article/details/132733921

版权

ES7.10集群部署

准备3台机器

节点	IP
node1	50.50.50.128
node2	50.50.50.129
node3	50.50.50.130

一、节点1-3 部署ES7.10

1.1下载rpm包安装

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.10.0-x86_64.rpm

yum install -y elasticsearch-7.10.0-x86_64.rpm

1.2创建数据目录赋予权限

mkdir -p /data/elasticsearch/{logs,data,apps}

chmod -R 750 /data/elasticsearch/{data,logs}

1.3修改配置文件

1.3.1修改主配置

vim /data/elasticsearch/elasticsearch.yml

cluster.name: ES7-cluster
node.name: ES7-node1
network.host: 0.0.0.0
path.data: /data/elasticsearch/data
path.logs: /data/elasticsearch/logs
node.master: true
node.data: true
bootstrap.memory_lock: false
http.port: 9200
discovery.seed_hosts: ["50.50.50.128:9300","50.50.50.129:9300","50.50.50.131:9300"]
cluster.initial_master_nodes: ["ES7-node1","ES7-node2","ES7-node3"]
bootstrap.system_call_filter: false
#xpack.security.enabled: true
#xpack.security.transport.ssl.enabled: true
#xpack.security.transport.ssl.verification_mode: certificate
#xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
#xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
http.cors.enabled: true
http.cors.allow-origin: "*"

1.3.2配置 elasticsearch 运行时使用的 Java 虚拟机参数。

内存分配：通过指定 -Xms和-Xmx 参数来设置初始堆大小和最大堆大小。
垃圾回收器：通过指定 -XX:+UseConcMarkSweepGC或者-XX:+UseG1GC 来选择垃圾回收器。
监控和调试：通过添加 -D 参数来设置系统属性，例如设置远程调试端口。
GC 日志：通过指定 -Xloggc 参数来启用垃圾回收日志，并指定日志输出的位置。
其他 JVM 参数：你还可以根据需要添加其他的 JVM 参数，例如设置线程栈大小、设置 IO 相关参数等。

vim /data/elasticsearch/jvm.options

## JVM configuration

################################################################
## IMPORTANT: JVM heap size
################################################################
##
## You should always set the min and max JVM heap
## size to the same value. For example, to set
## the heap to 4 GB, set:
##
## -Xms4g
## -Xmx4g
##
## See https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html
## for more information
##
################################################################

# Xms represents the initial size of total heap space
# Xmx represents the maximum size of total heap space

-Xms1g
-Xmx1g

################################################################
## Expert settings
################################################################
##
## All settings below this section are considered
## expert settings. Don't tamper with them unless
## you understand what you are doing
##
################################################################

## GC configuration
8-13:-XX:+UseConcMarkSweepGC
8-13:-XX:CMSInitiatingOccupancyFraction=75
8-13:-XX:+UseCMSInitiatingOccupancyOnly

## G1GC Configuration
# NOTE: G1 GC is only supported on JDK version 10 or later
# to use G1GC, uncomment the next two lines and update the version on the
# following three lines to your version of the JDK
# 10-13:-XX:-UseConcMarkSweepGC
# 10-13:-XX:-UseCMSInitiatingOccupancyOnly
14-:-XX:+UseG1GC
14-:-XX:G1ReservePercent=25
14-:-XX:InitiatingHeapOccupancyPercent=30

## JVM temporary directory
-Djava.io.tmpdir=\${ES_TMPDIR}

## heap dumps

# generate a heap dump when an allocation from the Java heap fails
# heap dumps are created in the working directory of the JVM
-XX:+HeapDumpOnOutOfMemoryError

# specify an alternative path for heap dumps; ensure the directory exists and
# has sufficient space
-XX:HeapDumpPath=/var/lib/elasticsearch

# specify an alternative path for JVM fatal error logs
-XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log

## JDK 8 GC logging
8:-XX:+PrintGCDetails
8:-XX:+PrintGCDateStamps
8:-XX:+PrintTenuringDistribution
8:-XX:+PrintGCApplicationStoppedTime
8:-Xloggc:/var/log/elasticsearch/gc.log
8:-XX:+UseGCLogFileRotation
8:-XX:NumberOfGCLogFiles=32
8:-XX:GCLogFileSize=64m

# JDK 9+ GC logging
9-:-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m

二、系统优化

2.1增加系统的最大打开文件数

修改 * soft nofile 65536 和 * hard nofile 65536 的目的是增加系统的最大打开文件数限制。
默认情况下，Linux系统对单个用户同时打开的文件数量有一定限制，这个限制可以通过修改配置文件 /etc/security/limits.conf 中的 soft nofile 和 hard nofile 参数来调整。
soft nofile 参数设置了用户能够打开的最大文件数限制，而 hard nofile 参数设置了系统整体能够支持的最大文件数限制。
通过将这两个参数设置为较大的值，可以增加系统所能处理的并行文件数量，从而提高系统的性能和扩展性。
这对于一些需要同时操作大量文件的应用程序或者服务器来说特别重要

vim /etc/security/limits.conf

* soft  nofile 65536
* hard  nofile 65536

2.2增加系统中允许的最大进程数

修改* soft nproc 4096和root soft nproc unlimited这两个配置的目的是为了调整Linux系统的最大进程数量限制。
默认情况下，Linux系统对于每个用户和用户组都有最大进程数量的限制。
通过将* soft nproc设置为较大的值（例如65535）和将root soft nproc设置为unlimited，可以增加系统中允许的最大进程数量，从而提高系统的并发处理能力。
这对于使用大量进程的应用程序或者需要处理大量并发连接的服务器非常有用。

vim /etc/security/limits.d/90-nproc.conf

# Default limit for number of user's processes to prevent
# accidental fork bombs.
# See rhbz #432903 for reasoning.

*          soft    nproc     4096
root       soft    nproc     unlimited

2.3修改系统的内核参数

修改/etc/sysctl.conf的目的是为了修改系统的内核参数配置。
通过修改这个文件，可以对系统的各种参数进行调整，以便优化系统的性能和稳定性。
例如，可以修改共享内存大小、消息队列个数以及其他与系统资源相关的参数。
这样可以根据实际需求来调整系统的配置，以获得更好的性能和稳定性。

vim /etc/sysctl.conf

# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
# sysctl.conf(5) for more details.

# Controls IP packet forwarding
net.ipv4.ip_forward = 0

# Controls source route verification
net.ipv4.conf.default.rp_filter = 1

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1

# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1

# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

# Controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65536

# Controls the maximum size of a message, in bytes
kernel.msgmax = 65536

# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736

# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296

vm.max_map_count = 655360

############ TCP Optimize ############
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_keepalive_time = 30
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 1024    65000
net.ipv4.tcp_timestamps = 0
kernel.msgmni = 128
net.ipv4.tcp_max_tw_buckets = 10000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 8192 8388608 16777216
net.ipv4.tcp_wmem = 8192 8388608 16777216
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_mem = 94500000 915000000 927000000
########################################

sysctl -p

三、启动ES7.10

3.1添加启动环境

sed -i '10a JAVA_HOME=/usr/share/elasticsearch/jdk' /etc/sysconfig/elasticsearch

3.2启动

3.2.1`CentOS7系统`启动命令

systemctl start elasticsearch

3.2.2`CentOS6系统`启动命令

/etc/init.d/elasticsearch start

四、查看集群节点

curl localhost:9200/_cat/nodes?pretty

五、集群添加用户安全认证

node1创建证书、秘钥，直接回车先不设置密码。
将证书、秘钥上传至node2、node3。
node1-3修改集群配置，添加认证配置并重启服务。

5.1创建证书ca

/usr/share/elasticsearch/bin/elasticsearch-certutil ca

5.2颁发证书

/usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

5.3保存证书密码

/usr/share/elasticsearch/bin/elasticsearch-keystore create

5.4将证书放在安装目录下

cp /usr/share/elasticsearch/elastic-certificates.p12 /etc/elasticsearch/

5.5证书密钥添加读写权限

chmod 664 elastic-certificates.p12
chmod 664 elasticsearch.keystore

5.6停止ES7.10

systemctl stop elasticsearch

5.7将证书密钥上传至其他节点

# 这里大家自己上传，我这里就打个tar包意思一下
tar zcf K.tar.gz elastic-certificates.p12 elasticsearch.keystore

5.8修改配置添加安全认证配置

vim /etc/elasticsearch/elasticsearch.yml

cluster.name: ES7-cluster
node.name: ES7-node1
network.host: 0.0.0.0
path.data: /data/elasticsearch/data
path.logs: /data/elasticsearch/logs
node.master: true
node.data: true
bootstrap.memory_lock: false
http.port: 9200
discovery.seed_hosts: ["50.50.50.128:9300","50.50.50.129:9300","50.50.50.131:9300"]
cluster.initial_master_nodes: ["ES7-node1","ES7-node2","ES7-node3"]
bootstrap.system_call_filter: false
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
http.cors.enabled: true
http.cors.allow-origin: "*"

5.9启动ES7.10

systemctl start elasticsearch

六、添加用户密码并验证

设置用户密码，最后查看集群节点验证

6.1查看集群节点

curl localhost:9200/_cat/nodes?pretty

6.2添加用户密码

# 建议密码都设置一样的，保存好密码。
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive

6.3查看集群节点

curl --user elastic:elasticsearch localhost:9200/_cat/nodes?pretty

_
_
_

至此ES7.10集群搭建完成，希望这篇文章对你有所帮助。