之前用的一直是单机,但是出现了很多的问题,所以就像安装了x-pack之后,也能不能搞个elasticsearch集群呢?
不多说,就是干。
对x-pack的破解 可以再生成之后加入 也可以生成之前加入:
正式开始:
**
1 配置SSL/TSL的集群文件 授权配置
**
在/usr/local/nlp/elasticsearch-6.0.1/config目录下创建一个certs目录
用来存放证书和相对应的SLL-key
$ mkdir certs
创建文件 instances.yml
$ touch instances.yml
instances.yml配置信息:
instances:
- name: "node-1"
ip:
- "10.168.12.138"
- name: "node-2"
ip:
- "10.168.12.95"
**
2 通过yml生产证书
**
用x-pack中的certgen生产证书
$ ./bin/x-pack/certgen -in /config/certs/instances.yml
生成证书时会提示选择一个目录(certs.zip必须是不存在的文件)
**
3 解压生成的zip文件
**
查看文件config/certs
$ cd /usr/local/elasticsearch-6.0.1/config/certs
$ ll
-rw------- 1 xxxx xxxx 7837 4月 1 10:43 certs.zip
-rw-rw-r-- 1 xxxx xxxx 114 4月 1 10:43 instances.yml
$ unzip certs.zip
drwxrwxr-x 2 xxxx xxxx 4096 4月 1 10:43 ca
-rw------- 1 xxxx xxxx 7837 4月 1 10:43 certs.zip
-rw-rw-r-- 1 xxxx xxxx 114 4月 1 10:43 instances.yml
drwxrwxr-x 2 xxxx xxxx 4096 4月 1 10:43 node-1
drwxrwxr-x 2 xxxx xxxx 4096 4月 1 13:52 node-2
**
4 配置 将相应的node-x和ca分发到各个节点进行配置
**
(注:例如你有两台机器做负载,在其中一台机器上生成证书文件即可,不用两台都生成
将生成好的证书文件直接分发到各个集群的机器上进行配置即可)
配置第一个节点
# ---------------------------------- Cluster -----------------------------------
cluster.name: my-application
node.name: node-1
node.attr.rack: r1
path.data: /usr/local/es/date
# ---------------------------------- Network -----------------------------------
network.host: 100.100.100.100
http.port: 8200
transport.tcp.port: 8201
# --------------------------------- Discovery ----------------------------------
discovery.zen.ping.unicast.hosts: ["100.100.100.100:8201", "100.100.100.101:8201"]
discovery.zen.minimum_master_nodes: 1
# ---------------------------------- Various -----------------------------------
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
# ------------------------------- 配置head连接 -----------------------------------
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,Content-Type
# ----------------------- 配置x-pack属性 --------------------------------------
#xpack.security.enabled: false
xpack.graph.enabled: false
xpack.ml.enabled: false
#xpack.reporting.enabled: false
xpack.monitoring.enabled: false
xpack.watcher.enabled: false
xpack.security.transport.ssl.enabled: true
xpack.ssl.key: /usr/local/elasticsearch-6.0.1/config/certs/node-1/node-1.key
xpack.ssl.certificate: /usr/local/elasticsearch-6.0.1/config/certs/node-1/node-1.crt
xpack.ssl.certificate_authorities: /usr/local/elasticsearch-6.0.1/config/certs/ca/ca.crt
注意:配置文件中 添加了 transport.tcp.port: 8201,在配置Discovery节点的时候端口号是tcp的端口,这里千万别搞错了,之前在这里踩过坑,还有就是xpack.security.enabled: true的朋友 ,注意修改为 xpack.security.transport.ssl.enabled: true ,
第二台的配置信息:
配置第二个节点
# ---------------------------------- Cluster -----------------------------------
cluster.name: my-application
node.name: node-2
node.attr.rack: r1
path.data: /usr/local/es/date
# ---------------------------------- Network -----------------------------------
network.host: 100.100.100.101
http.port: 8200
transport.tcp.port: 8201
# --------------------------------- Discovery ----------------------------------
discovery.zen.ping.unicast.hosts: ["100.100.100.100:8201", "100.100.100.101:8201"]
discovery.zen.minimum_master_nodes: 1
# ---------------------------------- Various -----------------------------------
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
# ------------------------------- 配置head连接 -----------------------------------
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,Content-Type
# ----------------------- 配置x-pack属性 --------------------------------------
#xpack.security.enabled: true
xpack.graph.enabled: false
xpack.ml.enabled: false
#xpack.reporting.enabled: true
xpack.monitoring.enabled: false
xpack.watcher.enabled: false
xpack.security.transport.ssl.enabled: true
xpack.ssl.certificate_authorities: /usr/local//elasticsearch-6.0.1/config/certs/ca/ca.crt
xpack.ssl.key: /usr/local/elasticsearch-6.0.1/config/certs/node-2/node-2.key
xpack.ssl.certificate: /usr/local/elasticsearch-6.0.1/config/certs/node-2/node-2.crt
现在全部配置完成,我们用head连接一下试试