Elasticsearch 8.2.2集群安装
1 集群环境
名称 | ip地址 | |
---|---|---|
node-01 | 192.168.85.136 | |
node-02 | 192.168.85.137 | |
node-03 | 192.168.85.138 |
2 环境准备
2.1 安装包准备
下载地址
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.2.2-linux-x86_64.tar.gz wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.2.2-linux-x86_64.tar.gz.sha512 shasum -a 512 -c elasticsearch-8.2.2-linux-x86_64.tar.gz.sha512
2.2 创建admin用户
命令
# 处于安全考虑,默认不能用root启动 useradd admin
2.3 admin授管理员权限
说明:在root用户下执行
$ su root $ chmod +w /etc/sudoers $ vi /etc/sudoers # 在文件最后添加如下内容: admin ALL=(ALL) ALL $ chmod -w /etc/sudoers
2.4 修改服务器进程数
添加用户级别句柄和进程
$ sudo vi /etc/security/limits.conf * soft noproc 65535 * hard noproc 65535 * soft nofile 1000000 * hard nofile 1000000 说明: * 代表针对所有用户 noproc 是代表最大进程数 nofile 是代表最大文件打开数 系统级别句柄 sysctl -w fs.file-max =65536
2.5 设置用户最大进程数
设置各linux 用户的最大进程数,下面把某linux用户的最大进程数设为10000个
$ vi /etc/profile ulimit -u 10000 (添加这行) # 使修改免重启并生效 $ source /etc/profile
2.6 调整进程最大虚拟内存区域数量
命令
echo “vm.max_map_count=262144” >> /etc/sysctl.conf sysctl -p
2.7 关闭防火墙
- 关闭防火墙
3.1 修改yam配置文件
node-01
# 群集名称设置 cluster.name: Hadoop # 节点名称设置 node.name: node-1 # data路径设置 path.data: /usr/local/elasticsearch-8.2.2/data # logs路径设置 path.logs: /usr/local/elasticsearch-8.2.2/logs # 网络主机设置 network.host: 0.0.0.0 #端口 http.port: 9200 # 发现 discovery.seed_hosts: ["192.168.85.136", "192.168.85.137", "192.168.85.138"] # 使用 TLS 加密节点通信 xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.client_authentication: required xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
node -02
cluster.name: Hadoop node.name: node-2 path.data: /usr/local/elasticsearch-8.2.2/data path.logs: /usr/local/elasticsearch-8.2.2/logs network.host: 0.0.0.0 http.port: 9200 discovery.seed_hosts: ["192.168.85.136", "192.168.85.137", "192.168.85.138"] cluster.initial_master_nodes: ["node-1", "node-2", "node-3"] xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.client_authentication: required xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
node -03
cluster.name: Hadoop node.name: node-3 path.data: /usr/local/elasticsearch-8.2.2/data path.logs: /usr/local/elasticsearch-8.2.2/logs network.host: 0.0.0.0 http.port: 9200 discovery.seed_hosts: ["192.168.85.136", "192.168.85.137", "192.168.85.138"] cluster.initial_master_nodes: ["node-1", "node-2", "node-3"] xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.client_authentication: required xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
1
4.1 基础安全配置
4.1.1 TLS配置
生成证书颁发机构 ,在node1节点创建即可
./bin/elasticsearch-certutil ca a.出现提示时,接受默认文件名,即 。此文件包含 CA 的公共证书和用于对每个节点的证书进行签名的私钥。elastic-stack-ca.p12 输入 CA 的密码。 b.如果未部署到生产环境,则可以选择将密码留空。
为群集中的节点生成证书和私钥,在node1节点执行即可
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
在群集中的每个节点上,将文件复制到config目录下
如果您在创建节点证书时输入了密码,请运行以下命令将密码存储在 Elasticsearch 密钥库中
./bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password ./bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
4.2 启动elasticseearch
三个节点均启动
# 后台启动 ./bin/elasticsearch -d
4.3 内置用户密码修改
注意:您必须为所有内置用户设置密码,且集群启动正常
[admin@hadoop01 bin]$ ./elasticsearch-setup-passwords interactive ****************************************************************************** Note: The 'elasticsearch-setup-passwords' tool has been deprecated. This command will be removed in a future release. ****************************************************************************** Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user. You will be prompted to enter passwords as the process progresses. Please confirm that you would like to continue [y/N]y Enter password for [elastic]: passwords must be at least [6] characters long Try again. Enter password for [elastic]: Reenter password for [elastic]: Passwords do not match. Try again. Enter password for [elastic]: Reenter password for [elastic]: Enter password for [apm_system]: Reenter password for [apm_system]: Enter password for [kibana_system]: Reenter password for [kibana_system]: Enter password for [logstash_system]: Reenter password for [logstash_system]: Enter password for [beats_system]: Reenter password for [beats_system]: Enter password for [remote_monitoring_user]: Reenter password for [remote_monitoring_user]: Changed password for user [apm_system] Changed password for user [kibana_system] Changed password for user [kibana] Changed password for user [logstash_system] Changed password for user [beats_system] Changed password for user [remote_monitoring_user] Changed password for user [elastic]
重新启动各集群节点
5 使用ES-head访问ES
打开地址
输入你的用户名、密码
默认用户名:elastic 密码:你自己设置的密码
登录成功