环境
服务器IP | 节点ID | 端口 | 集群名称 |
---|---|---|---|
192.168.15.31 | es-1 | 9200/9700 | es-test |
192.168.15.32 | es-2 | 9200/9700 | es-test |
192.168.15.33 | es-3 | 9200/9700 | es-test |
安装
下载安装包:
cd /usr/local/src
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.6.2-linux-x86_64.tar.gz
scp elasticsearch-8.6.2-linux-x86_64.tar.gz 192.168.15.32:/usr/local/src
scp elasticsearch-8.6.2-linux-x86_64.tar.gz 192.168.15.33:/usr/local/src
所有节点创建用户
groupadd elasticsearch
useradd elasticsearch -g elasticsearch
创建目录
# 所有节点执行如下步骤
mkdir /data/es/{logs,data} -p
tar xzvf elasticsearch-8.6.2-linux-x86_64.tar.gz -C /usr/local
授权
# 所有节点执行如下步骤
chown -R elasticsearch:elasticsearch /usr/local/elasticsearch-8.6.2
chown -R elasticsearch:elasticsearch /data/es
配置修改
192.168.15.31修改内容
vim /usr/local/elasticsearch-8.6.2/config/elasticsearch.yml
cluster.name: es-test
node.name: es-1
node.roles: [master,data]
path.data: /data/es/data
path.logs: /data/es/logs
network.host: 0.0.0.0
http.port: 9200
http.cors.enabled: true
http.cors.allow-origin: "*"
discovery.seed_hosts: ["192.168.15.31:9300","192.168.15.32:9300","192.168.15.33:9300"]
cluster.initial_master_nodes: ["es-1","es-2","es-3"]
# 下方内容是用于ssl认证的
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: none
xpack.security.transport.ssl.keystore.path: /usr/local/elasticsearch-8.6.2/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/local/elasticsearch-8.6.2/config/certs/elastic-certificates.p12
ingest.geoip.downloader.enabled: false
192.168.15.32修改内容
vim /usr/local/elasticsearch-8.6.2/config/elasticsearch.yml
cluster.name: es-test
node.name: es-2
node.roles: [master,data]
path.data: /data/es/data
path.logs: /data/es/logs
network.host: 0.0.0.0
http.port: 9200
http.cors.enabled: true
http.cors.allow-origin: "*"
discovery.seed_hosts: ["192.168.15.31:9300","192.168.15.32:9300","192.168.15.33:9300"]
cluster.initial_master_nodes: ["es-1","es-2","es-3"]
# 下方内容是用于ssl认证的
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: none
xpack.security.transport.ssl.keystore.path: /usr/local/elasticsearch-8.6.2/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/local/elasticsearch-8.6.2/config/certs/elastic-certificates.p12
ingest.geoip.downloader.enabled: false
192.168.15.33修改内容
vim /usr/local/elasticsearch-8.6.2/config/elasticsearch.yml
cluster.name: es-test
node.name: es-3
node.roles: [master,data]
path.data: /data/es/data
path.logs: /data/es/logs
network.host: 0.0.0.0
http.port: 9200
http.cors.enabled: true
http.cors.allow-origin: "*"
discovery.seed_hosts: ["192.168.15.31:9300","192.168.15.32:9300","192.168.15.33:9300"]
cluster.initial_master_nodes: ["es-1","es-2","es-3"]
# 下方内容是用于ssl认证的
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: none
xpack.security.transport.ssl.keystore.path: /usr/local/elasticsearch-8.6.2/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/local/elasticsearch-8.6.2/config/certs/elastic-certificates.p12
ingest.geoip.downloader.enabled: false
环境配置
所有节点都需要修改
修改最大文件数
cat >> /etc/security/limits.conf <<EOF
elasticsearch soft nofile 65536
elasticsearch hard nofile 65536
EOF
修改系统内核配置
echo "fs.file-max=655360" >> /etc/sysctl.conf
echo "vm.max_map_count=655360" >> /etc/sysctl.conf
sysctl -p
修改虚拟内存
# 此处根据自己的需求及规模进行调整
sed -i "s/## -Xms4g/-Xms2g/" /usr/local/elasticsearch-8.6.2/config/jvm.options
sed -i "s/## -Xmx4g/-Xmx2g/" /usr/local/elasticsearch-8.6.2/config/jvm.options
认证
在192.168.15.31上面操作就行
# 签发ca证书
/usr/local/elasticsearch-8.6.2//bin/elasticsearch-certutil ca
`【ENTER】` 什么也不用输入直接回车
`【ENTER】` 什么也不用输入直接回车
# 用ca证书签发节点证书
/usr/local/elasticsearch-8.6.2//bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
`【ENTER】` 什么也不用输入直接回车
`【ENTER】` 什么也不用输入直接回车
`【ENTER】` 什么也不用输入直接回车
# 将证书放到certs目录(手动创建)
mkdir /usr/local/elasticsearch-8.6.2/config/certs
mv /usr/local/elasticsearch-8.6.2/elastic-certificates.p12 /usr/local/elasticsearch-8.6.2/elastic-stack-ca.p12 /usr/local/elasticsearch-8.6.2/config/certs
scp -r /usr/local/elasticsearch-8.6.2/config/certs 192.168.15.32:/usr/local/elasticsearch-8.6.2/config/
scp -r /usr/local/elasticsearch-8.6.2/config/certs 192.168.15.33:/usr/local/elasticsearch-8.6.2/config/
ik分词插件安装
cd /usr/local/src
mkdir ik
cd ik
# 需要下载与es版本一致的ik分词版本包
wget https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v8.6.2/elasticsearch-analysis-ik-8.6.2.zip
unzip elasticsearch-analysis-ik-8.6.2.zip
rm -f elasticsearch-analysis-ik-8.6.2.zip
cd ..
cp -r ik /usr/local/elasticsearch-8.6.2/plugins/
# 将插件复制到其余节点
scp -r /usr/local/elasticsearch-8.6.2/plugins/ik 192.168.15.32:/usr/local/elasticsearch-8.6.2/plugins/
scp -r /usr/local/elasticsearch-8.6.2/plugins/ik 192.168.15.33:/usr/local/elasticsearch-8.6.2/plugins/
# 每台服务器授权
chown -R elasticsearch:elasticsearch /usr/local/elasticsearch-8.6.2
启动
切换用户:
su - elasticsearch
cd /usr/local/elasticsearch-8.6.2/bin
./elasticsearch -d
# 查看端口是否启动
netstat -lanp | egrep "9200|9300" | grep LISTEN
修改密码:
在某一台服务器上操作即可
# 第一种,配置每个账号的密码
./elasticsearch-setup-passwords interactive
******************************************************************************
Note: The 'elasticsearch-setup-passwords' tool has been deprecated. This command will be removed in a future release.
******************************************************************************
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana_system]:
Reenter password for [kibana_system]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
# 第二种,随机生成特定账号的密码
./elasticsearch-reset-password -u elastic
This tool will reset the password of the [elastic] user to an autogenerated value.
The password will be printed in the console.
Please confirm that you would like to continue [y/N]y
Password for the [elastic] user successfully reset.
New value: ihn1eUl0-cSGQ2ekMBTj
常用查看
查看集群状态
curl -k --user elastic:ihn1eUl0-cSGQ2ekMBTj -XGET "http://192.168.15.31:9200/_cat/nodes?v"
# 此处ip不是192.168.15.x是因为我的服务器还有其他服务开启了tun的。
ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name
172.25.244.192 41 97 4 0.70 0.54 0.33 dm * es-1
172.25.92.64 28 97 4 0.15 0.30 0.41 dm - es-2
172.18.195.0 24 97 4 0.27 0.46 0.53 dm - es-3
列出所有索引
curl -k --user elastic:ihn1eUl0-cSGQ2ekMBTj -XGET "http://192.168.15.31:9200/_cat/indices?v"
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
创建并查看索引
curl -k --user elastic:ihn1eUl0-cSGQ2ekMBTj -X PUT "http://192.168.15.31:9200/test?pretty"
{
"acknowledged" : true,
"shards_acknowledged" : true,
"index" : "test"
}
curl -k --user elastic:ihn1eUl0-cSGQ2ekMBTj -XGET "http://192.168.15.31:9200/_cat/indices?v"
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open test N89aJeQsTpiBtbDLh-I1pQ 1 1 0 0 450b 225b
登陆网页查看是否正常
扩容
- 服务器初始化
- 安装es,保持集群节点名称一致,node.name不一致
- 复制证书到新的节点
- 启动es即可
缩容
直接关闭要删除的节点,不能一次关闭半数以上的节点