Elasticsearch 集群

服务器IP	主机角色
192.168.10.10	Elasticsearch Node01
192.168.10.11	Elasticsearch Node02
192.168.10.12	Elasticsearch Node03

Elasticsearch Node01

1. 下载 elasticsearch 安装包

   服务器支持访问互联网

   wget http://pdpublic.mingdao.com/private-deployment/offline/common/elasticsearch-8.5.3-linux-x86_64.tar.gz

   服务器不支持访问互联网

   # elasticsearch 安装包文件下载链接，下载完成后上传到部署服务器
   http://pdpublic.mingdao.com/private-deployment/offline/common/elasticsearch-8.5.3-linux-x86_64.tar.gz

2. 下载 elasticsearch-ik 插件包

   服务器支持访问互联网

   wget http://pdpublic.mingdao.com/private-deployment/offline/common/elasticsearch-analysis-ik-8.5.2.zip

   服务器不支持访问互联网

   # elasticsearch-ik 插件包文件下载链接，下载完成后上传到部署服务器
   http://pdpublic.mingdao.com/private-deployment/offline/common/elasticsearch-analysis-ik-8.5.2.zip

3. 解压 elasticsearch 至安装目录

   tar xf elasticsearch-8.5.3-linux-x86_64.tar.gz
   mv elasticsearch-8.5.3 /usr/local/elasticsearch

4. 解压 elasticsearch-ik 插件至安装目录

   mkdir /usr/local/elasticsearch/plugins/elasticsearch-analysis-ik
   unzip elasticsearch-analysis-ik-8.5.2.zip -d /usr/local/elasticsearch/plugins/elasticsearch-analysis-ik/
   sed -i 's/8.5.2/8.5.3/g' /usr/local/elasticsearch/plugins/elasticsearch-analysis-ik/plugin-descriptor.properties

5. 系统环境参数调整

   echo 'vm.max_map_count=262144' >> /etc/sysctl.conf
   echo 'vm.swappiness=1' >> /etc/sysctl.conf
   echo 'net.ipv4.tcp_retries2=5' >> /etc/sysctl.conf
   sysctl -p
   
   echo "* soft nofile 65536" >> /etc/security/limits.conf
   echo "* hard nofile 65536" >> /etc/security/limits.conf
   ulimit -n 65536

6. 修改 elasticsearch 配置文件

   cat > /usr/local/elasticsearch/config/elasticsearch.yml <<EOF
   cluster.name: md-elasticsearch-private
   node.name: elasticsearch-1
   node.roles:
   - master
   - data
   network.host: 0.0.0.0
   network.publish_host: 192.168.10.10
   http.port: 9200
   transport.port: 9300
   path.data: /data/elasticsearch/data
   path.logs: /data/elasticsearch/logs
   discovery.seed_hosts:
   - 192.168.10.10:9300
   - 192.168.10.11:9300
   - 192.168.10.12:9300
   cluster.initial_master_nodes:
   - elasticsearch-1
   - elasticsearch-2
   - elasticsearch-3
   xpack.security.enabled: true
   xpack.security.http.ssl.enabled: false
   xpack.security.transport.ssl.enabled: true
   xpack.security.transport.ssl.verification_mode: certificate 
   xpack.security.transport.ssl.keystore.path: cert/elastic-node-certificate.p12
   xpack.security.transport.ssl.truststore.path: cert/elastic-node-certificate.p12
   ingest.geoip.downloader.enabled: false
   cluster.max_shards_per_node: 20000
   EOF
   • 注意每个节点的 node.name 不同
   • network.publish_host 值为本机IP
   • discovery.seed_hosts 值在实际部署时注意替换为实际环境的各 elasticsearch 节点IP

7. 修改 elasticsearch jvm 内存限制为4g

   sed -ri "s/##[, ]*(-Xm[s|x])[0-9]g/\14g/g" /usr/local/elasticsearch/config/jvm.options

8. 创建数据目录

   mkdir -p /data/elasticsearch/{data,logs}
   mkdir /usr/local/elasticsearch/config/cert

9. 生成证书文件

   /usr/local/elasticsearch/bin/elasticsearch-certutil ca --out /usr/local/elasticsearch/config/cert/elastic-ca.p12 --days 36500 --pass ""
   
   /usr/local/elasticsearch/bin/elasticsearch-certutil cert --ca /usr/local/elasticsearch/config/cert/elastic-ca.p12 --ca-pass "" --out /usr/local/elasticsearch/config/cert/elastic-node-certificate.p12 --days 36500 --pass ""
   • 后面会需要将生成的 /usr/local/elasticsearch/config/cert/elastic-node-certificate.p12 证书文件拷贝的另外两个节点

10. 创建 elasticsearch 用户并授权目录权限

    useradd -M -s /sbin/nologin elasticsearch
    chown -R elasticsearch:elasticsearch /data/elasticsearch /usr/local/elasticsearch

11. 配置 systemd 管理

    cat > /etc/systemd/system/elasticsearch.service <<EOF
    [Unit]
    Description=Elasticsearch
    [Service]
    User=elasticsearch
    Group=elasticsearch
    LimitNOFILE=102400
    ExecStart=/usr/local/elasticsearch/bin/elasticsearch
    ExecStop=/usr/bin/kill  \$MAINPID
    Restart=on-failure
    [Install]
    WantedBy=multi-user.target
    EOF

12. 启动 elasticsearch 服务并加入开机自启动

    systemctl start elasticsearch
    systemctl enable elasticsearch

Elasticsearch Node02

1. 下载 elasticsearch 安装包

   服务器支持访问互联网

   wget http://pdpublic.mingdao.com/private-deployment/offline/common/elasticsearch-8.5.3-linux-x86_64.tar.gz

   服务器不支持访问互联网

   # elasticsearch 安装包文件下载链接，下载完成后上传到部署服务器
   http://pdpublic.mingdao.com/private-deployment/offline/common/elasticsearch-8.5.3-linux-x86_64.tar.gz

2. 下载 elasticsearch-ik 插件包

   服务器支持访问互联网

   wget http://pdpublic.mingdao.com/private-deployment/offline/common/elasticsearch-analysis-ik-8.5.2.zip

   服务器不支持访问互联网

   # elasticsearch-ik 插件包文件下载链接，下载完成后上传到部署服务器
   http://pdpublic.mingdao.com/private-deployment/offline/common/elasticsearch-analysis-ik-8.5.2.zip

3. 解压 elasticsearch 至安装目录

   tar xf elasticsearch-8.5.3-linux-x86_64.tar.gz
   mv elasticsearch-8.5.3 /usr/local/elasticsearch

4. 解压 elasticsearch-ik 插件至安装目录

   mkdir /usr/local/elasticsearch/plugins/elasticsearch-analysis-ik
   unzip elasticsearch-analysis-ik-8.5.2.zip -d /usr/local/elasticsearch/plugins/elasticsearch-analysis-ik/
   sed -i 's/8.5.2/8.5.3/g' /usr/local/elasticsearch/plugins/elasticsearch-analysis-ik/plugin-descriptor.properties

5. 系统环境参数调整

   echo 'vm.max_map_count=262144' >> /etc/sysctl.conf
   echo 'vm.swappiness=1' >> /etc/sysctl.conf
   echo 'net.ipv4.tcp_retries2=5' >> /etc/sysctl.conf
   sysctl -p
   
   echo "* soft nofile 65536" >> /etc/security/limits.conf
   echo "* hard nofile 65536" >> /etc/security/limits.conf
   ulimit -n 65536

6. 修改 elasticsearch 配置文件

   cat > /usr/local/elasticsearch/config/elasticsearch.yml <<EOF
   cluster.name: md-elasticsearch-private
   node.name: elasticsearch-2
   node.roles:
   - master
   - data
   network.host: 0.0.0.0
   network.publish_host: 192.168.10.11
   http.port: 9200
   transport.port: 9300
   path.data: /data/elasticsearch/data
   path.logs: /data/elasticsearch/logs
   discovery.seed_hosts:
   - 192.168.10.10:9300
   - 192.168.10.11:9300
   - 192.168.10.12:9300
   cluster.initial_master_nodes:
   - elasticsearch-1
   - elasticsearch-2
   - elasticsearch-3
   xpack.security.enabled: true
   xpack.security.http.ssl.enabled: false
   xpack.security.transport.ssl.enabled: true
   xpack.security.transport.ssl.verification_mode: certificate 
   xpack.security.transport.ssl.keystore.path: cert/elastic-node-certificate.p12
   xpack.security.transport.ssl.truststore.path: cert/elastic-node-certificate.p12
   ingest.geoip.downloader.enabled: false
   cluster.max_shards_per_node: 20000
   EOF
   • 注意每个节点的 node.name 不同
   • network.publish_host 值为本机IP
   • discovery.seed_hosts 值在实际部署时注意替换为实际环境的各 elasticsearch 节点IP

7. 修改 elasticsearch jvm 内存限制为4g

   sed -ri "s/##[, ]*(-Xm[s|x])[0-9]g/\14g/g" /usr/local/elasticsearch/config/jvm.options

8. 创建数据目录

   mkdir -p /data/elasticsearch/{data,logs}
   mkdir /usr/local/elasticsearch/config/cert

9. 拷贝证书文件

   将 Elasticsearch 01 生成的 /usr/local/elasticsearch/config/cert/elastic-node-certificate.p12 证书文件拷贝的本节点 /usr/local/elasticsearch/config/cert/ 目录下

10. 创建 elasticsearch 用户并授权目录权限

    useradd -M -s /sbin/nologin elasticsearch
    chown -R elasticsearch:elasticsearch /data/elasticsearch /usr/local/elasticsearch

11. 配置 systemd 管理

    cat > /etc/systemd/system/elasticsearch.service <<EOF
    [Unit]
    Description=Elasticsearch
    [Service]
    User=elasticsearch
    Group=elasticsearch
    LimitNOFILE=102400
    ExecStart=/usr/local/elasticsearch/bin/elasticsearch
    ExecStop=/usr/bin/kill  \$MAINPID
    Restart=on-failure
    [Install]
    WantedBy=multi-user.target
    EOF

12. 启动 elasticsearch 服务并加入开机自启动

    systemctl start elasticsearch
    systemctl enable elasticsearch

Elasticsearch Node03

1. 下载 elasticsearch 安装包

   服务器支持访问互联网

   wget http://pdpublic.mingdao.com/private-deployment/offline/common/elasticsearch-8.5.3-linux-x86_64.tar.gz

   服务器不支持访问互联网

   # elasticsearch 安装包文件下载链接，下载完成后上传到部署服务器
   http://pdpublic.mingdao.com/private-deployment/offline/common/elasticsearch-8.5.3-linux-x86_64.tar.gz

2. 下载 elasticsearch-ik 插件包

   服务器支持访问互联网

   wget http://pdpublic.mingdao.com/private-deployment/offline/common/elasticsearch-analysis-ik-8.5.2.zip

   服务器不支持访问互联网

   # elasticsearch-ik 插件包文件下载链接，下载完成后上传到部署服务器
   http://pdpublic.mingdao.com/private-deployment/offline/common/elasticsearch-analysis-ik-8.5.2.zip

3. 解压 elasticsearch 至安装目录

   tar xf elasticsearch-8.5.3-linux-x86_64.tar.gz
   mv elasticsearch-8.5.3 /usr/local/elasticsearch

4. 解压 elasticsearch-ik 插件至安装目录

   mkdir /usr/local/elasticsearch/plugins/elasticsearch-analysis-ik
   unzip elasticsearch-analysis-ik-8.5.2.zip -d /usr/local/elasticsearch/plugins/elasticsearch-analysis-ik/
   sed -i 's/8.5.2/8.5.3/g' /usr/local/elasticsearch/plugins/elasticsearch-analysis-ik/plugin-descriptor.properties

5. 系统环境参数调整

   echo 'vm.max_map_count=262144' >> /etc/sysctl.conf
   echo 'vm.swappiness=1' >> /etc/sysctl.conf
   echo 'net.ipv4.tcp_retries2=5' >> /etc/sysctl.conf
   sysctl -p
   
   echo "* soft nofile 65536" >> /etc/security/limits.conf
   echo "* hard nofile 65536" >> /etc/security/limits.conf
   ulimit -n 65536

6. 修改 elasticsearch 配置文件

   cat > /usr/local/elasticsearch/config/elasticsearch.yml <<EOF
   cluster.name: md-elasticsearch-private
   node.name: elasticsearch-3
   node.roles:
   - master
   - data
   network.host: 0.0.0.0
   network.publish_host: 192.168.10.13
   http.port: 9200
   transport.port: 9300
   path.data: /data/elasticsearch/data
   path.logs: /data/elasticsearch/logs
   discovery.seed_hosts:
   - 192.168.10.10:9300
   - 192.168.10.11:9300
   - 192.168.10.12:9300
   cluster.initial_master_nodes:
   - elasticsearch-1
   - elasticsearch-2
   - elasticsearch-3
   xpack.security.enabled: true
   xpack.security.http.ssl.enabled: false
   xpack.security.transport.ssl.enabled: true
   xpack.security.transport.ssl.verification_mode: certificate 
   xpack.security.transport.ssl.keystore.path: cert/elastic-node-certificate.p12
   xpack.security.transport.ssl.truststore.path: cert/elastic-node-certificate.p12
   ingest.geoip.downloader.enabled: false
   cluster.max_shards_per_node: 20000
   EOF
   • 注意每个节点的 node.name 不同
   • network.publish_host 值为本机IP
   • discovery.seed_hosts 值在实际部署时注意替换为实际环境的各 elasticsearch 节点IP

7. 修改 elasticsearch jvm 内存限制为4g

   sed -ri "s/##[, ]*(-Xm[s|x])[0-9]g/\14g/g" /usr/local/elasticsearch/config/jvm.options

8. 创建数据目录

   mkdir -p /data/elasticsearch/{data,logs}
   mkdir /usr/local/elasticsearch/config/cert

9. 拷贝证书文件

   将 Elasticsearch 01 生成的 /usr/local/elasticsearch/config/cert/elastic-node-certificate.p12 证书文件拷贝的本节点 /usr/local/elasticsearch/config/cert/ 目录下

10. 创建 elasticsearch 用户并授权目录权限

    useradd -M -s /sbin/nologin elasticsearch
    chown -R elasticsearch:elasticsearch /data/elasticsearch /usr/local/elasticsearch

11. 配置 systemd 管理

    cat > /etc/systemd/system/elasticsearch.service <<EOF
    [Unit]
    Description=Elasticsearch
    [Service]
    User=elasticsearch
    Group=elasticsearch
    LimitNOFILE=102400
    ExecStart=/usr/local/elasticsearch/bin/elasticsearch
    ExecStop=/usr/bin/kill  \$MAINPID
    Restart=on-failure
    [Install]
    WantedBy=multi-user.target
    EOF

12. 启动 elasticsearch 服务并加入开机自启动

    systemctl start elasticsearch
    systemctl enable elasticsearch

配置认证

任意一台 Elasticsearch 节点上操作即可

/usr/local/elasticsearch/bin/elasticsearch-reset-password -u elastic -i

# 密码 123456 输入后终端不会显示，正常黏贴或敲入即可

# 或者非交互配置，需要先确保服务是启动状态
ss -lnt|grep 9200

elastic_pwd=123456
echo -e 'y\n'$elastic_pwd'\n'$elastic_pwd'' | /usr/local/elasticsearch/bin/elasticsearch-reset-password -u elastic -i

集群验证

查看集群状态

curl -u elastic:123456 127.0.0.1:9200/_cat/health?v

查看节点角色

curl -u elastic:123456 127.0.0.1:9200/_cat/nodes

查看节点已安装的插件

curl -u elastic:123456 127.0.0.1:9200/_cat/plugins