1、安裝Elasticsearch
1.1 環境說明
Centos7.6html
Elasticsearch7.1.1java
#掛載數據盤node
fdisk /dev/vdb n,p,1,回車,回車,wq fdisk -l mkfs.ext4 /dev/vdb1 echo '/dev/vdb1 /opt ext4 defaults 0 0' >>/etc/fstab mount -a df -h
#時間同步linux
yum install -y ntp systemctl enable ntpd && systemctl start ntpd timedatectl set-timezone Asia/Shanghai timedatectl set-ntp yes ntpq -p
1.2 操做系統調優
cat >> /etc/sysctl.conf <<EOF fs.file-max=655360 vm.max_map_count = 262144 EOF
sysctl -pgit
vim /etc/security/limits.confgithub
* soft nproc 20480 * hard nproc 20480 * soft nofile 65536 * hard nofile 65536 * soft memlock unlimited * hard memlock unlimited
vim /etc/security/limits.d/20-nproc.confsql
* soft nproc 20480
1.3 安裝JDK
yum install -y java-1.8.0-openjdk*bootstrap
vim /etc/profilevim
# set java environment export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.212.b04-0.el7_6.x86_64 export PATH=$PATH:$JAVA_HOME/bin export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
source /etc/profile安全
echo "source /etc/profile" >> /etc/bashrc
1.4 安裝es
1)新建用戶
groupadd elsearch
useradd elsearch -g elsearch -p elasticsearch
2)下載
cd /opt
wget https://img.yiyao.cc/elasticsearch-7.1.1-linux-x86_64.tar.gz
tar -zxvf elasticsearch-7.1.1-linux-x86_64.tar.gz
mv elasticsearch-7.1.1 elasticsearch
chown -R elsearch.elsearch ./elasticsearch
3)JVM調優
物理內存一半
vim /opt/elasticsearch/config/jvm.options
-Xms8g -Xmx8g
4)配置es,三個節點同時做爲 master 和 data
vim /opt/elasticsearch/config/elasticsearch.yml
#節點1
cluster.name: wmqees node.name: es-node1 node.master: true node.data: true path.data: /opt/elasticsearch/data path.logs: /opt/elasticsearch/logs bootstrap.memory_lock: true network.host: 172.16.2.141 http.port: 9200 discovery.zen.minimum_master_nodes: 2 discovery.zen.ping.unicast.hosts: ["172.16.2.141:9300","172.16.2.142:9300","172.16.2.143:9300"]
cluster.initial_master_nodes: ["es-node1", "es-node2", "es-node3"]
http.cors.enabled: true
http.cors.allow-origin: "*"
cluster.initial_master_nodes參數說明:es7 引用了 Bootstrapping a cluster 後,首次啓動Elasticsearch集羣須要在集羣中的一個或多個符合主節點的節點上顯式定義初始的符合主節點的節點集。這稱爲羣集自舉,這僅在羣集首次啓動時才須要。
#節點2
cluster.name: wmqees node.name: es-node2 node.master: true node.data: true path.data: /opt/elasticsearch/data path.logs: /opt/elasticsearch/logs bootstrap.memory_lock: true network.host: 172.16.2.142 http.port: 9200 discovery.zen.minimum_master_nodes: 2 discovery.zen.ping.unicast.hosts: ["172.16.2.141:9300","172.16.2.142:9300","172.16.2.143:9300"]
cluster.initial_master_nodes: ["es-node1", "es-node2", "es-node3"]
http.cors.enabled: true
http.cors.allow-origin: "*"
#節點3
cluster.name: wmqees node.name: es-node3 node.master: true node.data: true path.data: /opt/elasticsearch/data path.logs: /opt/elasticsearch/logs bootstrap.memory_lock: true network.host: 172.16.2.143 http.port: 9200 discovery.zen.minimum_master_nodes: 2 discovery.zen.ping.unicast.hosts: ["172.16.2.141:9300","172.16.2.142:9300","172.16.2.143:9300"]
cluster.initial_master_nodes: ["es-node1", "es-node2", "es-node3"]
http.cors.enabled: true
http.cors.allow-origin: "*"
5)啓動
su - elsearch -c "/opt/elasticsearch/bin/elasticsearch -d"
6)驗證
curl "172.16.2.143:9200/_xpack"
{"build":{"hash":"7a013de","date":"2019-05-23T14:05:50.009976Z"},"license":{"uid":"344f983f-9d20-4476-851a-4172fd669f12","type":"basic","mode":"basic","status":"active"},"features":{"ccr":{"description":"Cross Cluster Replication","available":false,"enabled":true},"graph":{"description":"Graph Data Exploration for the Elastic Stack","available":false,"enabled":true},"ilm":{"description":"Index lifecycle management for the Elastic Stack","available":true,"enabled":true},"logstash":{"description":"Logstash management component for X-Pack","available":false,"enabled":true},"ml":{"description":"Machine Learning for the Elastic Stack","available":false,"enabled":true,"native_code_info":{"version":"7.1.1","build_hash":"fd619a36eb77df"}},"monitoring":{"description":"Monitoring for the Elastic Stack","available":true,"enabled":true},"rollup":{"description":"Time series pre-aggregation and rollup","available":true,"enabled":true},"security":{"description":"Security for the Elastic Stack","available":true,"enabled":false},"sql":{"description":"SQL access to Elasticsearch","available":true,"enabled":true},"watcher":{"description":"Alerting, Notification and Automation for the Elastic Stack","available":false,"enabled":true}},"tagline":"You know, for X"}
說明:顯示 license 不爲空則安裝成功。es7版本默認已經包含xpack認證,無需註冊。
1.5 開機自啓
有 systemd 和 service 兩種方式進行設置開機自啓,推薦 systemd 方式能夠設置 es 異常掛起後可以重啓。
1.5.1 Systemd 方式(推薦)
1)新建環境配置文件,指定Java路徑
vim /etc/sysconfig/elasticsearch
################################ # Elasticsearch ################################ # Elasticsearch home directory #ES_HOME=/usr/share/elasticsearch # Elasticsearch Java path JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.212.b10-0.el7_6.x86_64 CLASSPATH=.:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.212.b10-0.el7_6.x86_64/lib:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.212.b10-0.el7_6.x86_64/jre/lib # Elasticsearch configuration directory #ES_PATH_CONF=${path.conf} # Elasticsearch PID directory #PID_DIR=/var/run/elasticsearch # Additional Java OPTS #ES_JAVA_OPTS= # Configure restart on package upgrade (true, every other setting will lead to not restarting) #RESTART_ON_UPGRADE=true ################################ # Elasticsearch service ################################ # SysV init.d # # The number of seconds to wait before checking if Elasticsearch started successfully as a daemon process ES_STARTUP_SLEEP_TIME=5 ################################ # System properties ################################ # Specifies the maximum file descriptor number that can be opened by this process # When using Systemd, this setting is ignored and the LimitNOFILE defined in # /usr/lib/systemd/system/elasticsearch.service takes precedence #MAX_OPEN_FILES=65535 # The maximum number of bytes of memory that may be locked into RAM # Set to "unlimited" if you use the 'bootstrap.memory_lock: true' option # in elasticsearch.yml. # When using systemd, LimitMEMLOCK must be set in a unit file such as # /etc/systemd/system/elasticsearch.service.d/override.conf. #MAX_LOCKED_MEMORY=unlimited # Maximum number of VMA (Virtual Memory Areas) a process can own # When using Systemd, this setting is ignored and the 'vm.max_map_count' # property is set at boot time in /usr/lib/sysctl.d/elasticsearch.conf #MAX_MAP_COUNT=262144
2)建立服務文件
vim /usr/lib/systemd/system/elasticsearch.service
[Unit] Description=Elasticsearch Documentation=http://www.elastic.co Wants=network-online.target After=network-online.target [Service] Restart=always Type=simple PrivateTmp=true Environment=ES_HOME=/opt/elasticsearch Environment=ES_PATH_CONF=/opt/elasticsearch/config Environment=PID_DIR=/opt/elasticsearch Environment=ES_SD_NOTIFY=true EnvironmentFile=/etc/sysconfig/elasticsearch WorkingDirectory=/opt/elasticsearch User=elsearch Group=elsearch ExecStart=/opt/elasticsearch/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid --quiet # StandardOutput is configured to redirect to journalctl since # some error messages may be logged in standard output before # elasticsearch logging system is initialized. Elasticsearch # stores its logs in /var/log/elasticsearch and does not use # journalctl by default. If you also want to enable journalctl # logging, you can simply remove the "quiet" option from ExecStart. StandardOutput=journal StandardError=inherit # Specifies the maximum file descriptor number that can be opened by this process LimitNOFILE=65535 # Specifies the maximum number of processes LimitNPROC=20480
LimitMEMLOCK=infinity
# Specifies the maximum size of virtual memory LimitAS=infinity # Specifies the maximum file size LimitFSIZE=infinity # Disable timeout logic and wait until process is stopped TimeoutStopSec=0 # SIGTERM signal is used to stop the Java process KillSignal=SIGTERM # Send the signal only to the JVM rather than its control group KillMode=process # Java process is never killed SendSIGKILL=no # When a JVM receives a SIGTERM signal it exits with code 143 SuccessExitStatus=143 [Install] WantedBy=multi-user.target # Built for ${project.name}-${project.version} (${project.name})
3)啓動
systemctl daemon-reload systemctl enable elasticsearch.service systemctl start elasticsearch.service
能夠 kill 掉 es 進程,es 會再次啓動。
1.5.2 service 方式(不推薦)
1)建立啓動腳本
vim /etc/init.d/elasticsearch
#!/bin/sh #chkconfig: 2345 80 05 #description: elasticsearch #processname: elasticsearch-7.1.1 export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.212.b04-0.el7_6.x86_64 export JAVA_BIN=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.212.b04-0.el7_6.x86_64/bin export PATH=$PATH:$JAVA_HOME/bin export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar export ES_HOME=/opt/elasticsearch case $1 in start) su elsearch<<! cd $ES_HOME ./bin/elasticsearch -d -p pid exit ! echo "elasticsearch is started" ;; stop) pid=`cat $ES_HOME/pid` kill -9 $pid echo "elasticsearch is stopped" ;; restart) pid=`cat $ES_HOME/pid` kill -9 $pid echo "elasticsearch is stopped" sleep 1 su elsearch<<! cd $ES_HOME ./bin/elasticsearch -d -p pid exit ! echo "elasticsearch is started" ;; *) echo "start|stop|restart" ;; esac exit 0
說明:需指定JDK環境,要否則會默認使用es自帶的JDK,自帶的版本太新,去除了GC。
2)啓動
# 添加到開機啓動任務 chmod +x /etc/init.d/elasticsearch chkconfig --add elasticsearch # 啓動 service elasticsearch start
2、配置 TLS 和身份驗證
2.1 建立證書文件
在一個master上執行便可
cd /opt/elasticsearch ./bin/elasticsearch-certutil ca 兩次回車 ./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 三次回車
賦予權限
mkdir config/certs
mv elastic-*.p12 config/certs/
chown -R elsearch:elsearch config/certs/
再把證書文件 elastic-certificates.p12 複製到其餘master節點並賦予權限。
2.2 修改配置
#全部主機配置文件添加ssl
cat >> config/elasticsearch.yml <<EOF xpack.security.enabled: true xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12 EOF
重啓 elasticsearch
service elasticsearch restart
2.3 生成客戶端證書
cd /opt/elasticsearch bin/elasticsearch-certutil cert --ca \ config/certs/elastic-stack-ca.p12 \ -name "CN=esuser,OU=dev,DC=weqhealth,DC=com" 回車 client.p12 回車
拆分證書
mv client.p12 config/certs/ cd config/certs/ openssl pkcs12 -in client.p12 -nocerts -nodes > client-key.pem openssl pkcs12 -in client.p12 -clcerts -nokeys > client.crt openssl pkcs12 -in client.p12 -cacerts -nokeys -chain > client-ca.crt
chown elsearch:elsearch client*
2.4 設置默認密碼
bin/elasticsearch-setup-passwords interactive
y,分別設置 elastic、apm_system、kibana、logstash_system、beats_system、remote_monitoring_user帳號的密碼。
2.5 配置kibana
修改 kibana.yml 文件
elasticsearch.username: "kibana" elasticsearch.password: "elasticxxxxxxx"
而後用超級管理員帳號 elastic 登入到 kibana。在kibana中設置角色和帳號,也能夠修改帳號密碼。
2.6 驗證集羣狀態
由於開啓了xpack驗證,須要指定帳號密碼
curl --user elastic:elasticxxxxxx -XGET '172.16.2.143:9200/_cat/health?v&pretty'
epoch timestamp cluster status node.total node.data shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent 1564645243 07:40:43 wmqees green 3 3 14 7 0 0 0 0 - 100.0%
參考:https://www.elastic.co/cn/blog/getting-started-with-elasticsearch-security
3、基本設置
3.1 設置分片數
es7默認主分片數和主分片副本數都爲1,經過 default_template 指定分片數
PUT _template/default_template { "index_patterns" : ["*"], "settings": { "number_of_shards": 3, "number_of_replicas" : 1 } }
number_of_shards:每一個索引的主分片數,默認值是 1 再也不是5。這個配置在索引建立後不能修改。
number_of_replicas:每一個主分片的副本數,默認值是 1 。對於活動的索引庫,這個配置能夠隨時修改。
3.2 集羣最大分片數
1) 說明
基於集羣中節點的數量,集羣中的分片數量有一個軟限制(數據節點數 * 1000),若是羣集中沒有數據節點,則不會執行該限制。
一、建立新索引,還原索引快照或打開關閉的索引會增長分片;關閉或刪除某些索引會減小分片。
二、副本數計入此限制,但封閉索引不計入。具備5個主要分片和2個副本的索引將計爲15個分片。不管封閉索引包含多少個分片和副本,任何封閉索引都將計爲0。
2)設置每一個數據節點在集羣中容許的分片數量
PUT _cluster/settings?pretty { "persistent": { "cluster.max_shards_per_node": 3000 } }
3)查詢設置結果
GET _cluster/settings?pretty # 結果以下 { "persistent" : { "cluster" : { "max_shards_per_node" : "3000" } }, "transient" : { } }
若是集羣有 3 個數據節點,這樣集羣總分片數爲 9000 個。
3.2 安全重啓es
1)禁用分片分配
關閉節點時,分配過程將等待 index.unassigned.node_left.delayed_timeout 1分鐘(默認狀況下爲1分鐘),而後開始將該節點上的分片複製到集羣中的其餘節點,這可能涉及大量I/O。因爲該節點不久將要從新啓動,所以該I/O是沒必要要的,經過在關閉節點以前禁用副本分配。
PUT _cluster/settings { "persistent": { "cluster.routing.allocation.enable": "primaries" } }
設置成primaries,索引的主分片會均分到集羣的各個node,副本分片處於unassigined狀態。
2)重啓es
依次挨個重啓一個節點,啓動好了後再重啓另外節點。
service elasticsearch restart
3)開啓分片分配
PUT _cluster/settings { "persistent": { "cluster.routing.allocation.enable": null } }