es集群快速部署,结合ansible
2020-06-03 本文已影响0人
随便写点什么就好
概述
es集群部署很简单,但是也有一些地方需要把握到位, 比如内存,开启密码认证.开启证书.
安装
#创建目录
ansible sjzx_es_test -m shell -a "mkdir -p /data/es_data"
ansible sjzx_es_test -m shell -a "mkdir -p /data/es_logs"
ansible sjzx_es_test -m shell -a "mkdir -p /data/es_bak"
ansible sjzx_es_test -m shell -a "useradd es"
ansible sjzx_es_test -m shell -a "chown -R es:es /data/es_data"
ansible sjzx_es_test -m shell -a "chown -R es:es /data/es_logs"
ansible sjzx_es_test -m shell -a "chown -R es:es /data/es_bak"
#添加hosts
ansible sjzx_es_test -m shell -a "echo '10.10.99.53 esnode01'>>/etc/hosts"
ansible sjzx_es_test -m shell -a "echo '10.10.99.54 esnode02'>>/etc/hosts"
ansible sjzx_es_test -m shell -a "echo '10.10.99.55 esnode03'>>/etc/hosts"
#复制软件
ansible sjzx_es_test -m copy -a "src=/tmp/elasticsearch-7.5.0-linux-x86_64.tar.gz dest=/usr/local/"
ansible sjzx_es_test -m shell -a "tar zxvf /usr/local/elasticsearch-7.5.0-linux-x86_64.tar.gz"
#注意,这个解压到/root/下了
ansible sjzx_es_test -m shell -a "mv elasticsearch-7.5.0 /usr/local/"
#文件目录也需要授权给es用户,否则es用户没有足够的权限启动,报java错误
ansible sjzx_es_test -m shell -a "chown -R es:es /usr/local/elasticsearch-7.5.0"
安装java环境
#经查java已经安装,没有安装就安装
ansible sjzx_es_test -m shell -a "java -version"
#ansible sjzx_es_test -m shell -a "yum install java-1.8.0-openjdk.x86_64 -y"
配置系统参数和java参数
ansible sjzx_es_test -m shell -a "echo 'vm.max_map_count=655360'>>/etc/sysctl.conf"
ansible sjzx_es_test -m shell -a "sysctl -p"
ansible sjzx_es_test -m shell -a "ulimit -a"
#内核优化vim /etc/security/limits.conf #根据实际情况在3个节点上进行配置
* soft nofile 655360
* hard nofile 655360
* soft nproc 655360
* hard nproc 655360
* soft memlock unlimited
* hard memlock unlimited
#默认内存是1g,根据服务器内存具体配置,测试环境用1g也可以了,生产环境用4g,8g.
/usr/local/elasticsearch-7.5.0/config/jvm.options
-Xms2g
-Xmx2g
配置证书
#在一个master上执行即可
cd /usr/local/elasticsearch-7.5.0
./bin/elasticsearch-certutil ca
#两次回车
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
#三次回车
mkdir config/certs
mv elastic-*.p12 config/certs/
chown -R es:es config/certs/
#再把证书文件 elastic-certificates.p12 复制到其他master节点同样位置, 并赋予权限, 用rsync -av就好。
修改配置文件,3个节点都需要操作
#配置文件如下: 节点之间除了node.name和network.host对应本机,别的都一样
[root@xxxxx config]# vim elasticsearch.yml
path.data: /data/es_data
path.logs: /data/es_logs
cluster.name: escluster
cluster.initial_master_nodes: ["esnode01","esnode02","esnode03"]
node.name: esnode01
node.master: true
node.data: true
network.host: 10.10.99.53
http.port: 9200
http.cors.enabled: true
http.cors.allow-origin: "*"
discovery.zen.ping.unicast.hosts: ["esnode01", "esnode02", "esnode03"]
discovery.zen.minimum_master_nodes: 2
gateway.recover_after_nodes: 2
path.repo: ["/data/es_bak/"]
http.cors.allow-headers: Authorization
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
启动,3个节点都需要操作
su - es -c "/usr/local/elasticsearch-7.5.0/bin/elasticsearch -d"
#添加开机自启动
chmod +x /etc/rc.d/rc.local
echo 'su - es -c "/usr/local/elasticsearch-7.5.0/bin/elasticsearch -d"'>>/etc/rc.local
开启密码验证
#创建elastic、apm_system、kibana、logstash_system、beats_system、remote_monitoring_user账号的密码
/usr/local/elasticsearch-7.5.0/bin/elasticsearch-setup-passwords interactive
#输出密码,输出如下
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
常用命令
[root@xxxxx config]# curl --user elastic:密码 -XGET '10.10.99.53:9200/_cat/health?v&pretty'
epoch timestamp cluster status node.total node.data shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent
1591005738 10:02:18 escluster green 3 3 2 1 0 0 0 0 - 100.0%
#查看集群的健康信息:
curl --user elastic:密码 -XGET '10.10.99.53:9200/_cluster/health?pretty'
#查看集群的详细信息:
curl --user elastic:密码 -XGET '10.10.99.53:9200/_cluster/state?pretty'
#查询索引列表:
curl --user elastic:密码 -XGET '10.10.99.53:9200/_cat/indices?v'
