大数据ELK Stack（三）：Elasticsearch 集群之伪分布式集群部署

43 阅读 0 评论 29 点赞

我是靠谱客的博主无限黑猫，最近开发中收集的这篇文章主要介绍大数据ELK Stack（三）：Elasticsearch 集群之伪分布式集群部署，觉得挺不错的，现在分享给大家，希望可以做个参考。

概述

一、环境配置

版本

Linux环境：CentOS Linux release 7.9.2009 (Core)

Java：openjdk version 1.8.0_332 (build 25.332-b09, mixed mode)

Elasticsearch版本：7.14.2

配置

节点数量：3

内存：4G

硬盘：30G

CPU个数：1

CPU核心数：2

CPU型号：Intel(R) Core(TM) i5-10500 CPU @ 3.10GHz

hostname	IP地址	节点配置
node-1	192.168.239.134	2C4G
node-2	192.168.239.135	2C4G
node-3	192.168.239.136	2C4G

二、linux系统参数设置

虚拟内存（Virtual memory） Elasticsearch 默认使用 mmapfs 目录存储其索引。默认的操作系统对 mmap 计数的限制可能太低，这可能会导致内存不足异常。在 Linux 上，你可以通过以 root 用户身份运行以下命令来增加限制：

[root@localhost ~]# sysctl -w vm.max_map_count=262144
vm.max_map_count = 262144

复制

要永久设置此值，需要更新 /etc/sysctl.conf 中的 vm.max_map_count 设置。配置完毕后，我们可以使用如下的命令来使之起作用：

[root@localhost ~]# sysctl -p
vm.max_map_count = 262144

复制

要在重新引导后进行验证，运行

[root@localhost ~]# sysctl vm.max_map_count
vm.max_map_count = 262144

复制

禁用sawpping 禁用sawpping的好处一个是性能问题，开启swap会严重影响性能（包括内存和I/O）；另一个是管理问题，开启swap后通过cgroups设置的内存上限就会失效。

swapoff -a #临时禁用所有的swap文件
vim /etc/fstab #注释掉所有的swap相关的行，永久禁用

复制

配置文件描述符

ulimit -n 65535  #临时修改
vim /etc/security/limits.conf #永久修改
*         soft    nproc     65535
*         hard    nproc     65535

复制

关闭防火墙

[root@node-1 ~]# systemctl stop firewalld.service
[root@node-1 ~]# systemctl disable firewalld.service
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

复制

JVM采用elasticsearch自带的，也可自行安装，过程忽略

三、单机ES安装

下载并安装Elasticsearch的linux归档文件

[root@localhost ES]# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.14.2-linux-x86_64.tar.gz
[root@localhost ES]# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.14.2-linux-x86_64.tar.gz.sha512
[root@localhost ES]# shasum -a 512 -c elasticsearch-7.14.2-linux-x86_64.tar.gz.sha512
elasticsearch-7.14.2-linux-x86_64.tar.gz: OK
[root@localhost ES]# tar -zxvf elasticsearch-7.14.2-linux-x86_64.tar.gz
[root@localhost ES]# cd elasticsearch-7.14.2/

复制

目录介绍： $ES_HOME：/data/hd05/elk/elasticsearch-7.7.0 bin: $ES_HOME/bin #ES启动命令和插件安装命令 conf：$ES_HOME/conf #elasticsearch.yml配置文件目录 data：$ES_HOME/data #对应的参数path.data，用于存放索引分片数据文件 logs：$ES_HOME/logs #对应的参数path.logs，用于存放日志 jdk：$ES_HOME/jdk #自带支持该ES版本的JDK plugins： $ES_HOME/jplugins #插件存放目录 lib： $ES_HOME/lib #存放依赖包，比如Java类库 modules： $ES_HOME/modules #包含所有的ES模块
修改elasticsearch.yml的network.host和http.port network.host也可配置为0.0.0.0所有地址均可访问

[root@localhost elasticsearch-7.14.2]# vim config/elasticsearch.yml
[root@localhost elasticsearch-7.14.2]# cat  config/elasticsearch.yml  | egrep -v '^$|#'
network.host: 192.168.239.134
http.port: 9200

复制

创建启动elasticsearch的用户并赋予目录权限

[root@localhost ES]# useradd Elastic
[root@localhost ES]# chown -R Elastic:Elastic /opt/ES/elasticsearch-7.14.2

复制

使用Elastic用户启动

[root@localhost ~]# su - Elastic
上一次登录：日 9月 18 16:57:30 CST 2022pts/0 上
[Elastic@localhost ~]$ cd /opt/ES/elasticsearch-7.14.2/
[Elastic@localhost elasticsearch-7.14.2]$ ./bin/elasticsearch ##后面测试没问题后，我们在用“-d”选项放到后台启动

复制

验证节点是否正常

[root@node-1 ~]# curl -XGET 192.168.239.134:9200
{
  "name" : "localhost.localdomain",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "_na_",
  "version" : {
    "number" : "7.14.2",
    "build_flavor" : "default",
    "build_type" : "tar",
    "build_hash" : "6bc13727ce758c0e943c3c21653b3da82f627f75",
    "build_date" : "2021-09-15T10:18:09.722761972Z",
    "build_snapshot" : false,
    "lucene_version" : "8.9.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

复制

四、分布式集群部署

在其他两台节点执行第一步操作，操作如上第二部分。过程忽略。
下载并安装Elasticsearch的linux归档文件

[root@localhost ES]# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.14.2-linux-x86_64.tar.gz
[root@localhost ES]# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.14.2-linux-x86_64.tar.gz.sha512
[root@localhost ES]# shasum -a 512 -c elasticsearch-7.14.2-linux-x86_64.tar.gz.sha512
elasticsearch-7.14.2-linux-x86_64.tar.gz: OK
[root@localhost ES]# tar -zxvf elasticsearch-7.14.2-linux-x86_64.tar.gz
[root@localhost ES]# cd elasticsearch-7.14.2/

三台机器配置hosts

[root@node-1 ~]# vim /etc/hosts
192.168.239.134         node-1
192.168.239.135         node-2
192.168.239.136         node-3

复制

三台机器互相ping测试联通性

[root@node-1 ~]# ping node-2
PING node-2 (192.168.239.135) 56(84) bytes of data.
64 bytes from node-2 (192.168.239.135): icmp_seq=1 ttl=64 time=0.761 ms
64 bytes from node-2 (192.168.239.135): icmp_seq=2 ttl=64 time=0.736 ms
^C
[root@node-1 ~]# ping node-3
PING node-3 (192.168.239.136) 56(84) bytes of data.
64 bytes from node-3 (192.168.239.136): icmp_seq=1 ttl=64 time=0.386 ms
64 bytes from node-3 (192.168.239.136): icmp_seq=2 ttl=64 time=0.196 ms
64 bytes from node-3 (192.168.239.136): icmp_seq=3 ttl=64 time=1.53 ms
^C

配置加密通信证书（三台节点均需操作）：方法1、生产证书

[root@node-1 elasticsearch-7.14.2]# ./bin/elasticsearch-certutil ca -out config/elastic-certificates.p12 -pass "password"

查看config目录，有elastic-certificates.p12文件生成

方法2、

./bin/elasticsearch-certutil ca  #创建集群认证机构，需要交互输入密码
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12  #为节点颁发证书，与上面密码一样
执行./bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password 并输入第一步输入的密码 
执行./bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password 并输入第一步输入的密码 
将生成的elastic-certificates.p12、elastic-stack-ca.p12文件移动到config目录下

配置config/elasticsearch.yml：

[Elastic@node-1 elasticsearch-7.14.2]$ cat  config/elasticsearch.yml  | egrep -v '^$|#'
cluster.name: my-cluster
node.name: node-1
path.data: /opt/ES/elasticsearch-7.14.2/data
path.logs: /opt/ES/elasticsearch-7.14.2/logs
network.host: 0.0.0.0
http.port: 9200
discovery.seed_hosts: ["192.168.239.134","192.168.239.135","192.168.239.136"]
cluster.initial_master_nodes: ["node-1", "node-2","node-3"]
discovery.zen.ping_timeout: 60s
http.cors.enabled: true
http.cors.allow-origin: '*'
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /opt/ES/elasticsearch-7.14.2/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /opt/ES/elasticsearch-7.14.2/config/elastic-certificates.p12

其他的节点跟上面配置一样，修改上面的node.name和node.master参数，然后要删除data目标，不然会存在报错。然后使用./bin/elasticsearch -d 后台启动elasticsearch，去掉-d则是前端启动Elasticsearch。然后./bin/elasticsearch-setup-passwords interactive 配置默认用户的密码：（有如下的交互），可以使用auto自动生成。

[Elastic@node-1 elasticsearch-7.14.2]$ ./bin/elasticsearch-setup-passwords interactive
Enter password for the elasticsearch keystore : 
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
 
Enter password for [elastic]: 
Reenter password for [elastic]: 
Enter password for [apm_system]: 
Reenter password for [apm_system]: 
Enter password for [kibana]: 
Reenter password for [kibana]: 
Enter password for [logstash_system]: 
Reenter password for [logstash_system]: 
Enter password for [beats_system]: 
Reenter password for [beats_system]: 
Enter password for [remote_monitoring_user]: 
Reenter password for [remote_monitoring_user]: 
1qaz@WSXChanged password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]

验证是否搭建成功

[root@node-1 elasticsearch-7.14.2]# curl -XGET -uelastic:1234.com 192.168.239.134:9200/_cat/nodes
192.168.239.136 31 95 0 0.38 0.15 0.11 cdfhilmrstw - node-3
192.168.239.135  9 96 0 0.36 0.15 0.09 cdfhilmrstw * node-2
192.168.239.134 17 89 1 0.31 0.14 0.15 cdfhilmrstw - node-1