本文介绍Elasticsearch7.4.0如何部署

架构图

日志分析系统架构图

服务器配置

一、初始化环境

环境说明

Centos7.5 && Elasticsearch7.4.0

挂载存储

安装install iscsi-initiator-utils

[root@blog ~]# yum -y install iscsi-initiator-utils

配置访问主机标识名

[root@blog ~]# echo "InitiatorName=iqn.2016-01.com.h3c.onestor.elk.client" > /etc/iscsi/initiatorname.iscsi

iqn.2016-01.com.h3c.onestor.elk.client为启动器名称,需要绑定到iscsi服务器段的iqn

启动

[root@blog ~]# systemctl start iscsi
[root@blog ~]# systemctl enable iscsi

发现存储节点

[root@blog ~]# iscsiadm -m discovery -t sendtargets -p ISCSI存储IP:3260

登录节点

[root@blog ~]# iscsiadm -m  node -T iqn.2016-01.com.h3c.onestor.elk -l

系统启动时自动登陆存储节点

[root@blog ~]# iscsiadm -m node -T iqn.2016-01.com.h3c.onestor.elk  -p 存储IP:3260 --op update -n node.startup -v automatic

查看挂载的磁盘

[root@blog ~]# lsblk

选出刚挂载的存储,确认磁盘名,本次挂载的存储磁盘名为 /dev/sdb

挂载磁盘

安装lvm2

[root@blog ~]# yum install lvm2

fdisk格式化磁盘

[root@blog ~]# fdisk /dev/sdb 
N 回车 #创建分区
P 回车 回车 回车 #创建主分区
T 回车 8e  #切换磁盘模式为LVM
W 回车 #保存

创建lvm磁盘

[root@blog ~]# pvcreate /dev/sdb1 #创建pv
[root@blog ~]# vgcreate vg_data /dev/sdb1 #创建vg
[root@blog ~]# lvcreate -L 2000G -n lv_data vg_data #创建lv,存储容量为2T 
[root@blog ~]# mkfs.ext4 /dev/vg_data/lv_data #将新建的lv格式化为ext4格式
[root@blog ~]# mkdir /data #创建磁盘挂载目录 
[root@blog ~]# mount /dev/vg_data/lv_data /data #挂载lvm磁盘到挂载目录
[root@blog ~]# echo "/dev/vg_data/lv_data /data  ext4     defaults,_netdev   0 0" >>  /etc/fstab #设置开机网络存储

挂载网路存储一定要加 _netdev参数

配置时间同步

[root@blog ~]# yum install -y ntp # 安装ntp
[root@blog ~]# systemctl start ntpd && systemctl enable ntpd   # 启动ntp服务并设置开机启动
[root@blog ~]# timedatectl set-timezone Asia/Shanghai # 设置ntp时区
[root@blog ~]# timedatectl set-ntp yes # 设置ntp启动
[root@blog ~]# ntpq -p # 触发时间同步 

操作系统调优

  • 配置内存锁
[root@blog ~]# echo "  " >> /etc/security/limits.conf
[root@blog ~]# echo "#elasticsearch " >> /etc/security/limits.conf
[root@blog ~]# echo "elasticsearch soft memlock unlimited" >> /etc/security/limits.conf
[root@blog ~]# echo "elasticsearch hard memlock unlimited" >> /etc/security/limits.conf
  • 配置文件描述符
[root@blog ~]# echo "  " >> /etc/security/limits.conf
[root@blog ~]# echo "# elasticsearch " >> /etc/security/limits.conf
[root@blog ~]# echo "* soft nofile 65536" >> /etc/security/limits.conf
[root@blog ~]# echo "* hard nofile 65536" >> /etc/security/limits.conf
  • 配置map_counter
[root@blog ~]# echo "#elasticsearch " >> /etc/sysctl.conf
[root@blog ~]# echo "vm.max_map_count = 262144" >> /etc/sysctl.conf

安装JDK

[root@blog ~]# yum install –y java

二、安装elasticsearch(每个节点)

新建用户并建立数据目录

[root@blog ~]# uesradd elsearch #添加用户
[root@blog ~]# mkdir -p /data/es_data/data #新建es数据目录
[root@blog ~]# mkdir -p /data/es_data/logs #新建es日志目录
[root@blog ~]# chown -R elsearch. /data/es_data #修改数据目录属组

上传elasticsearch安装包

将elasticsearch-7.4.0-linux-x86_64.tar.gz拖入xshell对应的服务器tab窗口中

解压

[root@blog ~]# tar zxf elasticsearch-7.4.0-linux-x86_64.tar.gz #解压
[root@blog ~]# mv elasticsearch-7.4.0 /opt/elasticsearch #移动安装包文件\
[root@blog ~]# chown -R elsearch. /opt/elasticsearch #将安装包文件授权给elsearch用户

JVM调优

[root@blog ~]# sed -i "s/-Xms1g/-Xms16g/g" /opt/elasticsearch/config/jvm.options
[root@blog ~]# sed -i "s/-Xmx1g/-Xmx16g/g" /opt/elasticsearch/config/jvm.options

修改es使用内存为物理内存一半。本机为32G内存,故修改为16G。

编辑es配置文件,三个节点同时作为 master 和 data

[root@blog ~]# vim /opt/elasticsearch/config/elasticsearch.yml

cluster.initial_master_nodes参数说明:es7 引用了 Bootstrapping a cluster 后,首次启动Elasticsearch集群需要在集群中的一个或多个符合主节点的节点上显式定义初始的符合主节点的节点集。这称为群集自举,这仅在群集首次启动时才需要。

  • 节点1
#设置节点基础信息
cluster.name: logcenter
network.host: X.X.X.208
node.name: node-1
#设置集群邻居信息
discovery.seed_hosts: ["X.X.X.208","X.X.X.209","X.X.X.210"]
cluster.initial_master_nodes: ["node-1","node-2","node-3"]
#主节点与数据节点
node.master: true
node.data: true
# 集群协商配置
transport.tcp.port: 9300
transport.tcp.compress: true
#解决跨域问题
http.cors.enabled: true
http.cors.allow-origin: "*"
  • 节点2
#设置节点基础信息
cluster.name: logcenter
network.host: X.X.X.209
node.name: node-1
#设置集群邻居信息
discovery.seed_hosts: ["X.X.X.208","X.X.X.209","X.X.X.210"]
cluster.initial_master_nodes: ["node-1","node-2","node-3"]
#主节点与数据节点
node.master: true
node.data: true
# 集群协商配置
transport.tcp.port: 9300
transport.tcp.compress: true
#解决跨域问题
http.cors.enabled: true
http.cors.allow-origin: "*"
  • 节点3
#设置节点基础信息
cluster.name: logcenter
network.host: X.X.X.210
node.name: node-1
#设置集群邻居信息
discovery.seed_hosts: ["X.X.X.208","X.X.X.209","X.X.X.210"]
cluster.initial_master_nodes: ["node-1","node-2","node-3"]
#主节点与数据节点
node.master: true
node.data: true
# 集群协商配置
transport.tcp.port: 9300
transport.tcp.compress: true
#解决跨域问题
http.cors.enabled: true
http.cors.allow-origin: "*"

启动

[root@blog ~]# su - elsearch -c "/opt/elasticsearch/bin/elasticsearch -d"

6)验证

X.X.X.208可以是任意一个es节点ip地址

[root@blog ~]# curl "X.X.X.208:9200/_xpack"

{"build":{"hash":"22e1767283e61a198cb4db791ea66e3f11ab9910","date":"2019-09-27T08:36:48.605539Z"},"license":{"uid":"61690c3f-622f-4a8a-b42c-5aa92d174941","type":"basic","mode":"basic","status":"active"},"features":{"analytics":{"available":true,"enabled":true},"ccr":{"available":false,"enabled":true},"data_frame":{"available":true,"enabled":true},"flattened":{"available":true,"enabled":true},"frozen_indices":{"available":true,"enabled":true},"graph":{"available":false,"enabled":true},"ilm":{"available":true,"enabled":true},"logstash":{"available":false,"enabled":true},"ml":{"available":false,"enabled":true,"native_code_info":{"version":"7.4.0","build_hash":"11d694e7bae395"}},"monitoring":{"available":true,"enabled":true},"rollup":{"available":true,"enabled":true},"security":{"available":true,"enabled":true},"spatial":{"available":true,"enabled":true},"sql":{"available":true,"enabled":true},"vectors":{"available":true,"enabled":true},"voting_only":{"available":true,"enabled":true},"watcher":{"available":false,"enabled":true}},"tagline":"You know, for X"}

说明:显示 license 不为空则安装成功。es7版本默认已经包含xpack认证,无需注册。

开机自启

查看java文件路径

[root@blog ~]# rpm -qca | grep java
/etc/java/font.properties
/etc/java/java.conf
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.232.b09-0.el7_7.x86_64/jre/lib/logging.properties
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.232.b09-0.el7_7.x86_64/jre/lib/security/blacklisted.certs
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.232.b09-0.el7_7.x86_64/jre/lib/security/java.policy
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.232.b09-0.el7_7.x86_64/jre/lib/security/java.security
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.232.b09-0.el7_7.x86_64/jre/lib/security/nss.cfg
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.232.b09-0.el7_7.x86_64/jre/lib/security/policy/limited/US_export_policy.jar
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.232.b09-0.el7_7.x86_64/jre/lib/security/policy/limited/local_policy.jar
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.232.b09-0.el7_7.x86_64/jre/lib/security/policy/unlimited/US_export_policy.jar
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.232.b09-0.el7_7.x86_64/jre/lib/security/policy/unlimited/local_policy.jar

可以看出java目录为/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.232.b09-0.el7_7.x86_64

说明:需指定JDK环境,要不然会默认使用es自带的JDK,自带的版本太新,去除了GC。

新建启动脚本并写入,注意替换java目录

[root@blog ~]# cat > /etc/init.d/elasticsearch <<eof
#!/bin/sh
#chkconfig: 2345 80 05
#description: elasticsearch
#processname: elasticsearch-7.4.0

export JAVA_HOME=[将此部分替换为上一步骤找到的java目录]
export JAVA_BIN=[将此部分替换为上一步骤找到的java目录]/bin
export PATH=$PATH:$JAVA_HOME/bin
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export ES_HOME=/opt/elasticsearch

case \$1 in
    start)
        su elsearch<<!
        cd \$ES_HOME
        ./bin/elasticsearch -d -p pid
        exit
!
        echo "elasticsearch is started"
        ;;
    stop)
        pid=\`cat \$ES_HOME/pid\`
        kill -9 \$pid
        echo "elasticsearch is stopped"
        ;;
    restart)
        pid=\`cat $ES_HOME/pid\`
        kill -9 \$pid
        echo "elasticsearch is stopped"
        sleep 1
        su elsearch<<!
        cd \$ES_HOME
        ./bin/elasticsearch -d -p pid
        exit
!
        echo "elasticsearch is started"
        ;;
    *)
        echo "start|stop|restart"
        ;;  
esac
exit 0
eof

添加到开机启动任务

[root@blog ~]# chmod +x /etc/init.d/elasticsearch
[root@blog ~]# chkconfig --add elasticsearch

启动elasticsearch

[root@blog ~]# service elasticsearch start

三、ES集群配置 TLS 和身份验证

初始化节点证书配置(在一个节点上执行即可)

  • 创建证书
[root@blog ~]# cd /opt/elasticsearch # 进入es安装目录
[root@blog ~]# ./bin/elasticsearch-certutil ca # 使用elasticsearch-certutil程序创建证书
[root@blog ~]# 两次回车
[root@blog ~]# ./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 #转换证书格式
[root@blog ~]# 三次回车
  • 初始化节点证书目录
[root@blog ~]# mkdir config/certs #创建存放证书的目录
[root@blog ~]# mv elastic-*.p12 config/certs/ # 将刚生成的证书全部放到证书目录
[root@blog ~]# chown -R elk. config/certs/ # 修改证书目录的属组 
  • 下载elastic-certificates.p12到电脑
[root@blog ~]# sz /opt/elasticsearch/config/certs/elastic-certificates.p12

如果提示 -bash: sz: 未找到命令,使用 yum install -y lrzsz安装lrzsz

修改其他节点证书配置

  • 创建存放证书的目录并进入
[root@blog ~]# mkdir -p /opt/elasticsearch/config/certs/
[root@blog ~]# cd /opt/elasticsearch/config/certs/
  • 把证书文件elastic-certificates.p12 从桌面拖入xshell对应服务器的tab中
  • 修改证书目录的属组
[root@blog ~]# chown -R elsearch. /opt/elasticsearch/config/certs/

修改elasticsearch的xpack配置

所有主机配置文件添加ssl

[root@blog ~]# cat >> config/elasticsearch.yml <<EOF
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
EOF

重启 elasticsearch

[root@blog ~]# service elasticsearch restart

生成客户端证书(在刚才初始化节点证书配置的节点上执行)

[root@blog ~]# cd /opt/elasticsearch
[root@blog ~]# ./bin/elasticsearch-certutil cert --ca config/certs/elastic-stack-ca.p12  -name "CN=esuser,OU=dev,DC=weqhealth,DC=com"
[root@blog ~]# 回车
[root@blog ~]# 输入client.p12
[root@blog ~]# 回车

拆分证书

[root@blog ~]# mv client.p12 config/certs/
[root@blog ~]# cd config/certs/
[root@blog ~]# openssl pkcs12 -in client.p12 -nocerts -nodes > client-key.pem
[root@blog ~]# openssl pkcs12 -in client.p12 -clcerts -nokeys  > client.crt
[root@blog ~]# openssl pkcs12 -in client.p12 -cacerts -nokeys -chain > client-ca.crt
[root@blog ~]# chown elsearch:elsearch client*

设置默认密码

[root@blog ~]# cd /opt/elasticsearch
[root@blog ~]# ./bin/elasticsearch-setup-passwords interactive
[root@blog ~]# 选择y
[root@blog ~]# 分别设置 elastic、apm_system、kibana、logstash_system、beats_system、remote_monitoring_user账号的密码。

验证集群状态

因为开启了xpack验证,需要指定账号密码

[root@blog ~]# curl --user elastic:[此处填入elastic密码]] -XGET '[此处填入任意一个es节点ip地址]:9200/_cat/health?v&pretty'

感谢

Elasticsearch 7.1.1 集群 + 配置身份验证

CentOS7.2 iSCSI服务器端与客户端安装配置