节点信息
| 节点名称 |
节点IP |
节点角色 |
| node01 |
172.16.1.11 |
master data |
| node02 |
172.16.1.12 |
master data |
| node03 |
172.16.1.13 |
master data |
环境部署
下载安装包
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.12.2-linux-x86_64.tar.gz
|
解压到data目录
mkdir -p /data
tar xf elasticsearch-8.12.2-linux-x86_64.tar.gz -C /data/
|
创建配置文件:
#集群名称,所有节点保持一致,同一网段会自动发现
cluster.name: es-cluster
#节点名称,一般为主机名 node-1、node-2、node-3
node.name: node01
#节点角色,master表示管理节点,data表示数据节点
node.roles: [master,data]
#数据存放路径
path.data: /data/elasticsearch-8.12.2/data
#日志存放路径
path.logs: /data/elasticsearch-8.12.2/logs
#绑定监听IP
network.host: 172.16.1.11
#设置端口
http.port: 9200
#跨域相关设置
http.cors.enabled: true
http.cors.allow-credentials: true
http.cors.allow-origin: "*"
#节点发现
discovery.seed_hosts: ["172.16.1.11:9300","172.16.1.12:9300","172.16.1.13:9300"]
#集群初始化Master节点,会在第一次选举中进行计算
cluster.initial_master_nodes: ["172.16.1.11:9300"]
#启用节点上Elastic Search的xpack安全功能
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.keystore.password: <password>
xpack.security.transport.ssl.truststore.password: <password>
|
创建用户组
groupadd elasticsearch
useradd -g elasticsearch -M elasticsearch
|
配置环境变量
cat > /etc/profile.d/elasticsearch.sh << 'EOF'
ES_HOME=/data/elasticsearch-8.12.2
PATH=$PATH:$ES_HOME/bin:$HOME/bin
EOF
source /etc/profile
|
创建xpack证书,第一个节点创建,其他节点scp同步即可
mkdir -p /data/elasticsearch-8.12.2/config/certs
elasticsearch-certutil ca --out config/certs/elastic-stack-ca.p12 --pass <password> -s
elasticsearch-certutil cert --ca config/certs/elastic-stack-ca.p12 --out config/certs/elastic-certificates.p12 --ca-pass <password> --pass <password> -s
|
设置权限
chown -R elasticsearch.elasticsearch /data/elasticsearch-8.12.2/
|
配置内核参数
创建systemd配置文件
cat > /etc/systemd/system/elasticsearch.service <<EOF
[Unit]
Description=Elasticsearch Service
After=network.target remote-fs.target nss-lookup.target
[Service]
User=elasticsearch
Group=elasticsearch
ExecStart=/data/elasticsearch-8.12.2/bin/elasticsearch
LimitNOFILE=65536
LimitMEMLOCK=infinity
[Install]
WantedBy=multi-user.target
EOF
|
启动服务
systemctl enable elasticsearch
systemctl start elasticsearch
systemctl status elasticsearch
|
设置密码,一个节点执行即可
elasticsearch-reset-password -u elastic -i
|
集群验证
测试集群状态
curl -u elastic:<password> http://localhost:9200/_cat/nodes
|
