elasticsearch集群搭建
[TOC]
- 机器规划清单
| IP地址 | 角色 | es端口 | 操作系统 | 数据目录 |
|---|---|---|---|---|
| 10.30.3.231 | 节点1 | 9200 | CentOS 7.9 x64 | /data/elasticsearch_9200 |
| 10.30.3.232 | 节点2 | 9200 | CentOS 7.9 x64 | /data/elasticsearch_9200 |
| 10.30.3.233 | 节点3 | 9200 | CentOS 7.9 x64 | /data/elasticsearch_9200 |
1.通用配置
- 1.1.所有节点:确认已配置ulimit,否则启动es会提示
max file descriptors [4096] for elasticsearch process is too low
ulimit -n 65536
cat /etc/rc.local | grep ulimit
echo "ulimit -n 65536" >> /etc/rc.local
echo "ulimit -f unlimited" >> /etc/rc.local
echo "ulimit -t unlimited" >> /etc/rc.local
echo "ulimit -v unlimited" >> /etc/rc.local
echo "ulimit -m unlimited" >> /etc/rc.local
ulimit -n 65536
- 1.2.所有节点:配置时间同步及 max_map_count
\cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
/usr/sbin/ntpdate -u ntp.aliyun.com
cat /etc/sysctl.conf | grep max_map_count || echo "vm.max_map_count=655360" >> /etc/sysctl.conf
sysctl -p
- 1.3.所有节点:创建es启动账号
cat /etc/passwd | grep esuser || useradd -M -u 1920 -s /sbin/nologin esuser
2.配置es集群
- 2.1.所有节点:下载 elasticsearch 7.10.1
curl -sL http://iso.sqlfans.cn/linux/elasticsearch-7.10.1-linux-x86_64.tar.gz -o /opt/elasticsearch-7.10.1-linux-x86_64.tar.gz
tar -xvf /opt/elasticsearch-7.10.1-linux-x86_64.tar.gz -C /opt/ > /dev/null
mv /opt/elasticsearch-7.10.1 /data/elasticsearch_9200
mkdir -p /data/elasticsearch_9200/{data,snapshot}
- 2.2.主节点1:根据实际修改
node.name及network.publish_host(示例主节点1的ip为10.30.3.231),注意主节点多了一个参数cluster.initial_master_nodes配置为主节点
cat > /data/elasticsearch_9200/config/elasticsearch.yml <<EOF
cluster.name: es
node.name: es-node-1
path.data: /data/elasticsearch_9200/data
path.logs: /data/elasticsearch_9200/logs
network.host: 0.0.0.0
http.port: 9200
transport.tcp.port: 9300
network.publish_host: 10.30.3.231
discovery.zen.ping.unicast.hosts: ["10.30.3.231:9300","10.30.3.232:9300","10.30.3.233:9300"]
#path.repo: /data/elasticsearch_9200/snapshot
node.master: true
node.data: true
discovery.zen.minimum_master_nodes: 2
indices.query.bool.max_clause_count: 10000000
http.max_content_length: 2000mb
http.max_header_size: 1024k
http.max_initial_line_length: 1024k
http.cors.enabled: true
http.cors.allow-origin: "*"
cluster.initial_master_nodes: ["es-node-1"]
EOF
- 2.3.从节点2:根据实际修改
node.name及network.publish_host(示例节点2的ip为10.30.3.232)
cat > /data/elasticsearch_9200/config/elasticsearch.yml <<EOF
cluster.name: es
node.name: es-node-2
path.data: /data/elasticsearch_9200/data
path.logs: /data/elasticsearch_9200/logs
network.host: 0.0.0.0
http.port: 9200
transport.tcp.port: 9300
network.publish_host: 10.30.3.232
discovery.zen.ping.unicast.hosts: ["10.30.3.231:9300","10.30.3.232:9300","10.30.3.233:9300"]
#path.repo: /data/elasticsearch_9200/snapshot
node.master: true
node.data: true
discovery.zen.minimum_master_nodes: 2
indices.query.bool.max_clause_count: 10000000
http.max_content_length: 2000mb
http.max_header_size: 1024k
http.max_initial_line_length: 1024k
http.cors.enabled: true
http.cors.allow-origin: "*"
EOF
- 2.4.从节点3:根据实际修改
node.name及network.publish_host(示例节点3的ip为10.30.3.233)
cat > /data/elasticsearch_9200/config/elasticsearch.yml <<EOF
cluster.name: es
node.name: es-node-3
path.data: /data/elasticsearch_9200/data
path.logs: /data/elasticsearch_9200/logs
network.host: 0.0.0.0
http.port: 9200
transport.tcp.port: 9300
network.publish_host: 10.30.3.233
discovery.zen.ping.unicast.hosts: ["10.30.3.231:9300","10.30.3.232:9300","10.30.3.233:9300"]
#path.repo: /data/elasticsearch_9200/snapshot
node.master: true
node.data: true
discovery.zen.minimum_master_nodes: 2
indices.query.bool.max_clause_count: 10000000
http.max_content_length: 2000mb
http.max_header_size: 1024k
http.max_initial_line_length: 1024k
http.cors.enabled: true
http.cors.allow-origin: "*"
EOF
- 2.5.所有节点:启动es进程
chown -R esuser.esuser /data/elasticsearch_9200
sudo -u esuser /data/elasticsearch_9200/bin/elasticsearch -d
sleep 10
netstat -lnpt | egrep "(9200|9300)"
- 2.6.所有节点:修改jvm最大内存,示例改为4g(建议16g)
sed -i "s/-Xms1g/-Xms4g/g" /data/elasticsearch_9200/config/jvm.options
sed -i "s/-Xmx1g/-Xmx4g/g" /data/elasticsearch_9200/config/jvm.options
cat /data/elasticsearch_9200/config/jvm.options | grep -n ^[^#] | egrep "(-Xms|-Xmx)"
- 2.7.所有节点:加入开机启动
cat /etc/rc.local | grep elasticsearch || echo "sudo -u esuser /data/elasticsearch_9200/bin/elasticsearch -d" >> /etc/rc.local
3.测试es集群
- 3.1.任意节点:查看集群节点状态
curl -XGET 'http://10.30.3.232:9200/_cat/nodes?pretty'
curl -i -XGET http://10.30.3.232:9200/_cluster/health?pretty
- 3.2.任意节点:测试创建、确认、删除索引
curl -X PUT http://10.30.3.232:9200/test_index_20230911
curl http://10.30.3.232:9200/_cat/indices?v
curl -X DELETE http://10.30.3.232:9200/test_index_20230911
遇到的问题
场景1:如何彻底卸载elasticsearch
cd /opt/
ps -ef | grep elasticsearch | grep -v grep | awk '{print $2}' | xargs kill -9 2> /dev/null
rm -rf /data/elasticsearch_9200
sed -i '/elasticsearch/d' /etc/rc.local
userdel -r esuser 2> /dev/null
场景2:修复log4j2漏洞
- 2022.08.01,我司某系统 elasticsearch 7.10.1 默认使用了低版本的 Log4j 2.11.1 而收到了
Log4j2疑似存在严重漏洞修复通报邮件,下面是修复过程(建议升级到:Log4j 2.18),仅供参考。
find /data/elasticsearch_9200/lib -name log4j*.jar
ps -ef | grep elasticsearch | grep -v grep | awk '{print $2}' | xargs kill -9 2> /dev/null
rm -f /data/elasticsearch_9200/lib/{log4j-api-2.11.1.jar,log4j-core-2.11.1.jar}
wget -c http://iso.sqlfans.cn/linux/log4j-api-2.18.0.jar --output-document=/data/elasticsearch_9200/lib/log4j-api-2.18.0.jar
wget -c http://iso.sqlfans.cn/linux/log4j-core-2.18.0.jar --output-document=/data/elasticsearch_9200/lib/log4j-core-2.18.0.jar
ulimit -n 65536
chown -R esuser.esuser /data/elasticsearch_9200
sudo -u esuser /data/elasticsearch_9200/bin/elasticsearch -d
sleep 15 && netstat -lnpt | egrep "(9200|9300)"
- 更多详情,请参考本站之 Log4j2漏洞修复