window 环境部署集群
注意:window下载解压elasticsearch一定需要解压多次。例如搭建的3节点的,需要解压3次,防止生成 cluster UUID 一致导致只能看到一个节点
1、elasticsearch.yml配置:
node.name区别:elastic_node1、 elastic_node2、 elastic_node3
cluster.name: elastic_cluster node.name: elastic_node1 node.master: true node.data: true #path.data: /usr/local/elastic_node1/data #path.logs: /usr/local/elastic_node1/logs bootstrap.memory_lock: true network.host: 0.0.0.0 network.tcp.no_delay: true network.tcp.keep_alive: true network.tcp.reuse_address: true network.tcp.send_buffer_size: 256mb network.tcp.receive_buffer_size: 256mb transport.tcp.port: 9301 transport.tcp.compress: true http.max_content_length: 200mb http.cors.enabled: true http.cors.allow-origin: "*" http.port: 9201 discovery.seed_hosts: ["127.0.0.1:9301","127.0.0.1:9302","127.0.0.1:9303"] cluster.initial_master_nodes: ["127.0.0.1:9301","127.0.0.1:9302","127.0.0.1:9303"] cluster.fault_detection.leader_check.interval: 15s discovery.cluster_formation_warning_timeout: 30s cluster.join.timeout: 30s cluster.publish.timeout: 90s cluster.routing.allocation.cluster_concurrent_rebalance: 16 cluster.routing.allocation.node_concurrent_recoveries: 16 cluster.routing.allocation.node_initial_primaries_recoveries: 16
2、依次运行生成集群
浏览器打开:http://127.0.0.1:9201/_cat/nodes?v
ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name 127.0.0.1 19 64 37 dilm - elastic_node3 127.0.0.1 13 64 47 dilm - elastic_node1 127.0.0.1 22 64 50 dilm * elastic_node2
3、生成证书
es集群通过证书来安全的组成集群
- 运行
bin/elasticsearch-certutil cert
注意: 密码后面需要单独设置,这里是集群安全认证,建议密码不设置,成功后生成的证书默认在es的config目录里面 elastic-certificates.p12;分别copy一份到其他节点的config里面(默认目录)
在elasticsearch.yml配置添加
xpack.security.enabled: true xpack.license.self_generated.type: basic xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
4、给认证的集群创建用户密码
bin/elasticsearch-setup-passwords interactive
- elastic 账号:拥有 superuser 角色,是内置的超级用户。
- kibana 账号:拥有 kibana_system 角色,用户 kibana 用来连接 elasticsearch 并与之通信。Kibana 服务器以该用户身份提交请求以访问集群监视 API 和 .kibana 索引。不能访问 index。
- logstash_system 账号:拥有 logstash_system 角色。用户 Logstash 在 Elasticsearch 中存储监控信息时使用。
- beats_system账号:拥有 beats_system 角色。用户 Beats 在 Elasticsearch 中存储监控信息时使用。
# elastic
# apm_system
# kibana
# logstash_system
# beats_system
# remote_monitoring_user
5、配置kibana认证
elasticsearch.username: "kibana" elasticsearch.password: "123456"
- 完整的elasticsearch.yml配置,注意不同节点node.name区别
cluster.name: elastic_cluster node.name: elastic_node1 node.master: true node.data: true #path.data: /usr/local/elastic_node1/data #path.logs: /usr/local/elastic_node1/logs bootstrap.memory_lock: true network.host: 0.0.0.0 network.tcp.no_delay: true network.tcp.keep_alive: true network.tcp.reuse_address: true network.tcp.send_buffer_size: 256mb network.tcp.receive_buffer_size: 256mb transport.tcp.port: 9302 transport.tcp.compress: true http.max_content_length: 200mb http.cors.enabled: true http.cors.allow-origin: "*" http.port: 9202 discovery.seed_hosts: ["127.0.0.1:9301","127.0.0.1:9302","127.0.0.1:9303"] cluster.initial_master_nodes: ["127.0.0.1:9301","127.0.0.1:9302","127.0.0.1:9303"] cluster.fault_detection.leader_check.interval: 15s discovery.cluster_formation_warning_timeout: 30s cluster.join.timeout: 30s cluster.publish.timeout: 90s cluster.routing.allocation.cluster_concurrent_rebalance: 16 cluster.routing.allocation.node_concurrent_recoveries: 16 cluster.routing.allocation.node_initial_primaries_recoveries: 16 xpack.security.enabled: true xpack.license.self_generated.type: basic xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
centos(docker-compose) 环境部署集群
1、docker-compose.yml配置
version: '2.2' services: es01: image: elasticsearch:7.6.0 container_name: es01 environment: - node.name=es01 - cluster.name=es-docker-cluster - discovery.seed_hosts=192.168.43.128:9300 - cluster.initial_master_nodes=es01,192.168.43.128:9300 - cluster.fault_detection.leader_check.interval=15s - bootstrap.memory_lock=true - http.cors.enabled=true - http.cors.allow-origin=* - network.host=0.0.0.0 - network.publish_host=192.168.43.129 - xpack.security.enabled=true - xpack.security.transport.ssl.enabled=true - "ES_JAVA_OPTS=-Xms256m -Xmx256m" ulimits: memlock: soft: -1 hard: -1 volumes: - ./mnt/data:/usr/share/elasticsearch/data - ./mnt/logs:/usr/share/elasticsearch/logs ports: - 9200:9200 - 9300:9300 networks: - elastic cerebro: image: lmenezes/cerebro:0.8.3 container_name: cerebro ports: - "9000:9000" command: - -Dhosts.0.host=http://es01:9200 networks: - elastic volumes: mnt: driver: local networks: elastic: driver: bridge
权限问题执行 chmod -R 777 mnt/*
2、生成证书文件创建密码
- 进入容器 docker exec -it 5144d3b1dd56 /bin/bash
- 生成证书 bin/elasticsearch-certutil cert
- 复制证书并cp到其他节点 docker cp 09f57b6067e0:/usr/share/elasticsearch/elastic-certificates.p12 .
3、修改配置&&动态添加测试
version: '2.2' services: es01: image: elasticsearch:7.6.0 container_name: es01 environment: - node.name=es01 - cluster.name=es-docker-cluster - discovery.seed_hosts=192.168.43.128:9300 - cluster.initial_master_nodes=es01,192.168.43.128:9300 - cluster.fault_detection.leader_check.interval=15s - bootstrap.memory_lock=true - http.cors.enabled=true - http.cors.allow-origin=* - network.host=0.0.0.0 - network.publish_host=192.168.43.129 - xpack.security.enabled=true - xpack.security.transport.ssl.enabled=true - xpack.license.self_generated.type=basic - xpack.security.transport.ssl.verification_mode=certificate - xpack.security.transport.ssl.keystore.path=elastic-certificates.p12 - xpack.security.transport.ssl.truststore.path=elastic-certificates.p12 - "ES_JAVA_OPTS=-Xms256m -Xmx256m" ulimits: memlock: soft: -1 hard: -1 volumes: - ./mnt/data:/usr/share/elasticsearch/data - ./mnt/logs:/usr/share/elasticsearch/logs - ./mnt/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12 ports: - 9200:9200 - 9300:9300 networks: - elastic cerebro: image: lmenezes/cerebro:0.8.3 container_name: cerebro ports: - "9000:9000" command: - -Dhosts.0.host=http://es01:9200 networks: - elastic volumes: mnt: driver: local networks: elastic: driver: bridge
注意证书的位置,给权限 chmod -R 777 mnt/*
- 设置密码(建议进入主节点容器中) bin/elasticsearch-setup-passwords interactive -u 'http://es01:9200'
- 通用配置与window类似
springboot使用测试
1、引入pom
<dependency>
<groupId>org.elasticsearch</groupId>
<artifactId>elasticsearch</artifactId>
<version>7.6.0</version>
</dependency>
<dependency>
<groupId>org.elasticsearch.client</groupId>
<artifactId>elasticsearch-rest-client</artifactId>
<version>7.6.0</version>
</dependency>
<dependency>
<groupId>org.elasticsearch.client</groupId>
<artifactId>elasticsearch-rest-high-level-client</artifactId>
<version>7.6.0</version>
</dependency>
2、 代码
- EsConfiguration.classView Code
/** * @author hdy */ @Configuration public class EsConfiguration { /** * 集群地址 */ private static String hosts = "192.168.43.128"; private static String hosts1 = "192.168.43.129"; private static String hosts2 = "192.168.43.130"; /** * 使用的端口号 */ private static int port = 9200; /** * // 使用的协议 */ private static String schema = "http"; private static ArrayList<HttpHost> hostList = null; /** * 连接超时时间 */ private static int connectTimeOut = 1000; /** * 连接超时时间 */ private static int socketTimeOut = 30000; /** * 获取连接的超时时间 */ private static int connectionRequestTimeOut = 500; /** * 最大连接数 */ private static int maxConnectNum = 100; /** * 最大路由连接数 */ private static int maxConnectPerRoute = 100; private RestClientBuilder builder; private final CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); static { hostList = new ArrayList<>(); hostList.add(new HttpHost(hosts, port, schema)); hostList.add(new HttpHost(hosts1, port, schema)); hostList.add(new HttpHost(hosts2, port, schema)); } @Bean("restHighLevelClient") public RestHighLevelClient client() { builder = RestClient.builder(hostList.toArray(new HttpHost[0])); setConnectTimeOutConfig(); setMutiConnectConfig(); return new RestHighLevelClient(builder); } /** * 异步httpclient的连接延时配置 */ private void setConnectTimeOutConfig() { builder.setRequestConfigCallback(requestConfigBuilder -> { requestConfigBuilder.setConnectTimeout(connectTimeOut); requestConfigBuilder.setSocketTimeout(socketTimeOut); requestConfigBuilder.setConnectionRequestTimeout(connectionRequestTimeOut); return requestConfigBuilder; }); } /** * 异步httpclient的连接数配置 */ private void setMutiConnectConfig() { credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("elastic", "123456")); builder.setHttpClientConfigCallback(httpClientBuilder -> { httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider); httpClientBuilder.setMaxConnTotal(maxConnectNum); httpClientBuilder.setMaxConnPerRoute(maxConnectPerRoute); return httpClientBuilder; }); } }