Elasticsearch7.17集群搭建
本文档使用三台虚拟机(192.168.1.27、192.168.1.28、192.168.1.29)搭建 Elasticsearch7.17 集群。
WARNING
- 确保节点间的通信端口(默认 9200 和 9300)开放。
一、安装Elasticsearch7.17
在每个节点上安装 Elasticsearch 7.17
Past Releases of Elasticsearch
截止2024年10月16日,Elasticsearch 7.17.* 系列最新稳定版为 7.17.24
约定
- 所有源码包下载到 /usr/local/src 中
- 源码安装时应安装到 /usr/local 中,并以软件名及主次版本号命名,如 Elasticsearch7.17
1.max_map_count设置
vim /etc/sysctl.conf在文件末尾添加内容
# Elasticsearch7.17
vm.max_map_count=262144强制Linux重新加载/etc/sysctl.conf的新配置
sysctl -phttps://www.elastic.co/guide/en/elasticsearch/reference/7.17/vm-max-map-count.html
2.添加用户
groupadd es
useradd -g es es -s /sbin/nologin3.下载并解压安装包
cd /usr/local/src
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.24-linux-x86_64.tar.gz
tar xvf elasticsearch-7.17.24-linux-x86_64.tar.gz
mv /usr/local/src/elasticsearch-7.17.24 /usr/local/elasticsearch7.174.创建数据及日志目录
mkdir -p /data/elasticsearch7.17
chown -R es:es /data/elasticsearch7.17
mkdir -p /var/log/elasticsearch7.17
chown -R es:es /var/log/elasticsearch7.17
chown -R es:es /usr/local/elasticsearch7.17TIP
chown -R es:es /usr/local/elasticsearch7.17可以解决 elasticsearch: could not find java in bundled JDK at /usr/local/elasticsearch7.17/jdk/bin/java。
二、修改配置文件
端口说明
- http.port:The port to bind for HTTP client communication
- transport.port:The port to bind for communication between nodes
cluster.initial_master_nodes
cluster.initial_master_nodes 用于配置主节点,理论上仅指定一个节点也能完成启动。但通过配置多个节点参与选举,不仅能提升初始化过程的稳定性和容错性,还能更可靠地选出主节点,确保集群顺利运行。
WARNING
- 在编写 YML 配置文件时,请注意以下格式要求
- 每个参数的冒号(
:)后需留有一个空格。 - 当方括号(
[])中包含多个值时,值之间的逗号(,)后需留有一个空格。
- 每个参数的冒号(
1.节点一
vim /usr/local/elasticsearch7.17/config/elasticsearch.yml修改如下配置参数
#cluster.name: my-application //[!code --]
node.name: my-es-cluster//[!code ++]
#node.name: node-1 //[!code --]
node.name: node-1//[!code ++]
#path.data: /path/to/data //[!code --]
path.data: /data/elasticsearch7.17//[!code ++]
#path.logs: /path/to/logs //[!code --]
path.logs: /var/log/elasticsearch7.17//[!code ++]
#network.host: 192.168.0.1 //[!code --]
network.host: 0.0.0.0//[!code ++]
#http.port: 9200 //[!code --]
http.port: 9200//[!code ++]
#//[!code ++]
# The port to bind for communication between nodes//[!code ++]
#//[!code ++]
transport.port: 9300//[!code ++]
#discovery.seed_hosts: ["host1", "host2"] //[!code --]
discovery.seed_hosts: ["192.168.1.27", "192.168.1.28", "192.168.1.29"]//[!code ++]
#cluster.initial_master_nodes: ["node-1", "node-2"] //[!code --]
cluster.initial_master_nodes: ["192.168.1.27", "192.168.1.28", "192.168.1.29"]//[!code ++]2.节点二
vim /usr/local/elasticsearch7.17/config/elasticsearch.yml修改如下配置参数
#cluster.name: my-application //[!code --]
node.name: my-es-cluster//[!code ++]
#node.name: node-1 //[!code --]
node.name: node-2//[!code ++]
#path.data: /path/to/data //[!code --]
path.data: /data/elasticsearch7.17//[!code ++]
#path.logs: /path/to/logs //[!code --]
path.logs: /var/log/elasticsearch7.17//[!code ++]
#network.host: 192.168.0.1 //[!code --]
network.host: 0.0.0.0//[!code ++]
#http.port: 9200 //[!code --]
http.port: 9200//[!code ++]
#//[!code ++]
# The port to bind for communication between nodes//[!code ++]
#//[!code ++]
transport.port: 9300//[!code ++]
#discovery.seed_hosts: ["host1", "host2"] //[!code --]
discovery.seed_hosts: ["192.168.1.27", "192.168.1.28", "192.168.1.29"]//[!code ++]
#cluster.initial_master_nodes: ["node-1", "node-2"] //[!code --]
cluster.initial_master_nodes: ["192.168.1.27", "192.168.1.28", "192.168.1.29"]//[!code ++]3.节点三
vim /usr/local/elasticsearch7.17/config/elasticsearch.yml修改如下配置参数
#cluster.name: my-application //[!code --]
node.name: my-es-cluster//[!code ++]
#node.name: node-1 //[!code --]
node.name: node-3//[!code ++]
#path.data: /path/to/data //[!code --]
path.data: /data/elasticsearch7.17//[!code ++]
#path.logs: /path/to/logs //[!code --]
path.logs: /var/log/elasticsearch7.17//[!code ++]
#network.host: 192.168.0.1 //[!code --]
network.host: 0.0.0.0//[!code ++]
#http.port: 9200 //[!code --]
http.port: 9200//[!code ++]
#//[!code ++]
# The port to bind for communication between nodes//[!code ++]
#//[!code ++]
transport.port: 9300//[!code ++]
#discovery.seed_hosts: ["host1", "host2"] //[!code --]
discovery.seed_hosts: ["192.168.1.27", "192.168.1.28", "192.168.1.29"]//[!code ++]
#cluster.initial_master_nodes: ["node-1", "node-2"] //[!code --]
cluster.initial_master_nodes: ["192.168.1.27", "192.168.1.28", "192.168.1.29"]//[!code ++]三、使用Systemd管理进程
在每个节点上启动 elasticsearch7.17 服务,并配置开机启动
1.编辑service文件
vim /etc/systemd/system/elasticsearch7.17.service添加如下内容
配置文件中不支持在每行命令的后面添加注释
[Unit]
Description=Elasticsearch7.17
Documentation=https://www.elastic.co
Wants=network-online.target
After=network-online.target
[Service]
Type=simple
PrivateTmp=true
Environment=ES_HOME=/usr/local/elasticsearch7.17
Environment=ES_PATH_CONF=/usr/local/elasticsearch7.17/config
Environment=PID_DIR=/data/elasticsearch7.17
Environment=ES_SD_NOTIFY=true
WorkingDirectory=/usr/local/elasticsearch7.17
User=es
Group=es
ExecStart=/usr/local/elasticsearch7.17/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid --quiet
# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=65535
# Specifies the maximum number of processes
LimitNPROC=4096
# Specifies the maximum size of virtual memory
LimitAS=infinity
# Specifies the maximum file size
LimitFSIZE=infinity
# Disable timeout logic and wait until process is stopped
TimeoutStopSec=0
# SIGTERM signal is used to stop the Java process
KillSignal=SIGTERM
# Send the signal only to the JVM rather than its control group
KillMode=process
# Java process is never killed
SendSIGKILL=no
# When a JVM receives a SIGTERM signal it exits with code 143
SuccessExitStatus=143
# Allow a slow startup before the systemd notifier module kicks in to extend the timeout
TimeoutStartSec=900
[Install]
WantedBy=multi-user.target2.重新加载systemctl配置
systemctl daemon-reload3.启动并设置开机自启
systemctl enable elasticsearch7.17 --nowSystemctl指令
systemctl status elasticsearch7.17 #查看服务
systemctl start elasticsearch7.17 #启动服务
systemctl stop elasticsearch7.17 #停止服务
systemctl restart elasticsearch7.17 #重启服务
systemctl enable elasticsearch7.17 #开启开机自启服务
systemctl disable elasticsearch7.17 #关闭开机自启服务4. 验证服务是否可用
WARNING
当使用systemctl status elasticsearch7.17命令检查服务状态时,显示 Elasticsearch 服务已经启动,但通过netstat -nltp | grep 9200命令却无法检测到9200端口的监听状态。这种情况通常是因为 Elasticsearch 服务仍处于初始化阶段,尚未完全准备好处理请求,或者存在其他启动过程中的延迟。
::: el-tabs
--- el-tab-item netstat
netstat -nltp | grep 9200输出如下内容
tcp6 0 0 :::9200 :::* LISTEN 2095487/java
--- el-tab-item _cat/health
curl 127.0.0.1:9200/_cat/health?pretty输出如下内容(输出green即为可用)
1739334792 04:33:12 my-es-cluster green 3 3 6 3 0 0 0 0 - 100.0%
:::
四、验证集群状态
1.检查集群状态
curl -X GET "localhost:9200/_cluster/health?pretty"输出如下内容
{
"cluster_name" : "my-es-cluster",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 3,
"number_of_data_nodes" : 3,
"active_primary_shards" : 3,
"active_shards" : 6,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}2.查询集群节点信息
curl -X GET "localhost:9200/_cat/nodes?v"输出如下内容
ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name
192.168.1.27 48 97 0 0.05 0.02 0.00 cdfhilmrstw * node-1
192.168.1.29 26 96 0 0.10 0.03 0.01 cdfhilmrstw - node-3
192.168.1.28 27 96 0 0.01 0.00 0.00 cdfhilmrstw - node-2- heap.percent: JVM 堆内存使用百分比。
- ram.percent: 系统内存使用百分比。
- node.role: 节点角色(如 m 表示 master,d 表示 data)。
- master: * 表示当前主节点。
五、删除initial_master_nodes
在每个节点的配置文件中删除 cluster.initial_master_nodes
vim /usr/local/elasticsearch7.17/config/elasticsearch.yml重启 elasticsearch 服务
systemctl restart elasticsearch7.17六、启用基础安全功能
1.生成TLS证书
由于集群构建在受控的内部网络中,暂定在 node-1 节点上使用 Elasticsearch 提供的工具生成一个自签名的节点证书,然后将生成的证书文件复制到其他节点。
cd /usr/local/elasticsearch7.17生成 elastic-certificates.p12 文件
bin/elasticsearch-certutil cert \
-out config/certs/elastic-certificates.p12 \
-pass ""chown -R es:es /usr/local/elasticsearch7.17/config/certs将生成的 elastic-certificates.p12 所在目录复制到节点2并修改其所属组
scp -r -P 22 \
config/certs \
root@192.168.1.28:/usr/local/elasticsearch7.17/config/ssh -p 22 \
root@192.168.1.28 \
chown -R es:es /usr/local/elasticsearch7.17/config/certs将生成的 elastic-certificates.p12 所在目录复制到节点3并修改其所属组
scp -r -P 22 \
config/certs \
root@192.168.1.29:/usr/local/elasticsearch7.17/config/ssh -p 22 \
root@192.168.1.29 \
chown -R es:es /usr/local/elasticsearch7.17/config/certs2.修改配置文件并重启服务
编辑每个节点的 elasticsearch.yml 文件
vim /usr/local/elasticsearch7.17/config/elasticsearch.yml在配置文件的末尾,添加以下配置
# 启用 X-Pack 安全功能
xpack.security.enabled: true
# 配置节点间通信加密
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/local/elasticsearch7.17/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/local/elasticsearch7.17/config/certs/elastic-certificates.p12重启每个节点的elasticsearch7.17
systemctl restart elasticsearch7.173.设置内置用户密码
TIP
为了便于后期维护,不允许通过bin/elasticsearch-setup-passwords auto设置内置用户密码。
密码说明
密码长度需不少于12位的随机字符串,且必须包含大小写字母、数字及特殊符号。 特殊符号不可以包含'、"、 @、#、:
手动设置密码,按提示依次输入各个账户密码(约定所有账户的密码一致)。
/usr/local/elasticsearch7.17/bin/elasticsearch-setup-passwords interactive查询集群节点信息
curl -u elastic:'<password>' -X GET "localhost:9200/_cat/nodes?v"七、安装分词插件
在每个节点上安装 Analysis-IK 分词插件,参考 Analysis-IK分词插件
附件一、节点说明
Every node in the cluster can handle HTTP and transport traffic by default. The transport layer is used exclusively for communication between nodes; the HTTP layer is used by REST clients. Commonly used network settings
If you don’t set node.roles, the node is assigned the following roles: master、data、data_content、data_hot、data_warm、data_cold、data_frozen、ingest、ml、remote_cluster_client、transform. Node Roles
https://www.elastic.co/guide/en/elasticsearch/reference/7.17/modules-node.html
总结
- 默认情况下,群集中的每个节点都能处理 HTTP 和传输流量。
- 默认情况下,节点同时具备主节点(Master Node)和数据节点(Data Node)的角色。