Elasticsearch 8.8.0 分布式集群搭建 原创
业务场景
日志类业务,主要用作日志存储,用作查询以及分析。
目前每天的日志量200G,日志存储90天,日志副本数为1,总计日志量为36T。
计算规则:
- 日志量和索引的比例大约为1:1,所以200G的日志量会在ES中存储200G的索引数据。
- 副本数为1,则日志量会翻倍,也就是每天有400G的日志量。
- 预留15%的警戒磁盘水位空间。
- 为错误余量和后台活动预留5%的空间。
- 日志季度的增量约为10%。
| 磁盘和内存比列 | 有效保留期(天) | 需存储的数据(G) | 所需总磁盘空间(G) | 所需总内存(G) |
|---|---|---|---|---|
| 200:1 | 90 | 36000 | 51000G | 255 |
整个集群的数据节点划分为6个,主节点为3个,资源配置如下:
| 节点 | CPU(核) | 内存(G) | 数据盘(G) |
|---|---|---|---|
| es-master1 | 4 | 8 | 0 |
| es-master2 | 4 | 8 | 0 |
| es-master3 | 4 | 8 | 0 |
| es-node1 | 8 | 32 | 8500 |
| es-node2 | 8 | 32 | 8500 |
| es-node3 | 8 | 32 | 8500 |
| es-node4 | 8 | 32 | 8500 |
| es-node5 | 8 | 32 | 8500 |
| es-node6 | 8 | 32 | 8500 |
| 总计 | 60 | 216 | 51000 |
注:为了性能,需要采用SSD磁盘。
集群信息
(1)ES信息
ES版本:8.8.0 安装方式:RPM包安装 数据目录:/data
(2)集群信息:服务器地址以及角色分配
10.74.11.124 es-node-01
10.74.11.125 es-node-02
10.74.11.126 es-node-03
10.74.11.127 es-node-04
10.74.11.128 es-node-05
10.74.11.129 es-node-06
10.74.11.130 es-master-01
10.74.11.131 es-master-02
10.74.11.132 es-master-03
服务器初始化
bash
# 修改环境变量文件
vim /etc/profile
ulimit -n 65535
# 使配置生效
source /etc/profile
# 修改limits.conf配置
vim /etc/security/limits.conf
* soft nofile 65536
* hard nofile 65536
# 修改虚拟内存
cat >> /etc/sysctl.conf << EOF
vm.max_map_count=262144
EOF
# sysctl -p vm.max_map_count = 262144
# 修改主机名
hostnamectl set-hostname es-master-01
# 配置本地hosts
vim /etc/hosts
10.74.11.124 es-node-01
10.74.11.125 es-node-02
10.74.11.126 es-node-03
10.74.11.127 es-node-04
10.74.11.128 es-node-05
10.74.11.129 es-node-06
10.74.11.130 es-master-01
10.74.11.131 es-master-02
10.74.11.132 es-master-03部署ES
部署
(1)下载rpm包(https://elasticsearch.cn/download/)
bash
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.8.0-x86_64.rpm(2)安装节点
bash
rpm -ivh elasticsearch-8.8.0-x86_64.rpm安装 Elasticsearch 时,默认情况下会启用和配置安全功能。安装 Elasticsearch 时,会自动进行以下配置:
- 启用身份验证和授权,并生成超级用户elastic的密码。
- 启用TLS 的证书和密钥,为传输层和 HTTP 层加密生成的。
密码、证书和密钥将会显示在终端。
(3)设置开机自启动
bash
systemctl daemon-reload
systemctl enable elasticsearch.service(4)创建数据目录
bash
mkdir /data/elasticsearch -p
chown elasticsearch:elasticsearch /data -R(5)修改JVM参数:min(机器内存一半:32G)
bash
cat > /etc/elasticsearch/jvm.options.d/es.options << EOF
-Xms20g
-Xmx20g
EOF(6)修改ES配置
修改es配置时,先拷贝默认配置文件到其他目录下,使用默认配置文件加入集群后,再替换新的配置文件启动es服务,从es8开始需要使用token注册集群才能正常启动。在配置master节点时,先不要设置node.roles,因为在集群初始化过程中需要写入集群元数据索引,如果集群节点仅设置为master无法写入数据,集群状态为red,无法生成token,其他节点无法加入集群。
yaml
cluster.name: dae-es-log
node.name: es-master-01
# node.roles: [ master, ingest ] # 先不设置集群角色,待集群全部加入后再设置
path.data: /data/elasticsearch
path.logs: /data/elasticsearch
network.host: 0.0.0.0
# 填写集群ip或主机名列表
discovery.seed_hosts:
[
"es-master-01",
"es-master-02",
"es-master-03",
"es-node-01",
"es-node-02",
"es-node-03",
"es-node-04",
"es-node-05",
"es-node-06",
]
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
cluster.initial_master_nodes: ["es-master-01"] # master节点IP或主机名
http.host: 0.0.0.0(7)启动elasticsearch
bash
systemctl start elasticsearch(8)生成集群token
bash
/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node(9)所有节点加入集群
加入集群之前需要先在每个节点上安装elasticsearch的rpm包,安装完成后不需要修改配置文件。
bash
/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token eyJ2ZXIiOiI4LjguMCIsImFkciI6WyIxMC43NC4xMS4xMzA6OTIwMCJdLCJmZ3IiOiI5NDFhYjJmZmUxOWJmOWZlYzM3NTZlZmJjYzgzZmJlNGEzMmY5YmI5ZGIzOWJmYTM2ODEyYzk0ODgwM2I5MTQzIiwia2V5IjoiYjIwd1A0b0IzVGJrbnNiT3FXWEE6amNwMV9CSFdTek81clF0MnI4ODVjUSJ9(10)修改配置文件
es-master-02的配置
yaml
cluster.name: dae-es-log
node.name: es-master-02
node.roles: [master, ingest]
path.data: /data/elasticsearch
path.logs: /data/elasticsearch
network.host: 0.0.0.0
http.port: 9200
discovery.seed_hosts:
[
"es-master-01",
"es-master-02",
"es-master-03",
"es-node-01",
"es-node-02",
"es-node-03",
"es-node-04",
"es-node-05",
"es-node-06",
]
cluster.initial_master_nodes: ["es-master-01"]
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
http.host: 0.0.0.0es-node-01的配置
yaml
cluster.name: dae-es-log
node.name: es-node-01
node.roles: [data]
path.data: /data/elasticsearch
path.logs: /data/elasticsearch
network.host: 0.0.0.0
http.port: 9200
discovery.seed_hosts:
[
"es-master-01",
"es-master-02",
"es-master-03",
"es-node-01",
"es-node-02",
"es-node-03",
"es-node-04",
"es-node-05",
"es-node-06",
]
cluster.initial_master_nodes: ["es-master-01"]
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
http.host: 0.0.0.0TIPS:其他节点配置类似
(11)启动所有节点elasticsearch
(12)重置elastic的用户密码
bash
/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic(13)修改第一个master节点属性(第一台部署的机器)
由于在集群初始化过程中,master节点写入了集群元数据索引,需要先将元数据迁移至其他数据节点。我们可以使用cluster.routing.allocation.exclude._ip,将指定节点ip上面的分片分配到其他节点上。
bash
curl -X PUT -H 'content-type:application/json' -d '{"transient":{"cluster.routing.allocation.exclude._ip":"10.74.11.130"}}' --cacert /etc/elasticsearch/certs/http_ca.crt https:// elastic:xxxxx@127.0.0.1:9200/_cluster/settings等待分片迁移完成后,查看分片信息验证,保证master节点无分片数据。
bash
curl --cacert /etc/elasticsearch/certs/http_ca.crt https:// elastic:xxxxx@127.0.0.1:9200/_cat/shards?修改es配置,指定角色
yaml
node.roles: [master, ingest]然后重启elasticsearch。
集群状态
(1)查看集群状态
bash
curl --cacert /etc/elasticsearch/certs/http_ca.crt https://elastic:xxxxx@127.0.0.1:9200/_cat/health?
curl --cacert /etc/elasticsearch/certs/http_ca.crt https://elastic:xxxxx@127.0.0.1:9200/_cluster/health?pretty(2)查看节点状态
bash
curl --cacert /etc/elasticsearch/certs/http_ca.crt https://elastic:xxxxx@127.0.0.1:9200/_cat/nodes?v(3)查看分片分布
bash
curl --cacert /etc/elasticsearch/certs/http_ca.crt https://elastic:xxxxx@127.0.0.1:9200/_cat/shards?部署Kibana
(1)部署kibana rpm包
bash
wget https://artifacts.elastic.co/downloads/kibana/kibana-8.8.0-x86_64.rpm(2)生成kibana令牌
bash
/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana(3)kibana注册集群
bash
/usr/share/kibana/bin/kibana-setup --enrollment-token eyJ2ZXIiOiI4LjguMCIsImFkciI6WyIxMC43NC4xMS4xMzA6OTIwMCJdLCJmZ3IiOiI5NDFhYjJmZmUxOWJmOWZlYzM3NTZlZmJjYzgzZmJlNGEzMmY5YmI5ZGIzOWJmYTM2ODEyYzk0ODgwM2I5MTQzIiwia2V5IjoiTFVyS1A0b0JTTmtVWU1HZ2hRdzc6UktEWlZwczVUSW1ENHRvQUd0Ny1TUSJ9(4)修改kibana配置
bash
vim /etc/kibana/kibana.yaml
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ['https://10.74.11.124:9200','https://10.74.11.125:9200',"https://10.74.11.126:9200","https://10.74.11.127:9200","https://10.74.11.128:9200","https://10.74.11.129:9200"]
elasticsearch.serviceAccountToken: AAEAAWVsYXN0aWMva2liYW5hL2Vucm9sbC1wcm9jZXNzLXRva2VuLTE2OTMyODczOTI3NDY6VnNfNDJuM05UaUtBMkVfZ1Jtc2tBQQ
elasticsearch.ssl.certificateAuthorities: [/var/lib/kibana/ca_1693287394101.crt]
xpack.fleet.outputs: [{id: fleet-default-output, name: default, is_default: true, is_default_monitoring: true, type: elasticsearch, hosts: ['https://10.74.11.124:9200','https://10.74.11.125:9200',"https://10.74.11.126:9200","https://10.74.11.127:9200","https://10.74.11.128:9200","https://10.74.11.129:9200"], ca_trusted_fingerprint: 941ab2ffe19bf9fec3756efbcc83fbe4a32f9bb9db39bfa36812c948803b9143}]监控
bash
nohup ./elasticsearch_exporter --es.uri="https://elastic:xxxxx@10.74.11.131:9200" --es.ca="/etc/elasticsearch/certs/http_ca.crt" --es.all --es.indices --es.indices_settings --es.indices_mappings --es.aliases --es.ilm --es.shards --es.clusterinfo.interval=5m &Tips: 导入dashboard 2322
清理
bash
# 删除数据流
curl -X DELETE --cacert /etc/elasticsearch/certs/http_ca.crt https://elastic:xxxxx@127.0.0.1:9200/_data_stream/sda-pre-mqtt-data-log-2023*签发新证书
证书会存在过期的情况,这时候可能需要签发新的证书。
(1)生成新的CA证书
bash
/usr/share/elasticsearch/bin/elasticsearch-certutil ca --pem --out /root/ca/ca.zip --pass "<自定义密码>"(2)列出所有节点信息,放到 instances.yml 中
yaml
instances:
- name: "es-master-01"
dns: ["es-master-01", "localhost"]
ip: ["10.74.11.130", "127.0.0.1"]
- name: "es-master-02"
dns: ["es-master-02", "localhost"]
ip: ["10.74.11.131", "127.0.0.1"]
- name: "es-master-03"
dns: ["es-master-03", "localhost"]
ip: ["10.74.11.132", "127.0.0.1"]
- name: "es-node-01"
dns: ["es-node-01", "localhost"]
ip: ["10.74.11.124", "127.0.0.1"]
- name: "es-node-02"
dns: ["es-node-02", "localhost"]
ip: ["10.74.11.125", "127.0.0.1"]
- name: "es-node-03"
dns: ["es-node-03", "localhost"]
ip: ["10.74.11.126", "127.0.0.1"]
- name: "es-node-04"
dns: ["es-node-04", "localhost"]
ip: ["10.74.11.127", "127.0.0.1"]
- name: "es-node-05"
dns: ["es-node-05", "localhost"]
ip: ["10.74.11.128", "127.0.0.1"]
- name: "es-node-06"
dns: ["es-node-06", "localhost"]
ip: ["10.74.11.129", "127.0.0.1"](3)生成服务端证书
bash
/usr/share/elasticsearch/bin/elasticsearch-certutil cert --pem --ca-cert /root/ca/ca.crt --ca-key /root/ca/ca.key --in instances.yml --out /root/certs/certs.zip --pass "<自定义密码>"(4)配置 ES 各节点证书,将证书放到配置目录,修改/etc/elasticsearch/elasticsearch.yml;transport是传输层证书,跟http设置为一样的即可;注意每个节点使用自己的服务端证书
yaml
xpack.security.http.ssl:
enabled: true
certificate: new-certs/es-master-01.crt
key: new-certs/es-master-01.key
xpack.security.transport.ssl:
enabled: true
certificate: new-certs/es-master-01.crt
key: new-certs/es-master-01.key
certificate_authorities: new-certs/ca.crt(5)配置ca和服务端证书私钥的密码,es解析证书需要
bash
`# 输入生成服务端证书时的密码即可`
`/usr/share/elasticsearch/bin/elasticsearch-keystore add xpack.security.http.ssl.secure_key_passphrase`
`# 传输层密码一样`
`/usr/share/elasticsearch/bin/elasticsearch-keystore add xpack.security.transport.ssl.secure_key_passphrase`(6)重启 ES 服务
bash
systemctl restart elasticsearch(7)- 修改kibana配置 /etc/kibana/kibana.yml,指纹获取方式 openssl x509 -in /path/to/your/ca.crt -fingerprint -sha256 -noout,将输出的结果去掉冒号即可
yaml
elasticsearch.hosts:
[
"https://es-node-01:9200",
"https://es-node-02:9200",
"https://es-node-03:9200",
"https://es-node-04:9200",
"https://es-node-05:9200",
"https://es-node-06:9200",
]
elasticsearch.ssl.certificateAuthorities: [/etc/kibana/new-certs/ca.crt]
xpack.fleet.outputs:
[
{
id: fleet-default-output,
name: default,
is_default: true,
is_default_monitoring: true,
type: elasticsearch,
hosts:
[
"https://es-node-01:9200",
"https://es-node-02:9200",
"https://es-node-03:9200",
"https://es-node-04:9200",
"https://es-node-05:9200",
"https://es-node-06:9200",
],
ca_trusted_fingerprint: BBE79C39BDCCFEC40DC352A97A63B99857B941D9B9BA397F70D4E7641D74D3F4,
},
](8)重启 kibana
bash
systemctl restart kibana