Elasticseach集群搭建简明教程

我们这里做一个三台服务器的集群，配置这样一个场景：

1. JVM内存配置为2G
2. 禁用批量删除索引
3. 配置SSL和开启账号密码
4. 集群配置
5. 动态添加集群节点

安装Elasticsearch

首先，从官网下载Elasticsearch安装包，然后将安装包 elasticsearch-7.5.1-x86_64.rpm 上传服务器。

然后，在各个服务器分别执行

[admin@iZbp150aqw850jwlm06qhcZ mnt]$ sudo yum install -y elasticsearch-7.5.1-x86_64.rpm

修改基础配置

1. 配置ES的JVM内存

[admin@iZbp13d7te8727w5phtisjZ ~]$  sudo sed -i /-Xms1g/c-Xms2g  /etc/elasticsearch/jvm.options
[admin@iZbp13d7te8727w5phtisjZ ~]$  sudo sed -i /-Xmx1g/c-Xmx2g /etc/elasticsearch/jvm.options

优化建议：

• 预留足够的内存空间给page cache。假设一台32GB内存的机器，配置16GB内存给ES进程使用，另外16GB给page cache，而不是将 xmx 设置成32GB。

• 禁用内存交换(/proc/sys/vm/swappiness)

[admin@iZbp150aqw850jwlm06qhcZ ~]$ echo 0 > /proc/sys/vm/swappiness 
[admin@iZbp150aqw850jwlm06qhcZ ~]$ cat  /etc/sysctl.conf
vm.swappiness = 0

• 配置JVM参数：-XX:+AlwaysPreTouch 减少新生代晋升到老年代时停顿。在启动时就把参数里说好了的内存全部都分配了，会使得启动慢上一点，但后面访问时会更流畅，比如页面会连续分配，比如不会在晋升新生代到老生代时才去访问页面，导致GC停顿时间加长

2. 禁用批量删除索引

[admin@iZbp150aqw850jwlm06qhcZ ~]$ sudo sed 's/#action.destructive_requires_name/action.destructive_requires_name/' /etc/elasticsearch/elasticsearch.yml

3. 集群相关修改

[admin@iZbp150aqw850jwlm06qhcZ elasticsearch]$ sudo cat /etc/elasticsearch/elasticserach.yml
# 略过...
cluster.name: elasticsearch
node.name: node-1
network.host: 0.0.0.0
http.port: 9200
cluster.initial_master_nodes: ["node-1"]
# 略过...

4. 启动elasticsearch服务

[admin@iZbp150aqw850jwlm06qhcZ elasticsearch]$ sudo systemctl start elasticsearch

动态添加集群节点

1. 集群至少需要3个节点组成
   修改配置，并将配置复制到其他2台机器。启动集群。

[admin@iZbp150aqw850jwlm06qhcZ elasticsearch]$ cat /etc/elasticsearch/elasticsearch.yml | egrep "discovery.seed_hosts|cluster.initial_master_nodes"
discovery.seed_hosts: ["172.16.9.51","172.16.9.52","172.16.8.51"]
cluster.initial_master_nodes: ["node-1","node-2","node-3"]
[admin@iZbp150aqw850jwlm06qhcZ elasticsearch]$ sudo systemctl start elasticsearch
[admin@iZbp150aqw850jwlm06qhcZ elasticsearch]$ curl http://localhost:9200/_nodes/process?pretty
{
  "_nodes" : {
    "total" : 3,
    "successful" : 3,
    "failed" : 0
  },
...

2. 动态添加节点，只需将配置复制到第4台机器，启动即可加入集群。

ES安全加固

1. 配置TLS

生成ca证书和密钥

[admin@iZbp150aqw850jwlm06qhcZ bin]$ sudo /usr/share/elasticsearch/bin/elasticsearch-certutil ca
[admin@iZbp150aqw850jwlm06qhcZ bin]$ sudo /usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
[admin@iZbp150aqw850jwlm06qhcZ bin]$ cp /usr/share/elasticsearch/elastic-certificates.p12 /etc/elasticsearch
[admin@iZbp150aqw850jwlm06qhcZ bin]$ cd /etc/elasticsearch
[admin@iZbp150aqw850jwlm06qhcZ bin]$ sudo chmod 666 elastic-certificates.p12 

配置SSL认证

[admin@iZbp13d7te8727w5phtisjZ elasticsearch]$ sudo cat elasticsearch.yml | grep xpack
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate # 证书认证级别
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

2. 开启账号密码

[admin@iZbp13d7te8727w5phtisjZ elasticsearch]$ sudo cat elasticsearch.yml | grep security
xpack.security.transport.ssl.enabled: true
xpack.security.enabled: true

3. 重启es

[admin@iZbp13d7te8727w5phtisjZ etc]$ sudo systemctl restart elasticsearch 

4. 设置密码

[admin@iZbp150aqw850jwlm06qhcZ elasticsearch]$ sudo /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y


Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

5. 查看效果

[admin@iZbp150aqw850jwlm06qhcZ elasticsearch]$ curl -u elastic http://localhost:9200
Enter host password for user 'elastic':
{
  "name" : "node-1",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "DibbE_FdSgC4641FOfRq6A",
  "version" : {
    "number" : "7.5.1",
    "build_flavor" : "default",
    "build_type" : "rpm",
    "build_hash" : "3ae9ac9a93c95bd0cdc054951cf95d88e1e18d96",
    "build_date" : "2019-12-16T22:57:37.835892Z",
    "build_snapshot" : false,
    "lucene_version" : "8.3.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

6. 将 elastic-certificates.p12 复制到另外两台服务器，然后重复从配置SSL认证开始的步骤，即可搭建一个安全的集群环境。

The End !

参考文章：
Elasticsearch 安全加固
Install Elasticsearch with RPM
elasticsearch-.yml（中文配置详解）
配置节点证书