Elasticsearch 8.x 安装及集群配置
· 阅读需 5 分钟
Elasticsearch是一款实时分布式搜索和分析引擎,能够高效地存储、搜索和分析大量数据。它基于 Apache Lucene 库构建,广泛应用于全文搜索、日志分析、应用监控等领域。
本文将介绍如何通过编译好的归档文件��(.tar.gz)安装Elasticsearch,并进行集群配置。
Elasticsearch 安装
安装环境及 Elasticsearch 版本
- OS: Ubuntu 24.04 LTS
- Elasticsearch: 8.17.2
| No. | host name | IP |
|---|---|---|
| #1 | es-node1 | 192.168.234.128 |
| #2 | es-node2 | 192.168.234.129 |
| #3 | es-node3 | 192.168.234.130 |
下载并安装 Elasticsearch
下载Elasticsearch并解压至安装目录:
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.17.2-linux-x86_64.tar.gz
tar -xzf elasticsearch-8.17.2-linux-x86_64.tar.gz
sudo mv elasticsearch-8.17.2 /opt/elasticsearch
cd /opt/elasticsearch
创建用户及权限设置
sudo adduser elastic
sudo passwd elastic
sudo chown -R elastic:elastic /opt/elasticsearch
配置 Systemd 服务
创建 /etc/systemd/system/elasticsearch.service 文件,将 Elasticsearch 注册为系统服务:
sudo vim /etc/systemd/system/elasticsearch.service
elasticsearch.service
[Unit]
Description=Elasticsearch
After=network.target
[Service]
User=elastic
Group=elastic
ExecStart=/opt/elasticsearch/bin/elasticsearch
Restart=always
LimitMEMLOCK=infinity
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
sudo systemctl daemon-reload
配置防火墙
sudo firewall-cmd --permanent --add-port=9200/tcp
sudo firewall-cmd --permanent --add-port=9300/tcp
sudo firewall-cmd --permanent --add-port=5601/tcp
sudo firewall-cmd --reload
配置 Elasticsearch 集群
生成及分发证书
为了确保集群节点之间的安全通信,生成 SSL/TLS 证书并将其分发到各个节点:
在任意节点上生成 CA 证书:
sudo -u elastic ./bin/elasticsearch-certutil ca
sudo -u elastic ./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
将生成的 elastic-certificates.p12 文件复制到各节点的 /opt/elasticsearch/config 目录下:
sudo -u elastic scp elastic-certificates.p12 elastic@192.168.234.129:/opt/elasticsearch/config
sudo -u elastic scp elastic-certificates.p12 elastic@192.168.234.130:/opt/elasticsearch/config
sudo mv elastic-certificates.p12 config/elastic-certificates.p12
编辑 elasticsearch.yml
为每个节点指定唯一的 node.name,并添加集群相关配置。
sudo vim /opt/elasticsearch/config/elasticsearch.yml
- es-node1
- es-node2
- es-node3
elasticsearch.yml
cluster.name: es-cluster
node.name: node-1
network.host: 0.0.0.0
path.data: /opt/elasticsearch/data
path.logs: /opt/elasticsearch/logs
# 集群节点 IP 列表
discovery.seed_hosts: ["192.168.234.128", "192.168.234.129","192.168.234.130"]
# 集群初始主节点列表(首次配置后需注释掉)
cluster.initial_master_nodes: ["node-1", "node-2","node-3"]
# SSL/TLS 配置
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
elasticsearch.yml
cluster.name: es-cluster
node.name: node-2
network.host: 0.0.0.0
path.data: /opt/elasticsearch/data
path.logs: /opt/elasticsearch/logs
# 集群节点 IP 列表
discovery.seed_hosts: ["192.168.234.128", "192.168.234.129","192.168.234.130"]
# 集群初始主节点列表(首次配置后需注释掉)
cluster.initial_master_nodes: ["node-1", "node-2","node-3"]
# SSL/TLS 配置
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
elasticsearch.yml
cluster.name: es-cluster
node.name: node-3
network.host: 0.0.0.0
path.data: /opt/elasticsearch/data
path.logs: /opt/elasticsearch/logs
# 集群节点 IP 列表
discovery.seed_hosts: ["192.168.234.128", "192.168.234.129","192.168.234.130"]
# 集群初始主节点列表(首次配置后需注释掉)
cluster.initial_master_nodes: ["node-1", "node-2","node-3"]
# SSL/TLS 配置
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
注意:
cluster.initial_master_nodes仅在首次集群配置时需要,之后应将其注释掉。((Bootstrapping a cluster,官方文档))
启动集群并检查状态
在每个节点上启动 Elasticsearch 服务后,检查集群状态。
启动服务:
sudo systemctl start elasticsearch
重置 elastic 账户的密码:
sudo bin/elasticsearch-reset-password -u elastic -i
检查节点状态:
curl -u elastic:your_pass http://192.168.234.128:9200/_cat/nodes?v
ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name
192.168.234.130 19 89 88 1.30 0.80 0.37 cdfhilmrstw - node-3
192.168.234.129 24 89 9 0.29 0.17 0.13 cdfhilmrstw - node-2
192.168.234.128 10 90 17 0.00 0.00 0.00 cdfhilmrstw * node-1
检查集群健康状态:
curl -u elastic:your_pass http://192.168.234.128:9200/_cluster/health?pretty
{
"cluster_name" : "es-cluster",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 3,
"number_of_data_nodes" : 3,
"active_primary_shards" : 3,
"active_shards" : 6,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"unassigned_primary_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
Kibana 集成
默认elastic账户不能直接在Kibana中使用,Kibana需使用ES内置的 kibana_system 账户。
设置密码:
cd /opt/elasticsearch
sudo bin/elasticsearch-reset-password -u kibana_system -i
安装 Kibana
wget https://artifacts.elastic.co/downloads/kibana/kibana-8.17.2-linux-x86_64.tar.gz
tar -xzf kibana-8.17.2-linux-x86_64.tar.gz
sudo mv kibana-8.17.2 /opt/kibana
编辑 kibana.yml
sudo vim /opt/kibana/config/kibana.yml
kibana.yml
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://192.168.234.128:9200","http://192.168.234.129:9200","http://192.168.234.130:9200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "your_pass"
启动 Kibana
cd /opt/kibana
nohup bin/kibana &
现在,我们可以通过浏览器访问 http://192.168.234.128:5601(或 Kibana 安装节点的 IP 地址),并使用 elastic 账户登录。
