搭建ES集群環(huán)境

準(zhǔn)備

1. 三臺(tái)服務(wù)器
2. 其中一臺(tái)為主機(jī)節(jié)點(diǎn)
3. ES安裝自行上傳到各個(gè)節(jié)點(diǎn)home路徑下并解壓重命名
4. 集群名稱：cluster-big-data同一個(gè)集群多個(gè)節(jié)點(diǎn)，集群名稱必須相同，節(jié)點(diǎn)名稱不同。
5. 用戶賬號(hào)：es_user

節(jié)點(diǎn)	ip地址	服務(wù)端口	傳輸端口	內(nèi)存(GB)	CPU(核)	磁盤(GB)
node1	192.168.0.114	9200	9300	16G	8	100
node2	192.168.0.123	9200	9300	8G	4	50
node3	192.168.0.125	9200	9300	8G	4	50

重要路徑說明

名稱	路徑
根路徑	/home/elasticsearch/
配置文件路徑	/home/elasticsearch/config/
SSL證書路徑	/home/elasticsearch/config/certs/
快照共享路徑	/home/elasticsearch/snapshot/

開始搭建

這里跳過了用戶創(chuàng)建，密碼生成等步奏，詳情參考ES安裝文檔

一、創(chuàng)建路徑(三個(gè)節(jié)點(diǎn)都需要?jiǎng)?chuàng)建)

創(chuàng)建快照和證書路徑

[root@localhost ~] su es_user
[es_user@localhost ~]  mkdir -p /home/elasticsearch/snapshot/
[es_user@localhost ~]  mkdir -p /home/elasticsearch/config/certs/

二、NFS共享快照路徑（主節(jié)點(diǎn)）

切換 root 用戶安裝共享軟件

[root@localhost elasticsearch] su root
[root@localhost elasticsearch] yum -y install nfs-utils rpcbind

編輯 /etc/exports 文件,增加以下內(nèi)容

[root@localhost elasticsearch] vi /etc/exports

/home/elasticsearch/snapshot *(rw,sync,no_root_squash)

使文件生效 exportfs -rv

[root@localhost elasticsearch] exportfs -rv
exporting *:/home/elasticsearch/snapshot

啟動(dòng) rpcbind 和 nfs 服務(wù)

[root@localhost share] systemctl start rpcbind
[root@localhost share] systemctl start nfs
#或centos8
[root@localhost share] systemctl start nfs-server

測試是否可以聯(lián)機(jī),輸出共享地址成功

[root@localhost share] showmount -e localhost
Export list for localhost:
/www/share * 

三、生成證書（主節(jié)點(diǎn)）

請使用 es_user 進(jìn)行操作

生成授權(quán)證書，輸入密碼處直接回車

[es_user@localhost elasticsearch] ./bin/elasticsearch-certutil ca
This tool assists you in the generation of X.509 certificates and certificate
signing requests for use with SSL/TLS in the Elastic stack.

The 'ca' mode generates a new 'certificate authority'
This will create a new X.509 certificate and private key that can be used
to sign certificate when running in 'cert' mode.

Use the 'ca-dn' option if you wish to configure the 'distinguished name'
of the certificate authority

By default the 'ca' mode produces a single PKCS#12 output file which holds:
    * The CA certificate
    * The CA's private key

If you elect to generate PEM format certificates (the -pem option), then the output will
be a zip file containing individual files for the CA certificate and private key

Please enter the desired output file [elastic-stack-ca.p12]: 
Enter password for elastic-stack-ca.p12 :

生成秘鑰證書，輸入密碼處直接回車

[es_user@localhost elasticsearch] ./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 
If you specify any of the following options:
    * -pem (PEM formatted output)
    * -keep-ca-key (retain generated CA key)
    * -multiple (generate multiple certificates)
    * -in (generate certificates from an input file)
then the output will be be a zip file containing individual certificate/key files

Enter password for CA (elastic-stack-ca.p12) : 
Please enter the desired output file [elastic-certificates.p12]: 
Enter password for elastic-certificates.p12 : 

Certificates written to /home/elasticsearch/elastic-certificates.p12

This file should be properly secured as it contains the private key for 
your instance.

This file is a self contained file and can be copied and used 'as is'
For each Elastic product that you wish to configure, you should copy
this '.p12' file to the relevant configuration directory
and then follow the SSL configuration instructions in the product guide.

For client applications, you may only need to copy the CA certificate and
configure the client to trust this certificate

執(zhí)行以上兩個(gè)命令后ES根目錄會(huì)生成兩個(gè)文件分別是elastic-certificates.p12 elastic-stack-ca.p12

將生成的證書文件拷貝到證書目錄下

[es_user@localhost elasticsearch] cp elastic-stack-ca.p12 ./config/certs/
[es_user@localhost elasticsearch] cp elastic-certificates.p12 ./config/certs/

四、其他節(jié)點(diǎn)證書

將主節(jié)點(diǎn)證書進(jìn)行打包，分別上傳到其他兩個(gè)節(jié)點(diǎn)服務(wù)器中

進(jìn)入ES配置文件路徑

[es_user@localhost elasticsearch] cd config/

打包

[es_user@localhost config]$ tar -zcf certs.tar.gz certs/

證書上傳到節(jié)點(diǎn)1和節(jié)點(diǎn)2，這里使用 scp 命令進(jìn)行上傳到目標(biāo)服務(wù)，你可以使用其他FTP工具上傳，上傳過程需要接受秘鑰輸入yes然后會(huì)提示輸入密碼

scp 要上傳的文件 賬號(hào)@目標(biāo)服務(wù)器ip:目標(biāo)服務(wù)器路徑

[es_user@localhost config]$ scp certs.tar.gz root@192.168.0.123:/home/elasticsearch/config
The authenticity of host '192.168.0.123 (192.168.0.123)' can't be established.
ECDSA key fingerprint is SHA256:iQ6EJttEclqNvpNZIfPEmHemPwT+nbRRMLBXOkB5Kys.
ECDSA key fingerprint is MD5:6b:0d:32:1a:39:98:28:d0:1b:b0:6a:b7:d6:5a:57:c6.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.123' (ECDSA) to the list of known hosts.
root@192.168.0.123's password: 
certs.tar.gz            

[es_user@localhost config]$ scp certs.tar.gz root@192.168.0.125:/home/elasticsearch/config
The authenticity of host '192.168.0.125 (192.168.0.125)' can't be established.
ECDSA key fingerprint is SHA256:iQ6EJttEclqNvpNZIfPEmHemPwT+nbRRMLBXOkB5Kys.
ECDSA key fingerprint is MD5:6b:0d:32:1a:39:98:28:d0:1b:b0:6a:b7:d6:5a:57:c6.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.125' (ECDSA) to the list of known hosts.
root@192.168.0.125's password: 
certs.tar.gz      

掛載共享文件夾

節(jié)點(diǎn)2 節(jié)點(diǎn)3 安裝

[root@log1 ~] yum -y install nfs-utils

啟動(dòng) nfs 客戶端服務(wù)

[root@log1 ~] systemctl start nfs-utils

掛載共享df驗(yàn)證最后一條記錄出現(xiàn)證明掛載成功

[root@log1 ~] mount -t nfs 192.168.0.114:/home/elasticsearch/snapshot /home/elasticsearch/snapshot
[root@log1 ~] df
文件系統(tǒng)                                      1K-塊     已用     可用 已用% 掛載點(diǎn)
devtmpfs                                    3983136        0  3983136    0% /dev
tmpfs                                       3995008        0  3995008    0% /dev/shm
tmpfs                                       3995008    12068  3982940    1% /run
tmpfs                                       3995008        0  3995008    0% /sys/fs/cgroup
/dev/mapper/centos-root                    52403200  3525292 48877908    7% /
/dev/mapper/centos-home                    64054724 22962908 41091816   36% /home
/dev/sda1                                   1038336   198548   839788   20% /boot
tmpfs                                        799004        0   799004    0% /run/user/0
192.168.0.114:/home/elasticsearch/snapshot 43094016  1163264 41930752    3% /home/elasticsearch/snapshot

編寫ES配置文件

節(jié)點(diǎn)1

cluster.name: cluster-big-data
node.name: node-1

# 不能使用 0.0.0.0 或 127.0.0.1
network.host: 192.168.0.114
http.port: 9200

# 主節(jié)點(diǎn)選舉
node.master: true
# 允許該節(jié)點(diǎn)存儲(chǔ)數(shù)據(jù)
node.data: true

# 集群發(fā)現(xiàn)地址
discovery.seed_hosts: ["192.168.0.114","192.168.0.123","192.168.0.125"]
# 集群節(jié)點(diǎn)發(fā)現(xiàn)
cluster.initial_master_nodes: ["node-1","node-2","node-3"]
# 快照備份路徑
path.repo: /home/elasticsearch/snapshot/
# 開啟系統(tǒng)監(jiān)控日志收集
xpack.monitoring.collection.enabled: true
# 數(shù)據(jù)保留時(shí)間默認(rèn) 7天
xpack.monitoring.history.duration: 7d

xpack.ml.enabled: false
# 開啟系統(tǒng)安全
xpack.security.enabled: true

xpack.security.http.ssl.enabled: false
xpack.security.http.ssl.keystore.path: /home/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.http.ssl.truststore.path: /home/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.http.ssl.client_authentication: "optional"

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /home/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /home/elasticsearch/config/certs/elastic-certificates.p12

節(jié)點(diǎn)2

cluster.name: cluster-big-data
node.name: node-2

# 不能使用 0.0.0.0 或 127.0.0.1
network.host: 192.168.0.123
http.port: 9200

# 主節(jié)點(diǎn)選舉
node.master: true
# 允許該節(jié)點(diǎn)存儲(chǔ)數(shù)據(jù)
node.data: true
# 集群發(fā)現(xiàn)地址
discovery.seed_hosts: ["192.168.0.114","192.168.0.123","192.168.0.125"]
# 集群節(jié)點(diǎn)發(fā)現(xiàn)
cluster.initial_master_nodes: ["node-1","node-2","node-3"]
# 快照備份路徑
path.repo: /home/elasticsearch/snapshot/
# 開啟系統(tǒng)監(jiān)控日志收集
xpack.monitoring.collection.enabled: true
# 數(shù)據(jù)保留時(shí)間默認(rèn) 7天
xpack.monitoring.history.duration: 7d

xpack.ml.enabled: false
# 開啟系統(tǒng)安全
xpack.security.enabled: true

xpack.security.http.ssl.enabled: false
xpack.security.http.ssl.keystore.path: /home/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.http.ssl.truststore.path: /home/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.http.ssl.client_authentication: "optional"

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /home/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /home/elasticsearch/config/certs/elastic-certificates.p12

節(jié)點(diǎn)3(不參與選舉)

cluster.name: cluster-big-data
node.name: node-3

# 不能使用 0.0.0.0 或 127.0.0.1
network.host: 192.168.0.125
http.port: 9200

# 主節(jié)點(diǎn)選舉
node.master: true
# 允許該節(jié)點(diǎn)存儲(chǔ)數(shù)據(jù)
node.data: true

# 集群發(fā)現(xiàn)地址
discovery.seed_hosts: ["192.168.0.114","192.168.0.123","192.168.0.125"]
# 集群節(jié)點(diǎn)發(fā)現(xiàn)
cluster.initial_master_nodes: ["node-1","node-2","node-3"]
# 快照備份路徑
path.repo: /home/elasticsearch/snapshot/
# 開啟系統(tǒng)監(jiān)控日志收集
xpack.monitoring.collection.enabled: true
# 數(shù)據(jù)保留時(shí)間默認(rèn) 7天
xpack.monitoring.history.duration: 7d

xpack.ml.enabled: false
# 開啟系統(tǒng)安全
xpack.security.enabled: true

xpack.security.http.ssl.enabled: false
xpack.security.http.ssl.keystore.path: /home/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.http.ssl.truststore.path: /home/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.http.ssl.client_authentication: "optional"

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /home/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /home/elasticsearch/config/certs/elastic-certificates.p12

啟動(dòng)服務(wù)

注意事項(xiàng)：

1. 先啟動(dòng)節(jié)點(diǎn)1(切換 es_user 用戶)
2. 解壓各個(gè)節(jié)點(diǎn)certs證書壓縮包
3. 將上面的配置文件拷貝到各個(gè)節(jié)點(diǎn) 配置文件路徑 文件名稱elasticsearch.yml
4. 測試調(diào)試階段建議前臺(tái)方式啟動(dòng)， ./elasticsearch 不要加 -d 方便調(diào)試
5. 只有集群服務(wù)正常啟動(dòng)并相互連接成功，才可以進(jìn)SSL加密盤配置已經(jīng)啟用戶賬號(hào)密碼

進(jìn)入節(jié)點(diǎn)1 es 跟路徑下的 bin 目錄啟動(dòng)。其他節(jié)點(diǎn)同樣操作

[es_user@localhost bin]$ ./elasticsearch

當(dāng)控制輸出以下信息，服務(wù)啟動(dòng)成功

[2022-09-24T13:52:58,346][INFO ][o.e.h.AbstractHttpServerTransport] [node-1] publish_address {192.168.0.114:9200}, bound_addresses {192.168.0.114:9200}
[2022-09-24T13:52:58,347][INFO ][o.e.n.Node               ] [node-1] started
[2022-09-24T13:53:00,587][INFO ][o.e.x.s.a.TokenService   ] [node-1] refresh keys
[2022-09-24T13:53:01,546][INFO ][o.e.x.s.a.TokenService   ] [node-1] refreshed keys
[2022-09-24T13:53:03,308][INFO ][o.e.c.s.ClusterApplierService] [node-1] added node-3{nFwDnacnSymxg8gF1jUW2Q}{kONSgIoTRWC3Mz5am24Gdw}{192.168.0.125}{192.168.0.125:9300}{cdfhirstw}}, term: 1, version: 21, reason: ApplyCommitRequest{term=1, version=21, sourceNode={node-2}{xJUzhmMXTS-mDBsIdMFNeA}{PspPplLTQH-cAwhk8ZveqQ}{192.168.0.123}{192.168.0.123:9300}{cdfhimrstw}{xpack.installed=true, transform.node=true}}
[2022-09-24T13:53:06,031][INFO ][o.e.l.LicenseService     ] [node-1] license [212e41c8-54e6-476d-b453-1e7f03a7a4ca] mode [basic] - valid
[2022-09-24T13:53:06,034][INFO ][o.e.x.s.a.Realms         ] [node-1] license mode is [basic], currently licensed security realms are [reserved/reserved,file/default_file,native/default_native]
[2022-09-24T13:53:06,038][INFO ][o.e.x.s.s.SecurityStatusChangeListener] [node-1] Active license is now [BASIC]; Security is enabled
[2022-09-24T13:53:10,908][INFO ][o.e.i.g.DatabaseRegistry ] [node-1] downloading geoip database [GeoLite2-ASN.mmdb] to [/tmp/elasticsearch-2213883239317334326/geoip-databases/IIU3ckuVSJOrT4zp61GBJg/GeoLite2-ASN.mmdb.tmp.gz]
[2022-09-24T13:53:11,042][INFO ][o.e.x.s.a.AuthorizationService] [node-1] Took [67ms] to resolve [1] indices for action [indices:data/read/search] and user [_xpack]
[2022-09-24T13:53:12,810][INFO ][o.e.i.g.DatabaseRegistry ] [node-1] successfully reloaded changed geoip database file [/tmp/elasticsearch-2213883239317334326/geoip-databases/IIU3ckuVSJOrT4zp61GBJg/GeoLite2-ASN.mmdb]
[2022-09-24T13:53:22,738][INFO ][o.e.i.g.DatabaseRegistry ] [node-1] downloading geoip database [GeoLite2-City.mmdb] to [/tmp/elasticsearch-2213883239317334326/geoip-databases/IIU3ckuVSJOrT4zp61GBJg/GeoLite2-City.mmdb.tmp.gz]
[2022-09-24T13:53:25,217][INFO ][o.e.i.g.DatabaseRegistry ] [node-1] downloading geoip database [GeoLite2-Country.mmdb] to [/tmp/elasticsearch-2213883239317334326/geoip-databases/IIU3ckuVSJOrT4zp61GBJg/GeoLite2-Country.mmdb.tmp.gz]
[2022-09-24T13:53:25,889][INFO ][o.e.i.g.DatabaseRegistry ] [node-1] successfully reloaded changed geoip database file [/tmp/elasticsearch-2213883239317334326/geoip-databases/IIU3ckuVSJOrT4zp61GBJg/GeoLite2-Country.mmdb]
[2022-09-24T13:53:29,254][INFO ][o.e.i.g.DatabaseRegistry ] [node-1] successfully reloaded changed geoip database file [/tmp/elasticsearch-2213883239317334326/geoip-databases/IIU3ckuVSJOrT4zp61GBJg/GeoLite2-City.mmdb]

賬號(hào)密碼

節(jié)點(diǎn)1新開窗口，進(jìn)入節(jié)點(diǎn)1 es 跟路徑下 生成賬號(hào)密碼。生成的賬號(hào)密碼妥善保管，賬號(hào)密碼信息會(huì)自動(dòng)同步到ES各個(gè)節(jié)點(diǎn)上

[root@localhost elasticsearch]./bin/elasticsearch-setup-passwords auto
warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME
Future versions of Elasticsearch will require Java 11; your Java version from [/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.342.b07-1.el7_9.x86_64/jre] does not meet this requirement. Consider switching to a distribution of Elasticsearch with a bundled JDK. If you are already using a distribution with a bundled JDK, ensure the JAVA_HOME environment variable is not set.
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
The passwords will be randomly generated and printed to the console.
Please confirm that you would like to continue [y/N]y


Changed password for user apm_system
PASSWORD apm_system = eXy9NUaSVDhESUE6DS6R

Changed password for user kibana_system
PASSWORD kibana_system = OSjK4VW5EV70AWtGapYy

Changed password for user kibana
PASSWORD kibana = OSjK4VW5EV70AWtGapYy

Changed password for user logstash_system
PASSWORD logstash_system = bUQQv1tCRJdIYn9qby7D

Changed password for user beats_system
PASSWORD beats_system = uMLotKFFRfqGkO9TFRWq

Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = 7WHftn76huCDoMUi6XtN

Changed password for user elastic
PASSWORD elastic = z6DV6iFBcat0euvD7o5g

驗(yàn)證ES集群，查看節(jié)點(diǎn) http://elastic:z6DV6iFBcat0euvD7o5g@192.168.0.114:9200/_cat/nodes

http://賬號(hào):ES密碼@主機(jī)IP地址:端口/_cat/nodes

我們可以看到此時(shí)node-2為主節(jié)點(diǎn)，有*表示主節(jié)點(diǎn)

[root@localhost elasticsearch] curl http://elastic:z6DV6iFBcat0euvD7o5g@192.168.0.114:9200/_cat/nodes
192.168.0.114 12 59 7 1.18 1.48 1.15 cdfhimrstw - node-1
192.168.0.125  9 98 6 0.24 0.40 0.43 cdfhirstw  - node-3
192.168.0.123  5 98 5 0.40 0.44 0.48 cdfhimrstw * node-2

啟用SSL加密

Ctrl+c 停止所有節(jié)點(diǎn)服務(wù)，修改所有節(jié)點(diǎn)/home/elasticsearch/config/elasticsearch.yml 配置文件

# 修改前
xpack.security.http.ssl.enabled: false
# 修改后
xpack.security.http.ssl.enabled: true

再次啟動(dòng)各個(gè)服務(wù)，啟動(dòng)成功再次驗(yàn)證

注意：

1. 此時(shí)請求協(xié)議變成了https 主節(jié)點(diǎn)變成了node1，我們需要把主節(jié)點(diǎn)的信息配置到 java配置文件中（參考打包部署章節(jié)）
2. 主節(jié)點(diǎn)不是固定不變的，當(dāng)其中一個(gè)節(jié)點(diǎn)發(fā)生宕機(jī)，那么其他節(jié)點(diǎn)可以選舉為主節(jié)點(diǎn)。

[root@localhost elasticsearch] curl https://elastic:z6DV6iFBcat0euvD7o5g@192.168.0.114:9200/_cat/nodes --insecure
192.168.0.114 13 60 9 1.52 1.60 1.33 cdfhimrstw * node-1
192.168.0.123  7 98 4 0.15 0.45 0.47 cdfhimrstw - node-2
192.168.0.125  7 98 4 0.45 0.65 0.53 cdfhirstw  - node-3

軟件平臺(tái)連接

此時(shí)我們平臺(tái)已經(jīng)成功連接到ES集群，此刻ES集群搭建到此結(jié)束