一、序
本次搭建以容器化形式进行测试,其中二进制部署相关配置可参考此文档。本文档搭建ES版本为7.6.2
docker pull elasticsearch:7.6.2
二、搭建ES集群
注意修改机器系统配置
ES1
cluster.name: escluster
node.name: es1
node.master: true
node.data: true
http.port: 9200
transport.tcp.port: 9300
network.host: 0.0.0.0
cluster.initial_master_nodes: ["192.168.10.236:9300","192.168.10.236:19300","192.168.10.236:29300"]
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping_timeout: 3s
discovery.zen.ping.unicast.hosts: ["192.168.10.236:9300","192.168.10.236:19300","192.168.10.236:29300"]
ES2
cluster.name: escluster
node.name: es2
node.master: true
node.data: true
http.port: 19200
transport.tcp.port: 19300
network.host: 0.0.0.0
cluster.initial_master_nodes: ["192.168.10.236:9300","192.168.10.236:19300","192.168.10.236:29300"]
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping_timeout: 3s
discovery.zen.ping.unicast.hosts: ["192.168.10.236:9300","192.168.10.236:19300","192.168.10.236:29300"]
ES3
cluster.name: escluster
node.name: es3
node.master: true
node.data: true
http.port: 29200
transport.tcp.port: 29300
network.host: 0.0.0.0
cluster.initial_master_nodes: ["192.168.10.236:9300","192.168.10.236:19300","192.168.10.236:29300"]
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping_timeout: 3s
discovery.zen.ping.unicast.hosts: ["192.168.10.236:9300","192.168.10.236:19300","192.168.10.236:29300"]
# discovery.zen.minimum_master_nodes解析:https://blog.csdn.net/zuodaoyong/article/details/104719508
- 启动节点,端口分别为9200、19200、29200
docker run -dit --name=es1 --net=host -e "ES_JAVA_OPTS=-Xms2g -Xmx2g" -v /root/es/es1/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro elasticsearch:7.6.2 docker run -dit --name=es2 --net=host -e "ES_JAVA_OPTS=-Xms2g -Xmx2g" -v /root/es/es2/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro elasticsearch:7.6.2 docker run -dit --name=es3 --net=host -e "ES_JAVA_OPTS=-Xms2g -Xmx2g" -v /root/es/es3/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro elasticsearch:7.6.2
三、扩容
- 新增节点,修改配置文件
ES3
cluster.name: escluster
node.name: es4
node.master: true
node.data: true
http.port: 39200
transport.tcp.port: 39300
network.host: 0.0.0.0
cluster.initial_master_nodes: ["192.168.10.236:9300","192.168.10.236:19300","192.168.10.236:29300","192.168.10.236:39300"]
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping_timeout: 3s
discovery.zen.ping.unicast.hosts: ["192.168.10.236:9300","192.168.10.236:19300","192.168.10.236:29300","192.168.10.236:39300"]
- 启动新节点
docker run -dit --name=es4 --net=host -e "ES_JAVA_OPTS=-Xms2g -Xmx2g" -v /root/es/es4/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro elasticsearch:7.6.2
四、集群添加密码,并添加节点
4.1 生成证书
docker exec -it es1 /bin/bash
./bin/elasticsearch-certutil ca
#集群中的任意一个节点生成证书和私钥
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
#拷贝证书到本地
docker cp es1:/usr/share/elasticsearch/elastic-certificates.p12 .
chmod 644 elastic-certificates.p12
拷贝证书到另外两个节点
docker cp elastic-certificates.p12 es2:/usr/share/elasticsearch/config
docker cp elastic-certificates.p12 es3:/usr/share/elasticsearch/config
#存储密码 每一个节点都要执行
docker exec -it es2 /bin/bash
./bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
./bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
docker exec -it es2 /bin/bash
./bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
./bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
4.2 修改配置文件
配置文件添加如下内容
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
4.3 设置密码
docker exec -it es1 /bin/bash
./bin/elasticsearch-setup-passwords interactive 手动
./bin/elasticsearch-setup-passwords auto 自动
4.4 加入新节点
配置文件如上几节介绍,外加4.2增加的文件
docker run -dit --name=es4 --net=host -e "ES_JAVA_OPTS=-Xms2g -Xmx2g" -v /root/es/es4/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro elasticsearch:7.6.2
# 此时启动会报错,因为没有拷贝证书
docker cp elastic-certificates.p12 es4:/usr/share/elasticsearch/config/
docker restart es4
至此节点添加完成