ElasticSearch 集群部署、添加密码、添加节点

一、序

本次搭建以容器化形式进行测试,其中二进制部署相关配置可参考此文档。本文档搭建ES版本为7.6.2

docker pull elasticsearch:7.6.2

二、搭建ES集群

注意修改机器系统配置

ES1

cluster.name: escluster
node.name: es1
node.master: true
node.data: true
http.port: 9200
transport.tcp.port: 9300
network.host: 0.0.0.0
cluster.initial_master_nodes: ["192.168.10.236:9300","192.168.10.236:19300","192.168.10.236:29300"]
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping_timeout: 3s
discovery.zen.ping.unicast.hosts: ["192.168.10.236:9300","192.168.10.236:19300","192.168.10.236:29300"]

ES2

cluster.name: escluster
node.name: es2
node.master: true
node.data: true
http.port: 19200
transport.tcp.port: 19300
network.host: 0.0.0.0
cluster.initial_master_nodes: ["192.168.10.236:9300","192.168.10.236:19300","192.168.10.236:29300"]
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping_timeout: 3s
discovery.zen.ping.unicast.hosts: ["192.168.10.236:9300","192.168.10.236:19300","192.168.10.236:29300"]

ES3

cluster.name: escluster
node.name: es3
node.master: true
node.data: true
http.port: 29200
transport.tcp.port: 29300
network.host: 0.0.0.0
cluster.initial_master_nodes: ["192.168.10.236:9300","192.168.10.236:19300","192.168.10.236:29300"]
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping_timeout: 3s
discovery.zen.ping.unicast.hosts: ["192.168.10.236:9300","192.168.10.236:19300","192.168.10.236:29300"]

# discovery.zen.minimum_master_nodes解析:https://blog.csdn.net/zuodaoyong/article/details/104719508
  • 启动节点,端口分别为9200、19200、29200
    docker run -dit --name=es1 --net=host -e "ES_JAVA_OPTS=-Xms2g -Xmx2g" -v /root/es/es1/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro elasticsearch:7.6.2
    docker run -dit --name=es2 --net=host -e "ES_JAVA_OPTS=-Xms2g -Xmx2g" -v /root/es/es2/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro elasticsearch:7.6.2
    docker run -dit --name=es3 --net=host -e "ES_JAVA_OPTS=-Xms2g -Xmx2g" -v /root/es/es3/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro elasticsearch:7.6.2
    

三、扩容

  • 新增节点,修改配置文件
ES3

cluster.name: escluster
node.name: es4
node.master: true
node.data: true
http.port: 39200
transport.tcp.port: 39300
network.host: 0.0.0.0
cluster.initial_master_nodes: ["192.168.10.236:9300","192.168.10.236:19300","192.168.10.236:29300","192.168.10.236:39300"]
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping_timeout: 3s
discovery.zen.ping.unicast.hosts: ["192.168.10.236:9300","192.168.10.236:19300","192.168.10.236:29300","192.168.10.236:39300"]
  • 启动新节点
docker run -dit --name=es4 --net=host -e "ES_JAVA_OPTS=-Xms2g -Xmx2g" -v /root/es/es4/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro elasticsearch:7.6.2

四、集群添加密码,并添加节点

4.1 生成证书

docker exec -it es1 /bin/bash 
./bin/elasticsearch-certutil ca

#集群中的任意一个节点生成证书和私钥
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

#拷贝证书到本地
docker cp es1:/usr/share/elasticsearch/elastic-certificates.p12 .
chmod 644 elastic-certificates.p12
拷贝证书到另外两个节点
docker cp elastic-certificates.p12 es2:/usr/share/elasticsearch/config
docker cp elastic-certificates.p12 es3:/usr/share/elasticsearch/config

#存储密码 每一个节点都要执行
docker exec -it es2 /bin/bash
./bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
./bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password

docker exec -it es2 /bin/bash
./bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
./bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password

4.2 修改配置文件

配置文件添加如下内容

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

4.3 设置密码

docker exec -it es1 /bin/bash 
./bin/elasticsearch-setup-passwords interactive  手动
./bin/elasticsearch-setup-passwords auto 自动

4.4 加入新节点

配置文件如上几节介绍,外加4.2增加的文件

docker run -dit --name=es4 --net=host -e "ES_JAVA_OPTS=-Xms2g -Xmx2g" -v /root/es/es4/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro elasticsearch:7.6.2
# 此时启动会报错,因为没有拷贝证书
docker cp elastic-certificates.p12 es4:/usr/share/elasticsearch/config/
docker restart es4

至此节点添加完成

http://xzh.i3geek.com

发表评论

邮箱地址不会被公开。 必填项已用*标注

Captcha Code