在CentOS 7上部署Elasticsearch 6.3.x集群并配置X-Pack功能
一、环境准备与系统配置
部署节点需满足最低1GB内存要求,建议使用三台服务器组成集群:
- 节点1:192.168.1.107(主控节点)
- 节点2:192.168.1.108
- 节点3:192.168.1.109
软件版本信息如下:
- Elasticsearch 6.3.2
- OpenJDK 1.8.0(推荐小版本号为奇数的稳定版本)
- Kibana 6.3.2
部署前需完成以下操作:
- 关闭防火墙及SELinux(生产环境按需调整)
- 同步系统时间,建议使用公网NTP服务或自建NTP服务器
二、安装与配置Elasticsearch集群
1. 安装Java运行环境
所有节点均需安装相同版本的JDK 1.8:
[root@es-node1 ~]# rpm -ivh jdk-8u25-x64.rpm
Preparing... ########################################### [100%]
1:jdk1.8.0_181 ########################################### [100%]
配置Java环境变量:
[root@es-node1 ~]# cat /etc/profile.d/java.sh
export JAVA_HOME=/usr/java/latest
export CLASSPATH=$JAVA_HOME/lib/tools.jar
export PATH=$JAVA_HOME/bin:$PATH
[root@es-node1 ~]# . /etc/profile.d/java.sh
[root@es-node1 ~]# java -version
java version "1.8.0_181"
2. 部署Elasticsearch
解压并创建软链接:
[root@es-node1 ~]# tar xf elasticsearch-6.3.2.tar.gz -C /usr/local/
[root@es-node1 ~]# cd /usr/local/
[root@es-node1 local]# ln -sv elasticsearch-6.3.2/ elasticsearch
修改JVM堆内存设置(避免超过物理内存一半):
[root@es-node1 config]# vim jvm.options
-Xms400m
-Xmx400m
编辑核心配置文件:
[root@es-node1 config]# cp elasticsearch.yml elasticsearch.yml-bak
[root@es-node1 config]# vim elasticsearch.yml
cluster.name: my-app
node.name: node-1.107
path.data: /Data/es/data
path.logs: /Data/es/logs
bootstrap.memory_lock: true
network.host: 192.168.1.107
http.port: 9200
discovery.zen.ping.unicast.hosts: ["192.168.1.107", "192.168.1.108", "192.168.1.109"]
discovery.zen.minimum_master_nodes: 2
3. 调整系统资源限制
编辑用户资源上限配置:
[root@es-node1 ~]# vim /etc/security/limits.conf
* soft nofile 65536
* hard nofile 131072
* soft nproc 2048
* hard nproc 4096
* soft memlock unlimited
* hard memlock unlimited
4. 设置内核参数
[root@es-node1 ~]# vim /usr/lib/sysctl.d/50-default.conf
vm.max_map_count=362144
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
[root@es-node1 ~]# sysctl -p
5. 创建专用用户并授权目录
[root@es-node1 ~]# useradd elastic
[root@es-node1 ~]# echo "123456" | passwd --stdin elastic
[root@es-node1 ~]# mkdir -p /Data/es/
[root@es-node1 ~]# chown -R elastic:elastic /Data/es/
[root@es-node1 ~]# chown -R elastic:elastic /usr/local/elasticsearch-6.3.2/
# 退出当前会话,重新登录生效
[root@es-node1 ~]# exit
6. 启动Elasticsearch服务
[root@es-node1 ~]# su - elastic
[elastic@es-node1 ~]$ cd /usr/local/elasticsearch
[elastic@es-node1 elasticsearch]$ nohup ./bin/elasticsearch > /tmp/elastic.log &
# 查看启动日志
[elastic@es-node1 elasticsearch]$ tailf /tmp/elastic.log
确认服务正常运行后,检查监听端口:
[elastic@es-node1 elasticsearch]$ netstat -tnlp
tcp 0 0 192.168.1.107:9200 0.0.0.0:* LISTEN 2072/java
tcp 0 0 192.168.1.107:9300 0.0.0.0:* LISTEN 2072/java
验证API响应:
[elastic@es-node1 elasticsearch]$ curl http://192.168.1.107:9200
{
"name": "node-1.107",
"cluster_name": "my-app",
"version": {
"number": "6.3.2"
}
}
三、部署Kibana可视化工具
[root@kb-node1 ~]# tar xf kibana-6.3.2-linux-x86_64.tar.gz -C /usr/local/
[root@kb-node1 ~]# cd /usr/local/
[root@kb-node1 local]# ln -sv kibana-6.3.2-linux-x86_64/ kibana
[root@kb-node1 kibana]# vim config/kibana.yml
server.port: 5601
server.host: "192.168.1.110"
elasticsearch.url: "http://192.168.1.107:9200"
[root@kb-node1 kibana]# ./bin/kibana &
访问 http://192.168.1.110:5601 可进入Kibana界面。
四、启用X-Pack功能(仅供学习交流)
由于Elasticsearch 6.3+已默认集成X-Pack,无需额外安装。通过替换核心jar包实现功能激活:
[elastic@es-node1 x-pack-core]$ mv x-pack-core-6.3.2.jar /tmp/x-pack-core-6.3.2.jar.bak
[elastic@es-node1 x-pack-core]$ cp /path/to/patched/x-pack-core-6.3.2.jar .
修改配置文件以禁用安全校验:
xpack.security.enabled: false
上传许可证文件并更新:
[elastic@es-node1 elasticsearch]$ curl -XPUT -u elastic 'http://192.168.1.107:9200/_xpack/license' \
-H "Content-Type: application/json" \
-d @license.json
Enter host password for user 'elastic': change
{"acknowledged":true,"license_status":"valid"}
五、配置SSL加密通信
1. 生成证书
[elastic@es-node1 bin]$ ./elasticsearch-certgen
2. 解压并分发证书
[elastic@es-node1 bin]$ mkdir /tmp/cert && mv cert.zip /tmp/cert/
[elastic@es-node1 bin]$ cd /tmp/cert && unzip cert.zip
[elastic@es-node1 cert]$ mv ca/* /usr/local/elasticsearch/config/
[elastic@es-node1 cert]$ mv elasticsearch/* /usr/local/elasticsearch/config/
将证书复制到其他节点:
[elastic@es-node1 config]$ scp *.crt *.key 192.168.1.108:/usr/local/elasticsearch/config/
[elastic@es-node1 config]$ scp *.crt *.key 192.168.1.109:/usr/local/elasticsearch/config/
3. 配置SSL与安全策略
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.ssl.key: elasticsearch.key
xpack.ssl.certificate: elasticsearch.crt
xpack.ssl.certificate_authorities: ca.crt
4. 重置内置用户密码
[elastic@es-node1 bin]$ ./elasticsearch-setup-passwords auto
Initiating the setup of passwords for reserved users...
Changed password for user elastic
PASSWORD elastic = 1TWVMeN8tiBy917thUxq
5. 配置Kibana认证
elasticsearch.username: "elastic"
elasticsearch.password: "1TWVMeN8tiBy917thUxq"
重启Kibana服务后,即可使用账号密码登录。
六、内置用户说明
- elastic:超级管理员,拥有全部权限
- kibana:用于Kibana连接Elasticsearch
- logstash_system:Logstash数据源管理账户
- beats_system:Beats采集器认证账户
