es8.8 集群安装笔记

es8.8 集群安装笔记

    • 配置集群
      • 第一步 修改配置文件

本次安装使用centos8
3节点安装:
192.168.182.142
192.168.182.143
192.168.182.144

官网 可以查看详细的安装,安装步骤比较简单
https://www.elastic.co/guide/en/elasticsearch/reference/8.8/rpm.html#rpm-repo

直接安装,需要配置仓库cd  /etc/yum.repos.d/vielasticsearch.repo[elasticsearch]
name=Elasticsearch repository for 8.x packages
baseurl=https://artifacts.elastic.co/packages/8.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=0
autorefresh=1
type=rpm-mdsudo yum install --enablerepo=elasticsearch elasticsearch  -y开机启动
sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable elasticsearch.service
启动/停止
sudo systemctl start elasticsearch.service
sudo systemctl stop elasticsearch.service
查看状态
sudo systemctl status elasticsearch.servicejournalctl --unit elasticsearch修改系统最大文件句柄数(修改后需要重启系统才能生效)
# vi /etc/security/limits.conf
*       soft    nproc   65535
*       hard    nproc   65535
*       soft    nofile  65535
*       hard    nofile  65535reboot修改最大虚拟内存vi /etc/sysctl.conf
vm.max_map_count=655360

访问需要用https https://127.0.0.1:9200/
默认用户 elastic
密码就是安装的时候打印到屏幕上的密码

配置集群

8.8 使用 创建token 这一招,没有奏效,于是乎在官网各种爬。

第一步 修改配置文件

node1

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: es
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: node1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
network.host: 192.168.182.143
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
discovery.seed_hosts: ["192.168.182.142", "192.168.182.143","192.168.182.144"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes: ["node1", "node2", "node3"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Allow wildcard deletion of indices:
#
#action.destructive_requires_name: false#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically      
# generated to configure Elasticsearch security features on 01-07-2023 14:38:29
#
# --------------------------------------------------------------------------------# Enable security features
xpack.security.autoconfiguration.enabled : true
xpack.security.enabled: truexpack.security.enrollment.enabled: true
xpack.security.transport.ssl.verification_mode: none# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:enabled: truekeystore.path: certs/http.p12# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:enabled: trueverification_mode: certificatekeystore.path: certs/elastic-certificates.p12truststore.path: certs/elastic-certificates.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
#cluster.initial_master_nodes: ["localhost.localdomain"]# Allow HTTP API connections from anywhere
# Connections are encrypted and require user authentication
http.host: 0.0.0.0# Allow other nodes to join the cluster from anywhere
# Connections are encrypted and mutually authenticated
transport.host: 0.0.0.0
transport.port: 9300#----------------------- END SECURITY AUTO CONFIGURATION -------------------------
node.roles: [master,data]

主要修改点:
····
cluster.name: es
node.name: node1
network.host: 192.168.182.143
添加如下两个节点启动之后不会自动创建集群
discovery.seed_hosts: [“192.168.182.142”, “192.168.182.143”,“192.168.182.144”]
cluster.initial_master_nodes: [“node1”, “node2”, “node3”]
transport.host: 0.0.0.0
transport.port: 9300
node.roles: [master,data]

····

配置文件修改完成之后,启动节点。报错如下:

[2023-07-08T00:24:27,553][WARN ][o.e.x.c.s.t.n.SecurityNetty4Transport] [node2] client did not trust this server's certificate, closing connection Netty4TcpChannel{localAddress=/192.168.182.143:9300, remoteAddress=/192.168.182.144:36500, profile=default}
[2023-07-08T00:24:28,420][WARN ][o.e.d.PeerFinder         ] [node2] address [192.168.182.142:9300], node [null], requesting [false] discovery result: [][192.168.182.142:9300] connect_exception: Failed execution: 

原因是因为没有配置通信证书。

找到一篇安全配置的文章
es安全配置

生成证书:
生成集群节点证书:

生成ca证书
./bin/elasticsearch-certutil ca
使用ca证书生成集群通信证书
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

把证书复制到其他节点/etc/elasticsearch/certs 目录中

把证书密钥添加至本地密钥库

./bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password./bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password

节点更新完成之后重启各个节点,查看节点状态,集群创建成功。
在这里插入图片描述
状态查询
curl -XGET"http://localhost:9200/_cluster/health?pretty=true"
查询Elasticsearch运行状态
curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200
查询集群节点信息
curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200/_cluster/health?pretty=true

curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200/_cat/nodes

142 qvKpUo1_T1yqgkpn_KMk

生成token
/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node

/usr/share/elasticsearch/bin/elasticsearch-certutil cert

/usr/share/elasticsearch/bin/elasticsearch --enrollment-token eyJ2ZXIiOiI4LjguMiIsImFkciI6WyIxOTIuMTY4LjE4Mi4xNDI6OTIwMCJdLCJmZ3IiOiIxNDdjOWE5NGMwZDUwNTk2NWMwYWE0MmEyNDg3YzVkMjUyMWYzNjc5Y2QxZmMxOTBmYTg5ZDUxOTJlOTM1NjE4Iiwia2V5IjoibTkzMUZJa0JtRy1SVjJfNjZfYzk6M0hZN0Mxam5Uak9LWEVJQTJpN3BjUSJ9

常见问题汇总:

1.ERROR: Skipping security auto configuration because it appears that the node is not starting up for the first time. The node might already be part of a cluster and this auto setup utility is designed to configure Security for new clusters only

这个是因为安装好之后启动过一次,之后注册节点没成功。

2.Skipping security auto configuration because this node is configured to bootstrap or to join a multi-node cluster, which is not supported

不能删除安全项配置,

xpack.security.enabled: truexpack.security.enrollment.enabled: true# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:enabled: truekeystore.path: certs/http.p12# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:enabled: trueverification_mode: certificatekeystore.path: certs/transport.p12truststore.path: certs/transport.p12
  1. ERROR: Skipping security auto configuration because it appears that security is already configured

    安装好之后配置了集群但是注册失败,具体原因还得继续排除

  2. java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors

    这种问题是开启了安全模式,各个节点没有配置证书的原因导致

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.hqwc.cn/news/14704.html

如若内容造成侵权/违法违规/事实不符,请联系编程知识网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

MySQL练习题(3)

创建数据库插入数据 CREATE TABLE emp ( empno int(4) NOT NULL, ename varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL, job varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL, mgr int(4) NULL DEFAULT N…

win11病毒和防护功能显示‘页面不可用’的解决方法

问题如上图所示,试了很多种方法,有一种是可以用的,记录一下。 步骤: 1、搜索框输入cmd,以管理员身份运行命令提示符 2、输入 第一条代码 reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows D…

Django_re_path_使用正则匹配url

与path定义的路由相比,re_path 定义的路由可以使用正则表达式匹配url。 需要注意的是: 如果未定义匹配结果的变量名,匹配的结果默认传入视图的第2个形参。如果定义了匹配结果的变量名,匹配的结果会传给视图的同名字段&#xff0…

vscode安装+配置+使用+调试【保姆级教程】

1. VScode是什么 Visual Studio Code简称VS Code,是一款跨平台的、免费且开源的现代轻量级代码编辑器,支持几乎主流开发语言的语法高亮、智能代码补全、自定义快捷键、括号匹配和颜色区分、代码片段提示、代码对比等特性,也拥有对git的开箱即…

Linux 多线程

线程概念 我们都知道,当一个程序运行起来的时候,系统会进行一系列操作,比如创建一个task_struct 结构体对象, 然后创建一块虚拟地址空间,在内存中开辟一块空间,并且用页表将虚拟地址空间映射到内存上去。 那…

电视访问Samba

文章目录 问题描述方案一:当贝播放器方案二:nPlayer方案三:Kodi 问题描述 本人使用小米 AX9000 路由器 移动硬盘组了个轻 NAS,想通过电视访问 Samba 看视频(也可以电脑开 SMB) 开启 Samba 功能 文件夹开…

软件分享:Cpu-Z电脑CPU检测工具介绍(附下载)

目录 一、软件介绍 二、功能介绍 三、使用方法 1、通过 CPU-Z 查看 CPU 信息 2、缓存信息 3、主板信息 4、内存信息 5、内存规格信息(SPD) CPU是计算机中负责读取指令,对指令译码,并执行指令的核心部件。CPU自产生以来&am…

机器学习与深度学习——自定义函数进行线性回归模型

机器学习与深度学习——自定义函数进行线性回归模型 目的与要求 1、通过自定义函数进行线性回归模型对boston数据集前两个维度的数据进行模型训练并画出SSE和Epoch曲线图,画出真实值和预测值的散点图,最后进行二维和三维度可视化展示数据区域。 2、通过…

Stable Diffusion 图片生成AI模型 Windows Mac部署指南

Stable Diffusion是2022年发布的深度学习文本到图像生成模型。它主要用于根据文本的描述产生详细图像,它也可以应用于其他任务,如内补绘制、外补绘制,以及在提示词​(英语)指导下产生图生图的翻译。 DreamStudio 现已…

第163天:应急响应-后门攻击检测指南Rookit内存马权限维持WINLinux

知识点 #知识点 -网页篡改与后门攻击防范应对指南 主要需了解:异常特征,处置流程,分析报告等 主要需了解:日志存储,Webshell检测,分析思路等 掌握: 中间件日志存储,日志格式内容介绍…

数据分析实战(基础篇):从数据探索到模型解释

前言 本文着重介绍数据分析实战的基础知识和技巧,探索从数据探索到建模再到模型解释的完整过程内容包含数据探索、模型建立、调参技巧、SHAP模型解释数据来源于kaggle平台,crab age prediction数据集,数据详情 数据说明 数据背景 螃蟹味道…

Matlab数学建模实战——(Lokta-Volterra掠食者-猎物方程)

1.题目 问题1 该数学建模的第一问和第二问主要是用Matlab求解微分方程组,直接编程即可。 求解 Step1改写 y(1)ry(2)f Step2得y的导数 y(1).2y(1)-ay(1)*y(2)y(2).-y(2)a*y(1)*y(2) Step3编程 clear; a0.01; F(t,y)[2*y(1)-a*y(1)*y(2);-y(2)a*y(1)*y(2)]; […