es集群安装并添加验证
1.下载
国内镜像 https://mirrors.huaweicloud.com/elasticsearch/7.11.1/
官方:https://www.elastic.co/cn/downloads/elasticsearch
2.解压
tar -xvf elasticsearch-7.11.0-darwin-x86_64.tar.gz
3.生成节点证书
为您的群集创建证书权限。(其中要根据需要设置密码等操作)
./bin/elasticsearch-certutil ca
为群集中的每个节点生成证书和私钥。(其中要根据需要设置密码等操作)
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
生成专门用于加密 HTTP 客户端通信的其他证书(其中要根据需要设置密码等操作)
./bin/elasticsearch-certutil http
4.解压生成的http证书
将这些文件移动到 /es安装位置/config/certs/ elastic-certificates.p12 elastic-stack-ca.p12 http.p12 README.txt sample-elasticsearch.yml
5.修改配置
配置如下
node-9201
# ======================== Elasticsearch Configuration ========================= # # NOTE: Elasticsearch comes with reasonable defaults for most settings. # Before you set out to tweak and tune the configuration, make sure you # understand what are you trying to accomplish and the consequences. # # The primary way of configuring a node is via this file. This template lists # the most important settings you may want to configure for a production cluster. # # Please consult the documentation for further information on configuration options: # https://www.elastic.co/guide/en/elasticsearch/reference/index.html # # ---------------------------------- Cluster ----------------------------------- # # Use a descriptive name for your cluster: # cluster.name: es # # ------------------------------------ Node ------------------------------------ # # Use a descriptive name for the node: # node.name: node-9201 node.master: true # # Add custom attributes to the node: # #node.attr.rack: r1 # # ----------------------------------- Paths ------------------------------------ # # Path to directory where to store the data (separate multiple locations by comma): # #path.data: /path/to/data # # Path to log files: # #path.logs: /path/to/logs # # ----------------------------------- Memory ----------------------------------- # # Lock the memory on startup: # #bootstrap.memory_lock: true # # Make sure that the heap size is set to about half the memory available # on the system and that the owner of the process is allowed to use this # limit. # # Elasticsearch performs poorly when the system is swapping the memory. # # ---------------------------------- Network ----------------------------------- # # Set the bind address to a specific IP (IPv4 or IPv6): # network.host: 192.168.137.11 # # Set a custom port for HTTP: # http.port: 9201 transport.tcp.port: 9301 # # For more information, consult the network module documentation. # # --------------------------------- Discovery ---------------------------------- # # Pass an initial list of hosts to perform discovery when this node is started: # The default list of hosts is ["127.0.0.1", "[::1]"] # discovery.seed_hosts: ["192.168.137.11:9301", "192.168.137.11:9302", "192.168.137.11:9303"] # # Bootstrap the cluster using an initial set of master-eligible nodes: # cluster.initial_master_nodes: ["node-9201", "node-9202", "node-9203"] # # For more information, consult the discovery and cluster formation module documentation. # # ---------------------------------- Gateway ----------------------------------- # # Block initial recovery after a full cluster restart until N nodes are started: # #gateway.recover_after_nodes: 3 # # For more information, consult the gateway module documentation. # # ---------------------------------- Various ----------------------------------- # # Require explicit names when deleting indices: # #action.destructive_requires_name: true #禁用机器学习 xpack.ml.enabled: false http.cors.enabled: true http.cors.allow-origin: "*" #登录验证 xpack.security.enabled: true xpack.security.http.ssl.keystore.path: certs/http.p12 xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12 #为了避免脑裂,集群的最少节点数量为,集群的总节点数量除以2加一 discovery.zen.minimum_master_nodes: 2
node-9202
# ======================== Elasticsearch Configuration ========================= # # NOTE: Elasticsearch comes with reasonable defaults for most settings. # Before you set out to tweak and tune the configuration, make sure you # understand what are you trying to accomplish and the consequences. # # The primary way of configuring a node is via this file. This template lists # the most important settings you may want to configure for a production cluster. # # Please consult the documentation for further information on configuration options: # https://www.elastic.co/guide/en/elasticsearch/reference/index.html # # ---------------------------------- Cluster ----------------------------------- # # Use a descriptive name for your cluster: # cluster.name: es # # ------------------------------------ Node ------------------------------------ # # Use a descriptive name for the node: # node.name: node-9202 node.master: true # # Add custom attributes to the node: # #node.attr.rack: r1 # # ----------------------------------- Paths ------------------------------------ # # Path to directory where to store the data (separate multiple locations by comma): # #path.data: /path/to/data # # Path to log files: # #path.logs: /path/to/logs # # ----------------------------------- Memory ----------------------------------- # # Lock the memory on startup: # #bootstrap.memory_lock: true # # Make sure that the heap size is set to about half the memory available # on the system and that the owner of the process is allowed to use this # limit. # # Elasticsearch performs poorly when the system is swapping the memory. # # ---------------------------------- Network ----------------------------------- # # Set the bind address to a specific IP (IPv4 or IPv6): # network.host: 192.168.137.11 # # Set a custom port for HTTP: # http.port: 9202 transport.tcp.port: 9302 # # For more information, consult the network module documentation. # # --------------------------------- Discovery ---------------------------------- # # Pass an initial list of hosts to perform discovery when this node is started: # The default list of hosts is ["127.0.0.1", "[::1]"] # discovery.seed_hosts: ["192.168.137.11:9301", "192.168.137.11:9302", "192.168.137.11:9303"] # # Bootstrap the cluster using an initial set of master-eligible nodes: # cluster.initial_master_nodes: ["node-9201", "node-9202", "node-9203"] # # For more information, consult the discovery and cluster formation module documentation. # # ---------------------------------- Gateway ----------------------------------- # # Block initial recovery after a full cluster restart until N nodes are started: # #gateway.recover_after_nodes: 3 # # For more information, consult the gateway module documentation. # # ---------------------------------- Various ----------------------------------- # # Require explicit names when deleting indices: # #action.destructive_requires_name: true #禁用机器学习 xpack.ml.enabled: false http.cors.enabled: true http.cors.allow-origin: "*" #登录验证 xpack.security.enabled: true xpack.security.http.ssl.keystore.path: certs/http.p12 xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12 #为了避免脑裂,集群的最少节点数量为,集群的总节点数量除以2加一 discovery.zen.minimum_master_nodes: 2
node-9203
# ======================== Elasticsearch Configuration ========================= # # NOTE: Elasticsearch comes with reasonable defaults for most settings. # Before you set out to tweak and tune the configuration, make sure you # understand what are you trying to accomplish and the consequences. # # The primary way of configuring a node is via this file. This template lists # the most important settings you may want to configure for a production cluster. # # Please consult the documentation for further information on configuration options: # https://www.elastic.co/guide/en/elasticsearch/reference/index.html # # ---------------------------------- Cluster ----------------------------------- # # Use a descriptive name for your cluster: # cluster.name: es #如果是集群 集群节点的名字得一样 # # ------------------------------------ Node ------------------------------------ # # Use a descriptive name for the node: # node.name: node-9203 #节点名称 必须唯一 node.master: true #参与选举master # # Add custom attributes to the node: # #node.attr.rack: r1 # # ----------------------------------- Paths ------------------------------------ # # Path to directory where to store the data (separate multiple locations by comma): # #path.data: /path/to/data # # Path to log files: # #path.logs: /path/to/logs # # ----------------------------------- Memory ----------------------------------- # # Lock the memory on startup: # #bootstrap.memory_lock: true # # Make sure that the heap size is set to about half the memory available # on the system and that the owner of the process is allowed to use this # limit. # # Elasticsearch performs poorly when the system is swapping the memory. # # ---------------------------------- Network ----------------------------------- # # Set the bind address to a specific IP (IPv4 or IPv6): # network.host: 192.168.137.11 # # Set a custom port for HTTP: # http.port: 9203 #http端口 transport.tcp.port: 9303 #tcp端口 # # For more information, consult the network module documentation. # # --------------------------------- Discovery ---------------------------------- # # Pass an initial list of hosts to perform discovery when this node is started: # The default list of hosts is ["127.0.0.1", "[::1]"] # discovery.seed_hosts: ["192.168.137.11:9301", "192.168.137.11:9302", "192.168.137.11:9303"] #所有节点ip # # Bootstrap the cluster using an initial set of master-eligible nodes: # cluster.initial_master_nodes: ["node-9201", "node-9202", "node-9203"] #所有节点名称或ip都可以 # For more information, consult the discovery and cluster formation module documentation. # # ---------------------------------- Gateway ----------------------------------- # # Block initial recovery after a full cluster restart until N nodes are started: # #gateway.recover_after_nodes: 3 # # For more information, consult the gateway module documentation. # # ---------------------------------- Various ----------------------------------- # # Require explicit names when deleting indices: # #action.destructive_requires_name: true #禁用机器学习 xpack.ml.enabled: false http.cors.enabled: true http.cors.allow-origin: "*" #登录验证如果不需要登录就不用加这个 xpack.security.enabled: true xpack.security.http.ssl.keystore.path: certs/http.p12 xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12 #为了避免脑裂,集群的最少节点数量为,集群的总节点数量除以2加一 discovery.zen.minimum_master_nodes: 2
6.启动 ./bin/elasticsearch
浙公网安备 33010602011771号