CentOS 7 elasticsearch-6.5.3 cluster
环境准备
系统版本:CentOS Linux release 7.5.1804 (Core)
服务器IP
172.16.88.23 node3 172.16.88.24 node4 172.16.88.25 node5
角色分配
node3(es-master elasticsearch-head kibana) node4(es-slave) node5(es-slave)
关闭防火墙
关闭防火墙
# systemctl stop firewalld
# systemctl disable firewalld
检查selinux的状态
# getenforce (Disabled状态)
如果状态不对,请修改配置文件
# vim /etc/selinux/config
系统参数配置
新增用户es,用于启动 # useradd es 设置vm.max_map_count的大小 # vim /etc/sysctl.conf vm.max_map_count=655360 设置ulimit的大小 # vim /etc/security/limits.conf * hard nofile 65536 * soft nofile 65536 es hard nofile 65536 es soft nofile 65536 安装java的JDK(直接下载rpm安装) 下载地址: https://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html 安装完成后重启服务器
配置elasticsearch
上传下载好的资料到服务器node3 elasticsearch下载地址: https://www.elastic.co/cn/downloads Search Guard插件下载地址: https://docs.search-guard.com/latest/search-guard-versions 在线证书生成地址(用于测试实验): TLS Certificate Generator 离线证书下载地址: https://repo1.maven.org/maven2/com/floragunn/search-guard-tlstool/1.6/ 创建软件目录elk # mkdir -p /data/elk 上传需要使用的软件,软件详情 elasticsearch-6.5.3.tar.gz logstash-6.5.3.tar.gz search-guard-kibana-plugin-6.5.3-18.zip kibana-6.5.3-linux-x86_64.tar.gz search-guard-6-6.5.3-24.1.zip search-guard-tlstool-1.6.tar.gz 进入elasticsearch的bin目录 # /data/elk/elasticsearch-6.5.3/bin 安装search-guard插件(离线安装方式) # ./elasticsearch-plugin install file:///data/elk/search-guard-6-6.5.3-24.1.zip 创建tls目录,解压tlstool工具 # cd /data/elk && mkdir tls # tar xf search-guard-tlstool-1.6.tar.gz -C tls 解压后有三个子目录 config 配置文件目录,工具可以根据配置文件模板为你生成证书 dep 工具所依赖的jar包 tools 生成证书的脚本 在config目录example.yml生成模板 # cp example.yml node3.yml 修改node3.yml的配置内容 node配置说明 node-01 node-02 node-03 可以对应ES集群中的node节点名称 dns: 此项注意后面会用上。 ip 与es集群ip对应 client配置 上面的配置是client端证书生成用于client端访问es用的 xxx 替换成公司域名 xxx.com baidu.com xxx即 baidu node3的配置内容,仅供参考 ca: root: dn: CN=root.ca.test.com,OU=CA,O=test Com\, Inc.,DC=test,DC=com keysize: 2048 validityDays: 3650 pkPassword: auto file: root-ca.pem intermediate: dn: CN=signing.ca.test.com,OU=CA,O=test Com\, Inc.,DC=test,DC=com keysize: 2048 validityDays: 3650 pkPassword: auto crlDistributionPoints: URI:https://raw.githubusercontent.com/floragunncom/unittest-assets/master/revoked.crl defaults: validityDays: 3650 pkPassword: auto generatedPasswordLength: 12 httpsEnabled: true nodes: - name: node3 dn: CN=node3.test.com,OU=Ops,O=test Com\, Inc.,DC=test,DC=com dns: node3.test.com ip: 172.16.88.23 - name: node4 dn: CN=node4.test.com,OU=Ops,O=test Com\, Inc.,DC=test,DC=com dns: node4.example.com ip: 172.16.88.24 - name: node5 dn: CN=node5.test.com,OU=Ops,O=test Com\, Inc.,DC=test,DC=com dns: node5.test.com ip: 172.16.88.25 clients: - name: kibana dn: CN=kibana.test.com,OU=Ops,O=test Com\, Inc.,DC=test,DC=com admin: true 证书生成,进入tools目录 # chmod +x sgtlstool.sh # ./sgtlstool.sh -c ../config/node3.yml -ca -crt 证书在tools目录的out目录下 根证书: root-ca.key root-ca.pem root-ca.readme signing-ca.key signing-ca.pem 节点证书(每个节点五个文件): node3_elasticsearch_config_snippet.yml node3_http.key node3_http.pem node3.key node3.pem 客户端证书: client-certificates.readme kibana.key kibana.pem 拷贝证书到elasticsearch软件的config目录,并重命名 # mv out /data/elk/elasticsearch-6.5.3/config/key 拷贝证书到elasticsearch-6.5.3/plugins/search-guard-6/tools # 配置elasticsearch.yml # cp elasticsearch.yml elasticsearch.yml.bak node3节点的配置详情 cluster.name: es-cluster node.name: node-03 node.master: true node.data: true bootstrap.memory_lock: false bootstrap.system_call_filter: false network.host: 172.16.88.23 http.port: 9200 discovery.zen.ping.unicast.hosts: ["172.16.88.23"] http.cors.enabled: true http.cors.allow-origin: "*" http.cors.allow-headers: "Authorization,X-Requested-With,Content-Length,Content-Type" xpack.security.enabled: false searchguard.ssl.transport.pemcert_filepath: key/node3.pem searchguard.ssl.transport.pemkey_filepath: key/node3.key searchguard.ssl.transport.pemkey_password: bSOZ14quf2SA searchguard.ssl.transport.pemtrustedcas_filepath: key/root-ca.pem searchguard.ssl.transport.enforce_hostname_verification: false searchguard.ssl.transport.resolve_hostname: false searchguard.ssl.http.enabled: true searchguard.ssl.http.pemcert_filepath: key/node3_http.pem searchguard.ssl.http.pemkey_filepath: key/node3_http.key searchguard.ssl.http.pemkey_password: SkE65ES8DXjb searchguard.ssl.http.pemtrustedcas_filepath: key/root-ca.pem searchguard.nodes_dn: - CN=node3.test.com,OU=Ops,O=test Com\, Inc.,DC=test,DC=com - CN=node4.test.com,OU=Ops,O=test Com\, Inc.,DC=test,DC=com - CN=node5.test.com,OU=Ops,O=test Com\, Inc.,DC=test,DC=com searchguard.authcz.admin_dn: - CN=kibana.test.com,OU=Ops,O=test Com\, Inc.,DC=test,DC=com searchguard.audit.type: internal_elasticsearch searchguard.enable_snapshot_restore_privilege: true searchguard.check_snapshot_restore_write_privileges: true searchguard.restapi.roles_enabled: ["sg_all_access"] cluster.routing.allocation.disk.threshold_enabled: false node.max_local_storage_nodes: 3 node4和node5配置根据实际情况做更改 启动elasticsearch # chown -R es:es /data/elk # su es # cd /data/elk/elasticsearch-6.5.3 # ./bin/elasticsearch -d & 无异常和报错后,激活searchguard # cd /data/elk/elasticsearch-6.5.3/plugins/search-guard-6/tools # chmod +x *.sh # ./sgadmin.sh -h 172.16.88.23 -p 9300 -cacert root-ca.pem -cert kibana.pem -key kibana.key -keypass SPatLfgHUEtj -nhnv -icl -cd ../sgconfig 在浏览器访问node3节点https://172.16.88.23:9200 输入默认账号密码admin admin,出现如下显示 { "name" : "node-03", "cluster_name" : "es-cluster", "cluster_uuid" : "7zCfP2hWQXOmzsorCC9CJw", "version" : { "number" : "6.5.3", "build_flavor" : "default", "build_type" : "tar", "build_hash" : "159a78a", "build_date" : "2018-12-06T20:11:28.826501Z", "build_snapshot" : false, "lucene_version" : "7.5.0", "minimum_wire_compatibility_version" : "5.6.0", "minimum_index_compatibility_version" : "5.0.0" }, "tagline" : "You Know, for Search" } elasticsearch配置完成
配置elasticsearch-head
安装软件依赖包 # yum install -y git bzip2 nmp nodejs #cd /data/elk # git clone https://github.com/mobz/elasticsearch-head.git 安装grunt # cd elasticsearch-head # npm install -g grunt --registry=https://registry.npm.taobao.org # npm install 修改配置 elasticsearch-head下Gruntfile.js文件
修改 _site/app.js 修改http://localhost:9200字段到本机ES端口与IP
启动head插件服务 需要检查elasticsearch.yml 是否支持跨域,没有需要添加后重启 是否支持跨域 http.cors.enabled: true *表示支持所有域名 http.cors.allow-origin: "*" # /data/elk/elasticsearch-head/node_modules/grunt/bin/grunt server & 在浏览器上面访问 http://172.16.88.23:9100/?base_uri=https://172.16.88.23:9200&auth_user=admin&auth_password=admin 能正常看到集群的连接信息
kibana配置
先到软件的bin目录,安装search-guard插件 # cd /data/elk/kibana-6.5.3-linux-x86_64/bin # ./kibana-plugin install file:///data/elk/search-guard-kibana-plugin-6.5.3-18.zip 安装完成后,配置config目录的kibana.yml 参考配置如下 server.port: 5601 server.host: "0.0.0.0" elasticsearch.url: "https://172.16.88.23:9200" elasticsearch.username: "admin" elasticsearch.password: "admin" elasticsearch.ssl.verificationMode: none elasticsearch.requestHeadersWhitelist: [ "Authorization", "sgtenant" ] xpack.monitoring.enabled: false xpack.graph.enabled: false xpack.ml.enabled: false xpack.watcher.enabled: false xpack.security.enabled: false 启动程序 # /data/elk/kibana-6.5.3-linux-x86_64/bin/kibana & 浏览器访问(输入账号密码admin) http://172.16.88.23:5601
浙公网安备 33010602011771号