当前环境:
docker-compose安装的分机多节点 elasticsearch 7.15.0
| node1 |
192.168.1.194 |
| node2 |
192.168.1.195 |
| node3 | 192.168.1.198 |
安装参见:
https://www.cnblogs.com/xiaoyou2018/p/13754943.html
因业务需要,需要升级到8.10.4
8.X 高版本的安全加固已成必须,想不做安全都变得很困难。 8.X 高版本会在7.X版本上做的升级,低版本已知bug都已修复,理论上性能也更优。 8.X 的新特性、新 feature,只有升级才能使用。其中包括矢量搜索、近似最近邻 (ANN) 搜索、现代 NLP 和简化的 Stack 安全性等诸多亮点
流程
两步骤策略如下: 第一步:7.15.0 版本升级到 7.17.0 版本。 https://www.elastic.co/guide/en/elasticsearch/reference/7.17/rolling-upgrades.html 第二步:7.17.5 版本升级到 8.1.0 版本。 https://www.elastic.co/guide/en/elastic-stack/8.1/upgrading-elastic-stack.html#prepare-to-upgrade
1、8.0版本的elastic和7.0版本的elastic在参数配置写法有一些不同
2、8.0版本的elastic弃用掉了一些7.0版本的插件
3、elasticsearch不支持版本回滚
4、elasticsearch 8.0开始 默认不允许kibana通过elastic账户登录
https://www.elastic.co/guide/en/elasticsearch/reference/8.10/modules-discovery-settings.html
https://blog.csdn.net/qq_42123832/article/details/128517163
步骤:
1、拉取镜像
docker pull docker.elastic.co/elasticsearch/elasticsearch:8.10.4 docker pull docker.elastic.co/kibana/kibana:8.10.4 docker pull docker.elastic.co/elasticsearch/elasticsearch:7.17.0 docker pull docker.elastic.co/kibana/kibana:7.17.0
2、docker方式安装的elasticsearch无法滚动升级,只能全部停止全部所有节点上的容器
3、7.17版本yml文件
node1
version: '3.4' services: elasticsearch_node1: network_mode: host image: docker.elastic.co/elasticsearch/elasticsearch:7.17.0 container_name: elasticsearch_node1 restart: always privileged: true environment: - cluster.name=elasticsearch-cluster - node.name=node1 - node.master=true - node.data=true - http.port:9200 - transport.tcp.port:9300 - TZ=Asia/Shanghai - bootstrap.memory_lock=true - xpack.security.enabled=true - xpack.security.transport.ssl.enabled=true - xpack.security.transport.ssl.keystore.type=PKCS12 - xpack.security.transport.ssl.verification_mode=certificate - xpack.security.transport.ssl.keystore.path=elastic-certificates.p12 - xpack.security.transport.ssl.truststore.path=elastic-certificates.p12 - xpack.security.transport.ssl.truststore.type=PKCS12 - xpack.security.audit.enabled=true - search.max_buckets=100000000 - http.cors.enabled=true - http.cors.allow-origin=* - cluster.initial_master_nodes=node1 - "ES_JAVA_OPTS=-Xms8192m -Xmx8192m" ####### #如果是单台服务器 ##### #- "discovery.zen.ping.unicast.hosts=elasticsearch_n0,elasticsearch_n1,elasticsearch_n2" - discovery.zen.ping.unicast.hosts=192.168.1.194,192.168.1.195,192.168.1.198 - "discovery.zen.minimum_master_nodes=2" - discovery.zen.ping_timeout=120s - client.transport.ping_timeout=60s # 如果是拆分版,这条配置必须加上,指定当前节点访问的ip - network.publish_host=192.168.1.194 ulimits: memlock: soft: -1 hard: -1 volumes: - /data/elasticsearch/data/node1:/usr/share/elasticsearch/data - /data/elasticsearch/logs/node1:/usr/share/elasticsearch/logs - /data/elasticsearch/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12 ports: - 9200:9200 - 9300:9300 kibana: network_mode: host image: docker.elastic.co/kibana/kibana:7.17.0 container_name: kibana restart: always ports: - 5601:5601 volumes: - /etc/localtime:/etc/localtime - /opt/kibana.yml:/usr/share/kibana/config/kibana.yml:rw depends_on: - elasticsearch_node1
node2
version: '3.4' services: elasticsearch_node2: network_mode: host image: docker.elastic.co/elasticsearch/elasticsearch:7.17.0 container_name: elasticsearch_node2 restart: always privileged: true environment: - cluster.name=elasticsearch-cluster - node.name=node2 - node.master=true - node.data=true - http.port:9200 - transport.tcp.port:9300 - TZ=Asia/Shanghai - bootstrap.memory_lock=true - xpack.security.enabled=true - xpack.security.transport.ssl.enabled=true - xpack.security.transport.ssl.keystore.type=PKCS12 - xpack.security.transport.ssl.verification_mode=certificate - xpack.security.transport.ssl.keystore.path=elastic-certificates.p12 - xpack.security.transport.ssl.truststore.path=elastic-certificates.p12 - xpack.security.transport.ssl.truststore.type=PKCS12 - xpack.security.audit.enabled=true - search.max_buckets=100000000 - http.cors.enabled=true - http.cors.allow-origin=* - cluster.initial_master_nodes=node1 - "ES_JAVA_OPTS=-Xms8192m -Xmx8192m" ####### #如果是单台服务器 ##### #- "discovery.zen.ping.unicast.hosts=elasticsearch_n0,elasticsearch_n1,elasticsearch_n2" - discovery.zen.ping.unicast.hosts=192.168.1.194,192.168.1.195,192.168.1.198 - "discovery.zen.minimum_master_nodes=2" - discovery.zen.ping_timeout=120s - client.transport.ping_timeout=60s # 如果是拆分版,这条配置必须加上,指定当前节点访问的ip - network.publish_host=192.168.1.195 ulimits: memlock: soft: -1 hard: -1 volumes: - /data/elasticsearch/data/node1:/usr/share/elasticsearch/data - /data/elasticsearch/logs/node1:/usr/share/elasticsearch/logs - /data/elasticsearch/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12 ports: - 9200:9200 - 9300:9300
node3
version: '3.4' services: elasticsearch_node3: network_mode: host image: docker.elastic.co/elasticsearch/elasticsearch:7.17.0 container_name: elasticsearch_node3 restart: always privileged: true environment: - cluster.name=elasticsearch-cluster - node.name=node3 - node.master=true - node.data=true - http.port:9200 - transport.tcp.port:9300 - TZ=Asia/Shanghai - bootstrap.memory_lock=true - xpack.security.enabled=true - xpack.security.transport.ssl.enabled=true - xpack.security.transport.ssl.keystore.type=PKCS12 - xpack.security.transport.ssl.verification_mode=certificate - xpack.security.transport.ssl.keystore.path=elastic-certificates.p12 - xpack.security.transport.ssl.truststore.path=elastic-certificates.p12 - xpack.security.transport.ssl.truststore.type=PKCS12 - xpack.security.audit.enabled=true - search.max_buckets=100000000 - http.cors.enabled=true - http.cors.allow-origin=* - cluster.initial_master_nodes=node1 - "ES_JAVA_OPTS=-Xms8192m -Xmx8192m" ####### #如果是单台服务器 ##### #- "discovery.zen.ping.unicast.hosts=elasticsearch_n0,elasticsearch_n1,elasticsearch_n2" - discovery.zen.ping.unicast.hosts=192.168.1.194,192.168.1.195,192.168.1.198 - "discovery.zen.minimum_master_nodes=2" - discovery.zen.ping_timeout=120s - client.transport.ping_timeout=60s # 如果是拆分版,这条配置必须加上,指定当前节点访问的ip - network.publish_host=192.168.1.198 ulimits: memlock: soft: -1 hard: -1 volumes: - /data/elasticsearch/data/node1:/usr/share/elasticsearch/data - /data/elasticsearch/logs/node1:/usr/share/elasticsearch/logs - /data/elasticsearch/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12 ports: - 9200:9200 - 9300:9300
kibana.yml不变
先停止所有节点容器,再更新到7.17.0
4、8.10.4配置yml文件
node1
version: '3.4' services: elasticsearch_node1: network_mode: host image: docker.elastic.co/elasticsearch/elasticsearch:8.10.4 container_name: elasticsearch_node1 restart: always privileged: true environment: - cluster.name=elasticsearch-cluster - node.name=node1 # - node.master=true # - node.data=true - node.roles:[master, data] - http.port:9200 - transport.tcp.port:9300 - TZ=Asia/Shanghai - bootstrap.memory_lock=true - xpack.security.enabled:true - xpack.security.transport.ssl.enabled=true - xpack.security.transport.ssl.keystore.type=PKCS12 - xpack.security.transport.ssl.verification_mode=certificate - xpack.security.transport.ssl.keystore.path=elastic-certificates.p12 - xpack.security.transport.ssl.truststore.path=elastic-certificates.p12 - xpack.security.transport.ssl.truststore.type=PKCS12 - xpack.security.audit.enabled=true - search.max_buckets=100000000 - http.cors.enabled=true - http.cors.allow-origin= "*" - cluster.initial_master_nodes=node1,node2,node3 - "ES_JAVA_OPTS=-Xms8192m -Xmx8192m" ####### #如果是单台服务器 ##### #- "discovery.zen.ping.unicast.hosts=elasticsearch_n0,elasticsearch_n1,elasticsearch_n2" - discovery.seed_hosts=192.168.1.194,192.168.1.195,192.168.1.198 - discovery.zen.minimum_master_nodes:2 - discovery.zen.ping_timeout:120s #- client.transport.ping_timeout=60s # 如果是拆分版,这条配置必须加上,指定当前节点访问的ip - network.publish_host=192.168.1.194 ulimits: memlock: soft: -1 hard: -1 volumes: - /data/elasticsearch/data/node1:/usr/share/elasticsearch/data - /data/elasticsearch/logs/node1:/usr/share/elasticsearch/logs - /data/elasticsearch/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12 ports: - 9200:9200 - 9300:9300 kibana: network_mode: host image: docker.elastic.co/kibana/kibana:8.10.4 container_name: kibana restart: always ports: - 5601:5601 volumes: - /etc/localtime:/etc/localtime - /opt/kibana_8.10.4.yml:/usr/share/kibana/config/kibana.yml:rw depends_on: - elasticsearch_node1
node2
version: '3.4' services: elasticsearch_node2: network_mode: host image: docker.elastic.co/elasticsearch/elasticsearch:8.10.4 container_name: elasticsearch_node2 restart: always privileged: true environment: - cluster.name=elasticsearch-cluster - node.name=node2 # - node.master=true # - node.data=true - node.roles:[master, data] - http.port:9200 - transport.tcp.port:9300 - TZ=Asia/Shanghai - bootstrap.memory_lock=true - xpack.security.enabled:true - xpack.security.transport.ssl.enabled=true - xpack.security.transport.ssl.keystore.type=PKCS12 - xpack.security.transport.ssl.verification_mode=certificate - xpack.security.transport.ssl.keystore.path=elastic-certificates.p12 - xpack.security.transport.ssl.truststore.path=elastic-certificates.p12 - xpack.security.transport.ssl.truststore.type=PKCS12 - xpack.security.audit.enabled=true - search.max_buckets=100000000 - http.cors.enabled=true - http.cors.allow-origin= "*" - cluster.initial_master_nodes=node1,node2,node3 - "ES_JAVA_OPTS=-Xms8192m -Xmx8192m" ####### #如果是单台服务器 ##### #- "discovery.zen.ping.unicast.hosts=elasticsearch_n0,elasticsearch_n1,elasticsearch_n2" - discovery.seed_hosts=192.168.1.194,192.168.1.195,192.168.1.198 - discovery.zen.minimum_master_nodes:2 - discovery.zen.ping_timeout:120s #- client.transport.ping_timeout=60s # 如果是拆分版,这条配置必须加上,指定当前节点访问的ip - network.publish_host=192.168.1.195 ulimits: memlock: soft: -1 hard: -1 volumes: - /data/elasticsearch/data/node1:/usr/share/elasticsearch/data - /data/elasticsearch/logs/node1:/usr/share/elasticsearch/logs - /data/elasticsearch/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12 ports: - 9200:9200 - 9300:9300
node3
version: '3.4' services: elasticsearch_node3: network_mode: host image: docker.elastic.co/elasticsearch/elasticsearch:8.10.4 container_name: elasticsearch_node3 restart: always privileged: true environment: - cluster.name=elasticsearch-cluster - node.name=node3 # - node.master=true # - node.data=true - node.roles:[master, data] - http.port:9200 - transport.tcp.port:9300 - TZ=Asia/Shanghai - bootstrap.memory_lock=true - xpack.security.enabled:true - xpack.security.transport.ssl.enabled=true - xpack.security.transport.ssl.keystore.type=PKCS12 - xpack.security.transport.ssl.verification_mode=certificate - xpack.security.transport.ssl.keystore.path=elastic-certificates.p12 - xpack.security.transport.ssl.truststore.path=elastic-certificates.p12 - xpack.security.transport.ssl.truststore.type=PKCS12 - xpack.security.audit.enabled=true - search.max_buckets=100000000 - http.cors.enabled=true - http.cors.allow-origin= "*" - cluster.initial_master_nodes=node1,node2,node3 - "ES_JAVA_OPTS=-Xms8192m -Xmx8192m" ####### #如果是单台服务器 ##### #- "discovery.zen.ping.unicast.hosts=elasticsearch_n0,elasticsearch_n1,elasticsearch_n2" - discovery.seed_hosts=192.168.1.194,192.168.1.195,192.168.1.198 - discovery.zen.minimum_master_nodes:2 - discovery.zen.ping_timeout:120s #- client.transport.ping_timeout=60s # 如果是拆分版,这条配置必须加上,指定当前节点访问的ip - network.publish_host=192.168.1.198 ulimits: memlock: soft: -1 hard: -1 volumes: - /data/elasticsearch/data/node1:/usr/share/elasticsearch/data - /data/elasticsearch/logs/node1:/usr/share/elasticsearch/logs - /data/elasticsearch/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12 ports: - 9200:9200 - 9300:9300
kibana.yml
# ## ** THIS IS AN AUTO-GENERATED FILE ** ## # # # Default Kibana configuration for docker target server.name: kibana server.host: "0.0.0.0" #这里写你的es第一个node的地址 elasticsearch.hosts: [ "http://192.168.1.194:9200"] xpack.monitoring.ui.container.elasticsearch.enabled: false xpack.security.enabled: true elasticsearch.username: "kibana" elasticsearch.password: "xxxxxxfeN" i18n.locale: zh-CN
4、启动所有节点上的容器
至少需要启动成功两个节点,整个集群才能正常启动
http://192.168.1.194:9200/_cat/nodes?v
elasticsearch修改用户密码
./bin/elasticsearch-reset-password -u kibana -i ./bin/elasticsearch-reset-password -u elastic -i
常见报错:
value of "elastic" is forbidden. This is a superuser account that cannot write to system indices that Kibana needs to function. Use a service account token instead. Learn more: https://www.elastic.co/guide/en/elasticsearch/reference/8.0/service-accounts.html elasticsearch 8.0开始 默认不允许kibana通过elastic账户登录 https://blog.csdn.net/qq_42123832/article/details/128517163 修改kibana.yml中的user和密码为 kibana 的账户和密码
remove discovery.zen.ping.unicast.hosts setting on esMajorVersion > 7
8版本开始一些插件不支持
https://www.elastic.co/guide/en/elasticsearch/reference/8.10/modules-discovery-settings.html
{"@timestamp":"2023-11-01T09:53:10.400Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[node1][transp
ort_worker][T#4]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.node.name":"node1","elasticsearch.cluster.name":"elasticsearch-cluster"}{"@timestamp":"2023-11-01T09:53:10.400Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[node1][generi
c][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.node.name":"node1","elasticsearch.cluster.name":"elasticsearch-cluster"}{"type":"audit", "timestamp":"2023-11-01T17:53:10,400+0800", "event.type":"rest", "event.action":"authentication_failed", "user.name":"elastic", "origin.type":"rest", "origin.address":"192.168.1.61:49012", "url.path":"/nc-tag/_update_by_query", "url.query":"slices=1&requests_per_second=-1&ignore_unavailable=false&
expand_wildcards=open&allow_no_indices=true&ignore_throttled=true&timeout=1m", "request.method":"POST", "request.id":"9yPU54kIS-GBv8Nz2B3d7g", "x_forwarded_for":"122.226.100.204"}{"type":"audit", "timestamp":"2023-11-01T17:53:10,401+0800", "event.type":"rest", "event.action":"authentication_failed", "user.name":"elastic", "origin.type":"rest", "origin.address":"61.164.52.202:64821", "url.path":"/", "request.method":"GET", "request.id":"ljHLHc9PRa2CurO7eZmPLg"}
集群没有正式启动,根据配置文件,整个集群至少需要2个节点活跃
参考:
https://blog.csdn.net/laoyang360/article/details/125814482
https://www.elastic.co/guide/en/elastic-stack/8.10/upgrading-elastic-stack.html#prepare-to-upgrade
https://www.elastic.co/guide/en/elastic-stack/8.1/upgrading-elastic-stack.html
