elastic单机多节点集群搭建

在一台主机上部署多个elastic node

    QQ_1764569884348

 部署步骤

      1.设置主机名

           echo 192.168.19.199  instance >> /etc/hosts

       2.设置系统参数

        echo vm.max_map_count=262144 >> /etc/sysctl.conf && sysctl -p

      3.创建相关目录

          mkdir -p /data/elasticsearch/{node1,node2,node3}
          chown -R admin:admin /data/elasticsearch

         mkdir -p /var/log/elasticsearch/{node1,node2,node3}
         chown -R admin:admin /var/log/elasticsearch/

配置文件目录创建

     cp -r /data/elastic/elasticsearch-7.8.0/config /data/elastic/elasticsearch-7.8.0/config/node1
     cp -r /data/elastic/elasticsearch-7.8.0/config /data/elastic/elasticsearch-7.8.0/config/node2
     cp -r /data/elastic/elasticsearch-7.8.0/config /data/elastic/elasticsearch-7.8.0/config/node3

     1.修改配置文件elasticsearch.yml

cluster.name: multi-node-cluster
node.name: node-1
path.data: /data/elasticsearch/node1
path.logs: /var/log/elasticsearch/node1
network.host: 0.0.0.0
http.port: 9200
transport.port: 9300
discovery.seed_hosts: ["192.168.19.199:9300","192.168.19.199:9301","192.168.19.199:9302"]
cluster.initial_master_nodes: ["node-1", "node-2", "node-3"]
xpack.license.self_generated.type: basic
xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /data/elastic/certs/instance/instance.key
xpack.security.http.ssl.certificate: /data/elastic/certs/instance/instance.crt
xpack.security.http.ssl.certificate_authorities: /data/elastic/certs/ca/ca.crt
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /data/elastic/certs/instance/instance.key
xpack.security.transport.ssl.certificate: /data/elastic/certs/instance/instance.crt
xpack.security.transport.ssl.certificate_authorities: /data/elastic/certs/ca/ca.crt
node1/elasticsearch.yml
cluster.name: multi-node-cluster
node.name: node-2
path.data: /data/elasticsearch/node2
path.logs: /var/log/elasticsearch/node2
network.host: 0.0.0.0
http.port: 9201
transport.port: 9301
discovery.seed_hosts: ["192.168.19.199:9300","192.168.19.199:9301","192.168.19.199:9302"]
cluster.initial_master_nodes: ["node-1", "node-2", "node-3"]
xpack.license.self_generated.type: basic
xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /data/elastic/certs/instance/instance.key
xpack.security.http.ssl.certificate: /data/elastic/certs/instance/instance.crt
xpack.security.http.ssl.certificate_authorities: /data/elastic/certs/ca/ca.crt
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /data/elastic/certs/instance/instance.key
xpack.security.transport.ssl.certificate: /data/elastic/certs/instance/instance.crt
xpack.security.transport.ssl.certificate_authorities: /data/elastic/certs/ca/ca.crt
node2/elasticsearch.yml
cluster.name: multi-node-cluster
node.name: node-3
path.data: /data/elasticsearch/node3
path.logs: /var/log/elasticsearch/node3
network.host: 0.0.0.0
http.port: 9202
transport.port: 9302
discovery.seed_hosts: ["192.168.19.199:9300","192.168.19.199:9301","192.168.19.199:9302"]
cluster.initial_master_nodes: ["node-1","node-2","node-3"]
xpack.license.self_generated.type: basic
xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /data/elastic/certs/instance/instance.key
xpack.security.http.ssl.certificate: /data/elastic/certs/instance/instance.crt
xpack.security.http.ssl.certificate_authorities: /data/elastic/certs/ca/ca.crt
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /data/elastic/certs/instance/instance.key
xpack.security.transport.ssl.certificate: /data/elastic/certs/instance/instance.crt
xpack.security.transport.ssl.certificate_authorities: /data/elastic/certs/ca/ca.crt
node3/elasticsearch.yml

 

证书生成配置  

      ./elasticsearch-certutil cert --ip 192.168.19.199 --days 3650  --pem

      把生成的certificate-bundle.zip拷贝到/data/elastic/certs/ 并且解压

       chown -R admin:admin /data/elastic/

       所有的node共同使用/data/elastic/certs/ca/ca.crt证书

java安全策略文件的修改

        修改elasitc使用的jdk目录下的java.policy   &&  vi /data/elastic/elasticsearch-7.8.0/jdk/conf/security/java.policy

       permission java.io.FilePermission "/data/elastic/certs/-", "read";
       permission java.io.FilePermission "/data/elastic/certs/", "read";

         把这两行加入到grant {}中

      QQ_1764570751407

 启动node服务

      source /etc/profile && ES_PATH_CONF=/data/elastic/elasticsearch-7.8.0/config/node1 /data/elastic/elasticsearch-7.8.0/bin/elasticsearch

      source /etc/profile && ES_PATH_CONF=/data/elastic/elasticsearch-7.8.0/config/node2 /data/elastic/elasticsearch-7.8.0/bin/elasticsearch

      source /etc/profile && ES_PATH_CONF=/data/elastic/elasticsearch-7.8.0/config/node3 /data/elastic/elasticsearch-7.8.0/bin/elasticsearch

      ES_PATH_CONF=/data/elastic/elasticsearch-7.8.0/config/node1 nohup /data/elastic/elasticsearch-7.8.0/bin/elasticsearch &

      ES_PATH_CONF=/data/elastic/elasticsearch-7.8.0/config/node2 nohup /data/elastic/elasticsearch-7.8.0/bin/elasticsearch &

      ES_PATH_CONF=/data/elastic/elasticsearch-7.8.0/config/node3 nohup /data/elastic/elasticsearch-7.8.0/bin/elasticsearch &

 

创建用户名密码

  ./elasticsearch-setup-passwords  interactive  --batch --url  https://192.168.19.199:9200

   错误处理  

09:38:53.388 [main] WARN org.elasticsearch.common.ssl.DiagnosticTrustManager - failed to establish trust with server at [instance]; the server provided a certificate with subject name [CN=instance] and fingerprint [efaa15984c348a693711fe29ce37d4079209f204]; the certificate has subject alternative names [IP:192.168.19.199]; the certificate is issued by [CN=Elastic Certificate Tool Autogenerated CA] but the server did not provide a copy of the issuing certificate in the certificate chain; this ssl context ([(shared)]) is not configured to trust that issuer
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

   QQ_1764571234494

keytool -importcert -file "/data/elastic/certs/ca/ca.crt" -keystore "/data/elastic/elasticsearch-7.8.0/jdk/lib/security/cacerts" -alias "Elasticsearch CA"
keytool -list -keystore /data/elastic/elasticsearch-7.8.0/jdk/jre/lib/security/cacerts -storepass changeit
keytool -list -keystore /data/elastic/elasticsearch-7.8.0/jdk/jre/lib/security/cacerts -storepass changeit | grep -i elastic
keytool -delete -alias "Elasticsearch CA" -keystore /data/elastic/elasticsearch-7.8.0/jdk/jre/lib/security/cacerts -storepass changeit
java证书链管理

      keytool -importcert -file "/data/elastic/certs/ca/ca.crt" -keystore "/data/elastic/elasticsearch-7.8.0/jdk/lib/security/cacerts" -alias "Elasticsearch CA"

      QQ_1764571502200

       QQ_1764572055464

 验证集群状态

          curl -u elastic:Transfar@2024 --insecure https://192.168.19.199:9200/_cat/nodes

      QQ_1764572006745

 搭建完成

 

posted @ 2025-12-01 14:55  不懂123  阅读(3)  评论(0)    收藏  举报