elasticsearch (cluster)
Case version: elasticsearch 8.6.2
Operating system: CentOS 7
Note: Use normal user operations throughout the process.
0. Node information
| node | describe |
|---|---|
| 192.168.127.10 | master |
| 192.168.127.11 | slave |
| … | slave02 |
1. Environment configuration
1.1 Modify the file /etc/security/limits.conf
Adjust the maximum open file descriptors of a process (nofile),
the maximum number of user processes (nproc), and
the maximum locked memory address space (memlock)
# 添加以下内容
* soft nofile 65536
* hard nofile 65536
* soft nproc 65536
* hard nproc 65536
* soft memlock unlimited
* hard memlock unlimited
# 重启服务配置
systemctl daemon-reload
# 查看
ulimit -a
1.2 Modify the file /etc/sysctl.conf
The default maximum number of system virtual memory mappings is 65530, which cannot meet the requirements of the ES system and needs to be adjusted to more than 262144.
vi /etc/sysctl.conf
# 主要是配置系统最大打开文件描述符数,建议修改为655360或者更高
fs.file-max=655360
# 影响Java线程数量,用于限制一个进程可以拥有的VMA(虚拟内存区域)的大小,系统默认是65530,建议修改成262144或者更高
vm.max_map_count = 262144
# 重新加载生效
sysctl -p
1.3 Adjust JVM running memory
Mainly to optimize the JVM memory resources of elasticsearch. It can be set according to the memory situation. The general recommendation for production is half of the machine's memory and no more than 32G.
vi elasticsearch-8.6.2/config/jvm.options
# 新增
-Xms2g
-Xmx2g
1.4 Modify the file /etc/security/limits.d/20-nproc.conf
Operating system: CentOS 7.x
* soft nproc 4096
# 修改为:
* soft nproc 20480
# 改完后执行如下指令刷新:
sysctl -p
2. Upload and decompress
# 所有节点上传安装目录并解压
tar -zxvf elasticsearch-6.8.23.tar.gz
3. Password certificate authentication settings
3.1 Generate certificate
# 进入安装bin目录
cd elasticsearch-8.6.2/
./bin/elasticsearch-certutil ca
# 第一个是描述,不填跳过;第二是密码,输入123456(设置自己的密码)
# 会生成elastic-stack-ca.p12的文件
3.2 Generate key
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
# 输入上一步的密码123456,要输入路径直接回车,生成在当前目录下
3.3 Migrate the credential address to the config directory
# 创建目录
mkdir ./config/certs
# 移动凭证至指定目录下
mv ./elastic-certificates.p12 ./config/certs/
# 移动凭证至集群其他节点
scp config/certs/elastic-certificates.p12 [email protected]:/home/elasticsearch/elasticsearch-8.6.2/config/certs/
3.4 Add keystore password to each cluster node
# 输入生成证书时的密码:123456
./bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
./bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
4. elasticsearch.yml configuration
master configuration:
# 集群名称
cluster.name: my-application
# 结点名称 多个结点名称不同
node.name: node_1
# 日志和索引存储地址
path.data: /home/elasticsearch/es_data
path.logs: /home/elasticsearch/es_logs
# 服务器地址
network.host: 192.168.127.10
# 端口号
http.port: 9200
# 其他结点的路径
discovery.seed_hosts: ["192.168.127.10", "192.168.127.11"]
cluster.initial_master_nodes: ["node_1", "node_2"]
# 设置证书密码访问
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /home/elasticsearch/elasticsearch-8.6.2/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /home/elasticsearch/elasticsearch-8.6.2/config/certs/elastic-certificates.p12
# 服务器启动会主动连接GeoLite2(一种免费的IP地理位置数据库),不需要时禁用,不然会报错
ingest.geoip.downloader.enabled: false
Slave configuration (if there are multiple nodes, just configure as many as needed):
# 集群名称
cluster.name: my-application
# 结点名称 多个结点名称不同
node.name: node_2
# 日志和索引存储地址
path.data: /home/elasticsearch/es_data
path.logs: /home/elasticsearch/es_logs
# 服务器地址
network.host: 192.168.127.11
# 端口号
http.port: 9200
# 其他结点的路径
discovery.seed_hosts: ["192.168.127.10", "192.168.1127.11"]
cluster.initial_master_nodes: ["node_1", "node_2"]
# 设置证书密码访问
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /home/elasticsearch/elasticsearch-8.6.2/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /home/elasticsearch/elasticsearch-8.6.2/config/certs/elastic-certificates.p12
# 服务器启动会主动连接GeoLite2(一种免费的IP地理位置数据库),不需要时禁用,不然会报错
ingest.geoip.downloader.enabled: false
5. Start the ES service
Do not start elasticsearch with the root user.
cd elasticsearch-6.8.23/bin
./elasticsearch
# 后台启动
./elasticsearch -d
6. Set the cluster access password
You need to start the ES service normally first.
Many passwords will be set: elastic, apm_system, kibana, kibana_system, logstash_system, beats_system, all set here to 123456
./bin/elasticsearch-setup-passwords interactive
Reset/update password
./bin/elasticsearch-reset-password -u elastic
7. Browser access
# 可以单独访问每台服务器
# 需要输入账号密码:elastic 123456
http://192.168.127.10:9200
http://192.168.127.11:9200
# 查看各节点情况
http://192.168.127.10:9200/_cat/nodes
elasticsearch.yml configuration instructions
# ---------------------------------- Cluster -----------------------------------
# 多台服务器同一集群,名称要一致;不同集群,名称要保持唯一性。
cluster.name: my-application # 集群名称
# ------------------------------------ Node ------------------------------------
# 同一集群下节点,要保持唯一性。
node.name: node-1 # 节点名称
# 主节点:负责管理集群级别的任务,例如对索引进行分片和副本分配,以及协调节点之间的数据复制和恢复过程。当一个主节点失效时,会重新选举一个新的主节点;一个集群中,最好只有少数几个主节点,以避免过多的选举和资源浪费。
node.master: true # 是否可以被选举为主节点
# 数据节点:在一个集群中,数据节点负责存储和处理数据,即对文档增删改查、聚合等操作。
node.data: true # 是否可以存储数据
# 为了确保集群的稳定性和可靠性,建议集群中至少设置3个节点。在这种情况下,可以设置2个数据数据,1个主节点。
# ----------------------------------- Paths ------------------------------------
# 设置索引数据的存储路径,默认是elasticsearch根目录下的data文件夹,可以设置多个存储路径,用逗号隔开。
path.data: /path/to/data # 数据目录
# 设置日志文件的存储路径,默认是elasticsearch根目录下的logs文件夹
path.logs: /path/to/logs # 日志目录
# 默认es的日志和数据存储放在es的安装目录,这种在升级情况下很容易被删掉。推荐指定非安装目录的路径
# ---------------------------------- Memory ------------------------------------
# 此配置项一般设置为true用来锁住物理内存,默认为:true。
# linux下可以通过“ulimit -l” 命令查看最大锁定内存地址空间(memlock)是不是unlimited
bootstrap.memory_lock: true
# ---------------------------------- Network -----------------------------------
# 设置为所在主机ip。帮助每个节点找到其他节点,以便节点能够识别并通信,从而建立集群
network.host: 192.168.0.1 # 节点绑定的IP或域名
#
# network.host: 0.0.0.0 会将节点绑定到所有的网络接口和IP地址上,这可能导致安全和通信问题;
# 安全问题:
# ES将在所有可用的网络接口上公开,使得它更容易遭受攻击。攻击者可直接通过任何可用的网络接口访问ES,而不需要任何认证和授权。这可能导致数据泄露、损坏和其他问题。
# 通信问题:
# 将ES绑定到所有可用的网络接口上可能导致网络问题。可能出现网络堵塞、延迟和其他通信问题,从而影响集群的性能和可用性。
# 因此,建议将network.host设置为节点的实际IP和主机名,以确保节点绑定到正确的接口和地址。这样每个节点才能找到其他节点,从而建立集群。
# 对外提供服务的http端口,默认为9200。如果同一台设备上运行多个ES,则需要设置不同的值。
# 如果不想使用HTTP API,可以设置 http.port: -1,以禁用API。这将使ES只能通过Transport API进行通信。
# 如果使用Kibana或其他工具与ES进行交互,则需要启用HTTP API
http.port: 9200 # HTTP API监听的端口号。http请求端口
# --------------------------------- Discovery ----------------------------------
# 集群节点间交互通信的TCP端口,默认是9300
# transport.tcp.port: 9300
# 指定了要用于发现其他节点的主机列表。在建立集群时,可以将已知的节点IP或主机名添加到此列表中
# 默认为空,这意味着节点将不会主动发现其他节点。如果是建立集群,需要设置此项包含其他节点,以便在启动时找到其他节点。
discovery.seed_hosts: ["host1", "host2"]
# 不需要设置端口,因为在ES中节点之间通信默认使用9300端口(传输、协调)和9200端口(用于HTTP REST API)
# 指定集群中初始主节点。在启动集群时,必须指定一个或多个初始主节点。默认为“node-1”
# 指定多个节点时,ES会在启动时,会在其中选择一个初始主节点。
# 一般数量为奇数,以便在发生故障时能够进行正确的投票和决策。
cluster.initial_master_nodes: ["node-1", "node-2"]
# ---------------------------------- Various -----------------------------------
# 默认为1。这意味着当集群中启动一个节点时,就开始执行恢复操作。但,如果集群节点数量太少,则可能导致性能下降。因此,可以指定启动多少个节点后才开始执行恢复操作,这个设置可以优化集群的性能和可用性。
# 恢复操作是指节点重启或加入集群时,ES自动恢复丢失或损坏的所以分片。索引分片是ES中的基本存储单元,它将索引数据分成多个部分以便分布式存储和处理。
# 当一个节点重启或加入集群时,它会丢失一部分索引分片,导致数据不完整或不可用。为了解决这个问题,ES会自动执行恢复操作,将丢失的分片从其他节点复制回来。
gateway.recover_after_nodes: 3
# --------------------------------------------------------------------------------
# 允许来自任何地方的HTTP API连接
http.host: 0.0.0.0
# 设置证书密码访问
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /home/elasticsearch/elasticsearch-8.6.2/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /home/elasticsearch/elasticsearch-8.6.2/config/certs/elastic-certificates.p12
# 服务器启动会主动连接GeoLite2(一种免费的IP地理位置数据库),不需要时禁用,不然会报错
ingest.geoip.downloader.enabled: false
es deployment – FAQ
1. Update map database
1.1 Question
[ERROR][o.e.i.g.GeoIpDownloader] [node-1] exception during geoip databases updateorg.elasticsearch.ElasticsearchException: not all primary shards of [.geoip_databases] index are active
- solve
Modify elasticsearch.yml
# ES启动时会去更新地图的一些数据库,直接禁掉即可
ingest.geoip.downloader.enabled: false
2. Unable to access after startup
2.1 Browser cannot access
The reason is that Elasticsearch has enabled security authentication under Windows. Although started successfully, accessing http://localhost:9200/ failed.
[WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [node-1] received
plaintext http traffic on an https channel, closing connection Netty4HttpChannel
{localAddress=/172.168.102.183:9200, remoteAddress=/172.168.161.66:49222}
-
solve
Modify elasticsearch.yml
# 把安全认证开关从原先的true都改成false,实现免密登录访问即可
xpack.security.enabled: false # 改成false
xpack.security.enrollment.enabled: true
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
enabled: false # 改成false
keystore.path: certs/http.p12
2.2 Other devices cannot access
Local curl localhost:9200 is successfully accessed, but other machines cannot be accessed through IP.
$ vi elasticsearch-6.8.23/config/elasticsearch.yml
# 配置所有用户可访问
network.host: 0.0.0.0
3. Start error reporting
3.1 which: no java in
$ ./bin/elasticsearch
which: no java in (/opt/gvm/jdk1.8/bin:/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/gvmuser/.local/bin:/home/gvmuser/bin:/home/gvmuser/jdk1.8/bin:/home/gvmuser/jdk1.8/jre/bin)
warning: Falling back to java on path. This behavior is deprecated. Specify JAVA_HOME
could not find java; set JAVA_HOME
-
solve
Install jdk.
3.2、max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]
ERROR: [1] bootstrap checks failed
[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]
- solve
vi /etc/security/limits.conf
# 追加以下内容
* soft nofile 65536
* hard nofile 65536
# 重启服务配置
systemctl daemon-reload
# 或修改后重新登录终端,使其生效
3.3、max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
The default maximum number of system virtual memory mappings is 65530, which cannot meet the requirements of the ES system and needs to be adjusted to more than 262144.
ERROR: [1] bootstrap checks failed
[1]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
- solve
vi /etc/sysctl.conf
#添加参数
vm.max_map_count = 262144
#重新加载生效
sysctl -p
4. GeoLite2-ASN.mmdb database
The version in question: elasticsearch-8.6.2
[ERROR][o.e.i.g.GeoIpDownloader ] [node-1] error downloading geoip database [GeoLite2-ASN.mmdb]
java.net.SocketTimeoutException: Connect timed out
- solve
GeoLite2/GeoIP global ASN-IP offline positioning library, official website address: https://dev.maxmind.com/geoip/geolocate-an-ip?lang=en
This library is not needed now, but elasticsearch needs to connect to this library when it starts, so the configuration of this connection needs to be turned off so that this library will not be connected at startup.
vim config/elasticsearch.yml
# 添加配置:
ingest.geoip.downloader.enabled: false
5. Unable to discover other nodes
master not discovered yet, this node has not previously joined a bootstrapped cluster, and this node must discover master-eligible nodes [node-1, node-2] to bootstrap a cluster: have discovered [{
node-1}{
l_KqE-gYTimBZbrvK9ijsQ}{
2dYWd9TWTyqQToa-g8wB1w}{
node-1}{
192.168.127.10}{
192.168.127.10:9300}{
cdfhilmrstw}]; discovery will continue using [192.168.127.11:9300] from hosts providers and [{
node-1}{
l_KqE-gYTimBZbrvK9ijsQ}{
2dYWd9TWTyqQToa-g8wB1w}{
node-1}{
192.168.127.10}{
192.168.127.10:9300}{
cdfhilmrstw}] from last-known cluster state; node term 0, last-accepted version 0 in term 0
- solve
# 查看防火墙状态
service firewalld status
# 发现防火墙是开着的 Active: active (running)
# 关闭防火墙
service firewalld stop
6. Cluster UUID
This node is a fully-formed single-node cluster with cluster UUID [ObqnTkiHQiGyFc5H2yywCQ], but it is configured as if to discover other nodes and form a multi-node cluster via the [discovery.seed_hosts=[192.168.127.11]] setting. Fully-formed clusters do not attempt to discover other nodes, and nodes with different cluster UUIDs cannot belong to the same cluster. The cluster UUID persists across restarts and can only be changed by deleting the contents of the node's data path(s). Remove the discovery configuration to suppress this message.
-
solve
If it has been started before creating a new cluster, the data directory needs to be deleted.
7. The word segmenter cannot be used
The corresponding plugin-descriptor.properties file cannot be found.
java.lang.IllegalStateException: Could not load plugin descriptor for plugin directory [elasticsearch-analysis-ansj-8.3.3]
Likely root cause: java.nio.file.NoSuchFileException: /home/hd/elasticsearch-8.3.3/plugins/
elasticsearch-analysis-ansj-8.3.3/plugin-descriptor.properties
-
solve
The reason is that the content of the compressed package is not complete enough. When downloading, elasticsearch-analysis-ik-version number.zip should be downloaded from the official website instead of source code.zip and elasticsearch-analysis-ansj-8.3.3.tar.gz.
Portal: [Deploy ik word segmenter]
Portal: [Deploy kibana visualization platform]