1.背景:当需要开发团队搭建自有elasticsearch集群时候,需要先明确具体的应用场景,进而对可用性,性能以及容量进行评估。当前实践记录主要应用场景在于业务日志记录短暂保存以便提供近期数据查询,并选择elasticsearch版本7.8.0,可用性要求三个9,每日数据量月1.5T,数据保存大约1周;
2.配置项目:
cluster.name: elast node.name: es-node-10.10 node.master: false node.data: true path.data: /data/es/data path.logs: /data/es/logs bootstrap.memory_lock: false network.host: 192.168.10.10 discovery.seed_hosts: ["192.168.10.10", "192.168.10.10", "192.168.10.10"] cluster.initial_master_nodes: ["es-node-10.10"] discovery.zen.minimum_master_nodes: 2 http.port: 9200 http.cors.enabled: true http.cors.allow-origin: "*" indices.memory.index_buffer_size: 50% thread_pool.write.queue_size: 1000 thread_pool.search.queue_size: 1000 xpack.security.enabled: true xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: elastic-certificates.p12 xpack.ml.enabled: false
3.安全认证开启说明:
1、借助elasticsearch-certutil命令生成证书 bin/elasticsearch-certutil ca -out config/elastic-certificates.p12 -pass "" bin/elasticsearch-certutil ca -out config/elastic-certificates.p12 -pass "abc123" 2、配置加密通信 xpack.security.enabled: true xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: elastic-certificates.p12 xpack.security.http.ssl.enabled: true xpack.security.http.ssl.verification_mode: certificate xpack.security.http.ssl.keystore.path: elastic-certificates.p12 xpack.security.http.ssl.truststore.path: elastic-certificates.p12 注意:如果之前节点证书设置了密码,将密码添加到 keystore bin/elasticsearch-keystore create bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password bin/elasticsearch-keystore add xpack.security.http.ssl.keystore.secure_password bin/elasticsearch-keystore add xpack.security.http.ssl.truststore.secure_password 3、重启 ES 集群:设置集群密码 注意:必须配置好xpack之后,才能设置密码。否则会报错。 auto - 随机生成密码。 interactive - 自定义不同用户的密码。 bin/elasticsearch-setup-passwords interactive
3.常见问题:https://blog.csdn.net/u012246178/article/details/63253531
- 集群 Elasticsearch7 Elasticsearch集群elasticsearch7 elasticsearch 节点 集群elasticsearch7 elasticsearch 集群elasticsearch7 elasticsearch 4.2 集群elasticsearch7 elasticsearch端口 elasticsearch7 elasticsearch7 elasticsearch realtimesignalprocessor elasticsearch7 elasticsearch elasticsearch7 elasticsearch脚本scripting elasticsearch7 elasticsearch 8.0 elasticsearch7 elasticsearch全过程 主流