概述

在之前的文章中,我们一直搭建的其实都是单实例的 ElasticSearch 的服务。
而在生产环境中,为了保证服务的高可用和水平扩展能力,我们需要部署为 ElasticSearch 集群的模式。

节点功能说明

在之前的核心概念讲解中,我们已经讲解了 ElasticSearch 中不同节点类型的功能。
在生产环境中,我们建议每个节点只承担一个角色,如下表所示:

节点类型 node.master node.data node.ingest
Master节点 true false false
Data节点 false true false
Ingest节点 false false true
Coordinate节点 false false false

每个节点的承担单一角色的优势如下:

  • 可以根据不同节点的类型选择合适的资源;
  • 高可用
  • 高性能

典型集群模式

下面,我们来介绍一个典型的 ElasticSearch 集群的架构:
image.png
如上图所示,集群中部署了三种类型的节点:

  • 3个Master节点(为防止脑裂,Master节点数目应该是奇数);
  • n个Data节点,n可以根据数据量的变化来动态的增减;
  • m个Coordinating节点,m可以根据数据写入/查询速率来控制;
  • m个Kibana实例,kibana实例可以和Coordinating节点同机部署;
  • 最前面通过一个 LoadBalance 来对外提供服务。

实战部署

下面,我们就以上述的典型集群模式的架构为例,来部署一套高可用、可扩展的 ElasticSearch 集群。
首先,我们来先来部署 Master 节点,示例配置如下:

  1. # --------------------------------- Basic ----------------------------------
  2. cluster.name: elasticsearch
  3. node.name: elasticsearch-master-1/2/3
  4. node.master: true
  5. node.data: false
  6. node.ingest: false
  7. node.ml: false
  8. network.host: 0.0.0.0
  9. http.port: 9200
  10. transport.tcp.port: 9300
  11. # --------------------------------- Discovery ----------------------------------
  12. discovery.zen.minimum_master_nodes: 2
  13. discovery.zen.ping.unicast.hosts: ["10.10.10.1", "10.10.10.2", "10.10.10.3", "10.10.10.4", "10.10.10.5", "10.10.10.6", "10.10.10.7", "10.10.10.8"]
  14. # ---------------------------------- Secure -----------------------------------
  15. xpack.security.enabled: true
  16. xpack.security.transport.ssl.enabled: true
  17. xpack.security.transport.ssl.verification_mode: certificate
  18. xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
  19. xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
  20. xpack.security.http.ssl.enabled: true
  21. xpack.security.http.ssl.keystore.path: certs/elastic-certificates.p12
  22. xpack.security.http.ssl.truststore.path: certs/elastic-certificates.p12

接下来,我们来看一下 Data 节点,示例配置如下:

  1. # --------------------------------- Basic ----------------------------------
  2. cluster.name: elasticsearch
  3. node.name: elasticsearch-data-1/2/3
  4. node.master: false
  5. node.data: true
  6. node.ingest: false
  7. node.ml: false
  8. network.host: 0.0.0.0
  9. http.port: 9200
  10. transport.tcp.port: 9300
  11. # --------------------------------- Discovery ----------------------------------
  12. discovery.zen.minimum_master_nodes: 2
  13. discovery.zen.ping.unicast.hosts: ["10.10.10.1", "10.10.10.2", "10.10.10.3", "10.10.10.4", "10.10.10.5", "10.10.10.6", "10.10.10.7", "10.10.10.8"]
  14. # ---------------------------------- Secure -----------------------------------
  15. xpack.security.enabled: true
  16. xpack.security.transport.ssl.enabled: true
  17. xpack.security.transport.ssl.verification_mode: certificate
  18. xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
  19. xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
  20. xpack.security.http.ssl.enabled: true
  21. xpack.security.http.ssl.keystore.path: certs/elastic-certificates.p12
  22. xpack.security.http.ssl.truststore.path: certs/elastic-certificates.p12

然后,我们来部署 Coordinating 节点,实例配置如下:

  1. # --------------------------------- Basic ----------------------------------
  2. cluster.name: easyenv-elasticsearch
  3. node.name: easyenv-elasticsearch-escoordinating-2
  4. node.master: false
  5. node.data: false
  6. node.ingest: true
  7. node.ml: false
  8. network.host: 0.0.0.0
  9. http.port: 9200
  10. transport.tcp.port: 9300
  11. # --------------------------------- Discovery ----------------------------------
  12. discovery.zen.minimum_master_nodes: 2
  13. discovery.zen.ping.unicast.hosts: ["10.10.10.1", "10.10.10.2", "10.10.10.3", "10.10.10.4", "10.10.10.5", "10.10.10.6", "10.10.10.7", "10.10.10.8"]
  14. # ---------------------------------- Secure -----------------------------------
  15. xpack.security.enabled: true
  16. xpack.security.transport.ssl.enabled: true
  17. xpack.security.transport.ssl.verification_mode: certificate
  18. xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
  19. xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
  20. xpack.security.http.ssl.enabled: true
  21. xpack.security.http.ssl.keystore.path: certs/elastic-certificates.p12
  22. xpack.security.http.ssl.truststore.path: certs/elastic-certificates.p12

最后,我们在每个 Coordinating 节点所在的机器上再部署一个 Kibana 实例吧,配置如下:

  1. server.port: 5601
  2. server.host: "0.0.0.0"
  3. server.name: "kibana"
  4. server.basePath: "/kibana"
  5. server.rewriteBasePath: true
  6. elasticsearch.hosts: ["https://10.10.10.1:9200", "http://10.10.10.2:9200"]
  7. elasticsearch.username: "kibana_system"
  8. elasticsearch.password: "kibana_system"
  9. elasticsearch.ssl.certificateAuthorities: [ "/home/work/kibana-7.14.0-linux-x86_64/config/certs/elastic-ca.pem" ]
  10. elasticsearch.ssl.verificationMode: certificate
  11. i18n.locale: "zh-CN"

此外,我们其实还可以再部署一个 Nginx 作为统一的流量入口和负载均衡,其中 Nginx 的配置如下:

  1. user  work;
  2. worker_processes  48;
  4. error_log  logs/error.log  info;
  5. pid        logs/nginx.pid;
  7. events {
  8.     worker_connections  1024;
  9. }
  11. http {
  12.     include       mime.types;
  13.     default_type  application/octet-stream;
  14.     sendfile        on;
  15.     keepalive_timeout  65;
  17.     upstream kibana {
  18.         ip_hash;
  19.         server 10.10.10.1:5601;
  20.         server 10.10.10.2:5601;
  21.     }
  23.     server {
  24.         client_max_body_size 3000m;
  25.         listen 80;
  26.         location /kibana {
  27.             proxy_pass http://kibana;
  28.             proxy_set_header X-Real-IP $remote_addr;
  29.             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  30.             proxy_http_version 1.1;
  31.         }
  32.     }
  33. }