ElasticSearch 7.x手工部署 - 《ES》

1、下载安装：elasticsearch-7.6.0-linux-x86_64.tar.gz
2、登录主机，创建用户

useradd elastic

3、修改limit.conf
修改最大文件打开数和不限内存锁

vim /etc/security/limits.conf 
*              soft    nproc   524288 
*              hard    nproc   524288 
*              soft    nofile  524288 
*              hard    nofile  524288 
*       soft    memlock  unlimited
*       hard    memlock  unlimited

4、修改内核配置sysctl.conf
最大mmp，禁用swap交互空间，socket最大端口范围

vim /etc/sysctl.conf
vm.max_map_count = 262144
vm.swappiness = 1
net.ipv4.ip_local_port_range = 10240    60999
执行命令：sysctl -p生效

for i in {1..12};do for j in {1..4};do mkdir -p /HDATA/${i}/es-${j}/data; done;done
for i in {1..12};do for j in {1..4};do chown -R elastic:elastic /HDATA/${i}/es-${j} ; done; done
mkdir /log/es-1 /log/es-2 /log/es-3 /log/es-4
 chown -R elastic:elastic   /log/es-1 /log/es-2 /log/es-3 /log/es-4

6、解压安装包

cd /app
tar -zxf elasticsearch-7.6.0-linux-x86_64.tar.gz
ln -s elasticsearch-7.6.0 es-1
chown -R elastic:elastic es-1/

7、检查主机可配置最大heap大小

/app/es-1/jdk/bin/java -XX:+UnlockDiagnosticVMOptions -Xlog:gc+heap+coops=info

8、修改配置文件
修改jvm.options，调整合适heap参数

-Xms30g
-Xmx30g
修改=logs为=/log/es-1

修改elasticsearch.yml内容

cluster.name: bdp-common-76 # 集群名称
node.name: 10.116.107.215:9300  #节点名称，规范： 【主机ip:es进程端口】
node.attr.rack: r1
node.master: true
node.data: false
http.port: 9200  # es 7.x版本默认开启http服务，端口默认范围：9200-9300，每个实例上指定固定端口
path.data: /HDATA/1/es-1/data,/HDATA/2/es-1/data,/HDATA/3/es-1/data
path.logs: /log/es-1
bootstrap.memory_lock: true   
network.host: 10.116.107.215
transport.tcp.port: 9300
discovery.seed_hosts: ["10.116.107.215:9300","10.116.107.216:9300","10.116.107.36:9300"]
gateway.recover_after_nodes: 9  # 建议值：nodes * 3/4
gateway.expected_nodes: 12  # 建议值：nodes num
gateway.recover_after_time: 10m
cluster.routing.allocation.same_shard.host: true
cluster.initial_master_nodes: ["10.116.107.215:9300","10.116.107.216:9300","10.116.107.36:9300"]
xpack.security.enabled: true  # 开启基础安全设置
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate 
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12

修改env，使用默认的jdk

vim /app/es-1/bin/elasticsearch-env
37行添加，
JAVA_HOME="$ES_HOME/jdk"

9、如果elastic-certificates.p12文件不存在，则创建ca证书，在其中一个node操作即可

cd /app/es-1/bin/
./elasticsearch-certutil ca
./elasticsearch-certutil cert --ca elastic-stack-ca.p12
将生成的文件拷贝至/app/es-1/config/certs/目录
同时将certs目录拷贝至其他节点

10、启动实例

su - elastic -c "/app/es-1/bin/elasticsearch -d"

11、为系统默认用户创建密码

如果keystore文件不存在，则创建
cd /app/es-1/bin
./elasticsearch-keystore create
创建密码：
./elasticsearch-setup-passwords interactive，回车之后为每一个用户设置独立的密码。记住ES实例必须启动

12、集群验证


curl -s -u elastic:bdp@elastic 10.116.107.215:9200/_cluster/health?pretty
{
  "cluster_name" : "bdp-common-76",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 12,
  "number_of_data_nodes" : 9,
  "active_primary_shards" : 4,
  "active_shards" : 8,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}

13、安装kibana