ES集群效果
檢查集群狀況
集群搭建步驟
FROM 192.168.30.113/library/java:latest ENV TZ=Asia/Shanghai RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo '$TZ' > /etc/timezone COPY elasticsearch /elasticsearch RUN adduser elasticsearch RUN chown -R elasticsearch:elasticsearch /elasticsearch ENTRYPOINT ["/bin/bash","/elasticsearch/bin/start-escluster.sh"]
#!/bin/bash #change es config ordinal=`env | grep podname | cut -d"=" -f2 | cut -d"-" -f2` hostip=`env | grep hostip | cut -d"=" -f2` seed_hosts=`env | grep seed_hosts | cut -d"=" -f2` let severid=$ordinal+1 let hport=9700+$ordinal let tport=9800+$ordinal #sed -i "s/network.publish_host:.*/network.publish_host: $hostip/g" /elasticsearch/config/elasticsearch.yml sed -i "s/discovery.seed_hosts:.*/discovery.seed_hosts: $seed_hosts/g" /elasticsearch/config/elasticsearch.yml if [ $ordinal -eq 0 ]; then sed -i "s/node.data:.*/node.data: false/g" /elasticsearch/config/elasticsearch.yml else sed -i "s/node.name:.*/node.name: node$severid/g" /elasticsearch/config/elasticsearch.yml #sed -i "s/http.port:.*/http.port: $hport/g" /elasticsearch/config/elasticsearch.yml #sed -i "s/transport.tcp.port:.*/transport.tcp.port: $tport/g" /elasticsearch/config/elasticsearch.yml sed -i "s/node.data:.*/node.data: true/g" /elasticsearch/config/elasticsearch.yml fi # start es cluster echo "start es cluster........" su - elasticsearch -c /elasticsearch/bin/elasticsearch
啟動pod的時候傳遞根據需要創建pod的數量傳遞對應的環境變量參數
把master的pod映射到主機進行訪問
1.創建一個DNS記錄
2.通過主機瀏覽器訪問ES集群
ES集群證書生成
1.添加卷映射
2.在pod中生成證書和密碼
./elasticsearch-certutil cert --ip 192.168.30.106 --out /elasticsearch/config/certs/elastic-stack-ca.zip --pem
./elasticsearch-setup-passwords interactive --batch --url https://192.168.30.106:39200
3.修改elastic的配置yml文件,添加certs證書認證
cluster.name: "taishi-escluster" node.name: node1 network.host: 0.0.0.0 http.port: 9200 transport.tcp.port: 9300 bootstrap.memory_lock: false cluster.initial_master_nodes: [ "node1" ] http.cors.enabled: true http.cors.allow-origin: "*" node.master: true node.data: false discovery.seed_hosts: ["127.0.0.1:9300"] xpack.license.self_generated.type: basic xpack.security.enabled: true xpack.security.http.ssl.enabled: true xpack.security.http.ssl.key: /elasticsearch/config/certs/instance/instance.key xpack.security.http.ssl.certificate: /elasticsearch/config/certs/instance/instance.crt xpack.security.http.ssl.certificate_authorities: /elasticsearch/config/certs/ca/ca.crt xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.key: /elasticsearch/config/certs/instance/instance.key xpack.security.transport.ssl.certificate: /elasticsearch/config/certs/instance/instance.crt xpack.security.transport.ssl.certificate_authorities: /elasticsearch/config/certs/ca/ca.crt
4.驗證https登錄es
5.集群https訪問成功
6.總結
1.需要手動執行命令生成證書和密碼
2.需要手動傳入所有pod的名稱discovery.seed_hosts.示例 : ["elastic-0.elastic","elastic-1.elastic"]
3.需要手動把證書目錄拷貝到集群的所有主機的映射卷上
7.程序訪問es
雖然在瀏覽器中可以通過集群中任何一個主機的39200端口訪問es集群 但是通過程序訪問的時候就必須設置在生成證書時候指定的IP地址 否則會出現下面的錯誤
在生成證書的時候指定的IP是30.106 那么在應用中配置es連接信息的時候就只能用30.106不能用集群中的其他IP地址
修改成在命令中指定的主機
缺點
同一個主機上如果被分配同一個類型的多個Pod,這些Pod掛載的卷是同一個主機目錄.這種情況Pod中的數據存儲是會發生異常的。
在集群的規划上.集群中的每個主機上只能運行一個類型相同的有狀態的Pod.無狀態的Pod可以運行多個
可以做個端口映射每次在主機上啟動一個Pod,就監聽主機上一個指定的端口。這樣當主機上再啟動另外一個Pod的時候由於主機端口被占用而無法成功運行
ES重啟集群不需要重新生成證書
Kibana的安裝
1.拉取一個kibana的鏡像
2.映射pod中kibana應用的配置文件目錄
3.配置kibana.yml文件內容
server.name: kibana server.host: "0" #xpack.monitoring.ui.container.elasticsearch.enabled: true ## #### X-Pack security credentials ## elasticsearch.hosts: [ "https://192.168.30.106:39200/" ] monitoring.ui.container.elasticsearch.enabled: true elasticsearch.username: kibana_system elasticsearch.password: Trar@123 elasticsearch.ssl.certificateAuthorities: /usr/share/kibana/config/ca.crt elasticsearch.ssl.verificationMode: certificate server.ssl.enabled: true server.ssl.certificate: /usr/share/kibana/config/instance.crt server.ssl.key: /usr/share/kibana/config/instance.key
4.創建kibana的service
5.訪問kibana頁面
ES容器集群自動生成證書
1.使用sidecar模式來自動為es生成證書
2.查看日志
3.sidecar容器啟動腳本
#!/bin/bash ordinal=`env | grep podname | cut -d"=" -f2 | cut -d"-" -f2` hostip=`env | grep hostip | cut -d"=" -f2` passwd=`env | grep espassword | cut -d"=" -f2` esport=9200 num=0 CAFile="/elasticsearch/config/certs/elastic-stack-ca.zip" if [ $ordinal -eq 0 ]; then while [[ $num -le 0 ]] do num=`ss -anp | grep $esport | wc -l` echo "檢測es服務未啟動................" done if [ ! -f "$CAFile" ]; then echo "開始創建es證書..............." /elasticsearch/bin/elasticsearch-certutil cert --ip $hostip --out /elasticsearch/config/certs/elastic-stack-ca.zip --pem echo "證書生成完畢.............." echo "開始解壓CA證書.............." cd /elasticsearch/config/certs/ && unzip ./elastic-stack-ca.zip echo "解壓CA證書完畢................" else echo "CA證書文件已經存在,不需要重新生成........." fi echo "開始生成用戶名和密碼" echo $passwd expect <<EOF spawn /elasticsearch/bin/elasticsearch-setup-passwords interactive --batch --url https://$hostip:$esport expect { "elastic" { send "$passwd\n";exp_continue} "elastic" { send "$passwd\n";exp_continue} "apm_system" { send "$passwd\n";exp_continue} "apm_system" { send "$passwd\n";exp_continue} "kibana_system" { send "$passwd\n";exp_continue} "kibana_system" { send "$passwd\n";exp_continue} "logstash_system" { send "$passwd\n";exp_continue} "logstash_system" { send "$passwd\n";exp_continue} "beats_system" { send "$passwd\n";exp_continue} "beats_system" { send "$passwd\n";exp_continue} "remote_monitoring_user" { send "$passwd\n";exp_continue} "remote_monitoring_user" { send "$passwd\n"} } expect eof EOF echo "用戶名和密碼生成完畢................." fi tail -f /dev/null
4.es主容器啟動腳本
#!/bin/bash #change es config ordinal=`env | grep podname | cut -d"=" -f2 | cut -d"-" -f2` hostip=`env | grep hostip | cut -d"=" -f2` seed_hosts=`env | grep seed_hosts | cut -d"=" -f2` let severid=$ordinal+1 let hport=9700+$ordinal let tport=9800+$ordinal #sed -i "s/network.publish_host:.*/network.publish_host: $hostip/g" /elasticsearch/config/elasticsearch.yml sed -i "s/discovery.seed_hosts:.*/discovery.seed_hosts: $seed_hosts/g" /elasticsearch/config/elasticsearch.yml if [ $ordinal -eq 0 ]; then sed -i "s/node.data:.*/node.data: false/g" /elasticsearch/config/elasticsearch.yml else sed -i "s/node.name:.*/node.name: node$severid/g" /elasticsearch/config/elasticsearch.yml #sed -i "s/http.port:.*/http.port: $hport/g" /elasticsearch/config/elasticsearch.yml #sed -i "s/transport.tcp.port:.*/transport.tcp.port: $tport/g" /elasticsearch/config/elasticsearch.yml sed -i "s/node.data:.*/node.data: true/g" /elasticsearch/config/elasticsearch.yml fi # start es cluster echo "start es cluster........" su - elasticsearch -c /elasticsearch/bin/elasticsearch
5. 重新生成es密碼
1.刪除elasticsearch目錄下的data下的文件即可
2.刪除elasticsearch目錄下的config目錄下的elasticsearch.keystore
命令行初始化ES數據
curl -XGET 192.168.30.75:9200/_cat/templates
curl -XGET https://192.168.30.75:9200/_cat/templates --insecure
curl -XGET https://elastic:Transfar@123@192.168.30.75:9200/_cat/templates --insecure
curl --user elastic:Transfar@123 -XGET https://192.168.30.75:9200/_cat/templates --insecure
初始化es的索引模板
curl --insecure --user elastic:Transfar@123 -XPUT https://192.168.30.75:9200/_template/event '{'
{"error":{"root_cause":[{"type":"parse_exception","reason":"request body is required"}],"type":"parse_exception","reason":"request body is required"},"status":400}
curl --insecure --user elastic:Transfar@123 -XPUT https://192.168.30.75:9200/_template/event -d'{
{"error":"Content-Type header [application/x-www-form-urlencoded] is not supported","status":406}
-H 表示提交消息的類型
curl --insecure -H "Content-Type: application/json" --user elastic:Transfar@123 -XPUT https://192.168.30.75:9200/_template/event -d'{ "order" : 0, "index_patterns" : [ "event*" ], "settings" : { "index" : { "number_of_shards" : "2", "number_of_replicas" : "1", "refresh_interval": "30s" } }, "mappings" : { "properties" : { "src_port" : { "type" : "long" }, "log_id" : { "type" : "keyword" }, "event_id" : { "type" : "keyword" }, "event_type" : { "type" : "keyword" }, "occur_time" : { "type" : "date" }, "dst_address" : { "type" : "ip" }, "src_address" : { "type" : "ip" }, "dst_port" : { "type" : "long" }, "receive_time" : { "type" : "date" }, "event_name" : { "type" : "keyword" }, "dev_address" : { "type" : "keyword" }, "event_type_name" : { "type" : "keyword" } } }, "aliases" : { } }'
