Elasticsearch7.6 集群部署、集群认证及使用、数据备份
window 环境部署集群
注意:window下载解压elasticsearch一定需要解压多次。例如搭建的3节点的,需要解压3次,防止生成 cluster UUID 一致导致只能看到一个节点
1、elasticsearch.yml配置:
node.name区别:elastic_node1、 elastic_node2、 elastic_node3
cluster.name: elastic_cluster node.name: elastic_node1 node.master: true
node.data: true #path.data: /usr/local/elastic_node1/data
#path.logs: /usr/local/elastic_node1/logs bootstrap.memory_lock: true network.host: 0.0.0.0
network.tcp.no_delay: true
network.tcp.keep_alive: true
network.tcp.reuse_address: true
network.tcp.send_buffer_size: 256mb
network.tcp.receive_buffer_size: 256mb transport.tcp.port:
transport.tcp.compress: true http.max_content_length: 200mb
http.cors.enabled: true
http.cors.allow-origin: "*"
http.port: discovery.seed_hosts: ["127.0.0.1:9301","127.0.0.1:9302","127.0.0.1:9303"]
cluster.initial_master_nodes: ["127.0.0.1:9301","127.0.0.1:9302","127.0.0.1:9303"]
cluster.fault_detection.leader_check.interval: 15s
discovery.cluster_formation_warning_timeout: 30s
cluster.join.timeout: 30s
cluster.publish.timeout: 90s
cluster.routing.allocation.cluster_concurrent_rebalance:
cluster.routing.allocation.node_concurrent_recoveries:
cluster.routing.allocation.node_initial_primaries_recoveries:
2、依次运行生成集群
浏览器打开:http://127.0.0.1:9201/_cat/nodes?v
ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name
127.0.0.1 dilm - elastic_node3
127.0.0.1 dilm - elastic_node1
127.0.0.1 dilm * elastic_node2
3、生成证书
es集群通过证书来安全的组成集群
- 运行
bin/elasticsearch-certutil cert
注意: 密码后面需要单独设置,这里是集群安全认证,建议密码不设置,成功后生成的证书默认在es的config目录里面 elastic-certificates.p12;分别copy一份到其他节点的config里面(默认目录)
在elasticsearch.yml配置添加
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
4、给认证的集群创建用户密码
bin/elasticsearch-setup-passwords interactive
- elastic 账号:拥有 superuser 角色,是内置的超级用户。
- kibana 账号:拥有 kibana_system 角色,用户 kibana 用来连接 elasticsearch 并与之通信。Kibana 服务器以该用户身份提交请求以访问集群监视 API 和 .kibana 索引。不能访问 index。
- logstash_system 账号:拥有 logstash_system 角色。用户 Logstash 在 Elasticsearch 中存储监控信息时使用。
- beats_system账号:拥有 beats_system 角色。用户 Beats 在 Elasticsearch 中存储监控信息时使用。
5、配置kibana认证
elasticsearch.username: "kibana"
elasticsearch.password: ""
- 完整的elasticsearch.yml配置,注意不同节点node.name区别
cluster.name: elastic_cluster
node.name: elastic_node1
node.master: true
node.data: true #path.data: /usr/local/elastic_node1/data
#path.logs: /usr/local/elastic_node1/logs bootstrap.memory_lock: true network.host: 0.0.0.0
network.tcp.no_delay: true
network.tcp.keep_alive: true
network.tcp.reuse_address: true
network.tcp.send_buffer_size: 256mb
network.tcp.receive_buffer_size: 256mb transport.tcp.port:
transport.tcp.compress: true http.max_content_length: 200mb
http.cors.enabled: true
http.cors.allow-origin: "*"
http.port: discovery.seed_hosts: ["127.0.0.1:9301","127.0.0.1:9302","127.0.0.1:9303"]
cluster.initial_master_nodes: ["127.0.0.1:9301","127.0.0.1:9302","127.0.0.1:9303"]
cluster.fault_detection.leader_check.interval: 15s
discovery.cluster_formation_warning_timeout: 30s
cluster.join.timeout: 30s
cluster.publish.timeout: 90s
cluster.routing.allocation.cluster_concurrent_rebalance:
cluster.routing.allocation.node_concurrent_recoveries:
cluster.routing.allocation.node_initial_primaries_recoveries: xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
centos(docker-compose) 环境部署集群
1、docker-compose.yml配置
version: '2.2'
services:
es01:
image: elasticsearch:7.6.
container_name: es01
environment:
- node.name=es01
- cluster.name=es-docker-cluster
- discovery.seed_hosts=192.168.43.128:
- cluster.initial_master_nodes=es01,192.168.43.128:
- cluster.fault_detection.leader_check.interval=15s
- bootstrap.memory_lock=true
- http.cors.enabled=true
- http.cors.allow-origin=*
- network.host=0.0.0.0
- network.publish_host=192.168.43.129
- xpack.security.enabled=true
- xpack.security.transport.ssl.enabled=true
- "ES_JAVA_OPTS=-Xms256m -Xmx256m"
ulimits:
memlock:
soft: -
hard: -
volumes:
- ./mnt/data:/usr/share/elasticsearch/data
- ./mnt/logs:/usr/share/elasticsearch/logs
ports:
- :
- :
networks:
- elastic
cerebro:
image: lmenezes/cerebro:0.8.
container_name: cerebro
ports:
- "9000:9000"
command:
- -Dhosts..host=http://es01:9200
networks:
- elastic
volumes:
mnt:
driver: local networks:
elastic:
driver: bridge
权限问题执行 chmod -R 777 mnt/*
2、生成证书文件创建密码
- 进入容器 docker exec -it 5144d3b1dd56 /bin/bash
- 生成证书 bin/elasticsearch-certutil cert
- 复制证书并cp到其他节点 docker cp 09f57b6067e0:/usr/share/elasticsearch/elastic-certificates.p12 .
3、修改配置&&动态添加测试
version: '2.2'
services:
es01:
image: elasticsearch:7.6.
container_name: es01
environment:
- node.name=es01
- cluster.name=es-docker-cluster
- discovery.seed_hosts=192.168.43.128:
- cluster.initial_master_nodes=es01,192.168.43.128:
- cluster.fault_detection.leader_check.interval=15s
- bootstrap.memory_lock=true
- http.cors.enabled=true
- http.cors.allow-origin=*
- network.host=0.0.0.0
- network.publish_host=192.168.43.129
- xpack.security.enabled=true
- xpack.security.transport.ssl.enabled=true
- xpack.license.self_generated.type=basic
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.keystore.path=elastic-certificates.p12
- xpack.security.transport.ssl.truststore.path=elastic-certificates.p12
- "ES_JAVA_OPTS=-Xms256m -Xmx256m"
ulimits:
memlock:
soft: -
hard: -
volumes:
- ./mnt/data:/usr/share/elasticsearch/data
- ./mnt/logs:/usr/share/elasticsearch/logs
- ./mnt/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
ports:
- :
- :
networks:
- elastic
cerebro:
image: lmenezes/cerebro:0.8.
container_name: cerebro
ports:
- "9000:9000"
command:
- -Dhosts..host=http://es01:9200
networks:
- elastic
volumes:
mnt:
driver: local networks:
elastic:
driver: bridge
注意证书的位置,给权限 chmod -R 777 mnt/*
- 设置密码(建议进入主节点容器中) bin/elasticsearch-setup-passwords interactive -u 'http://es01:9200'
- 通用配置与window类似
springboot使用测试
1、引入pom
<dependency>
<groupId>org.elasticsearch</groupId>
<artifactId>elasticsearch</artifactId>
<version>7.6.</version>
</dependency> <dependency>
<groupId>org.elasticsearch.client</groupId>
<artifactId>elasticsearch-rest-client</artifactId>
<version>7.6.</version>
</dependency> <dependency>
<groupId>org.elasticsearch.client</groupId>
<artifactId>elasticsearch-rest-high-level-client</artifactId>
<version>7.6.</version>
</dependency>
2、 代码
- EsConfiguration.class
/**
* @author hdy
*/
@Configuration
public class EsConfiguration {
/**
* 集群地址
*/
private static String hosts = "192.168.43.128";
private static String hosts1 = "192.168.43.129";
private static String hosts2 = "192.168.43.130";
/**
* 使用的端口号
*/
private static int port = ;
/**
* // 使用的协议
*/
private static String schema = "http";
private static ArrayList<HttpHost> hostList = null;
/**
* 连接超时时间
*/
private static int connectTimeOut = ;
/**
* 连接超时时间
*/
private static int socketTimeOut = ;
/**
* 获取连接的超时时间
*/
private static int connectionRequestTimeOut = ;
/**
* 最大连接数
*/
private static int maxConnectNum = ;
/**
* 最大路由连接数
*/
private static int maxConnectPerRoute = ; private RestClientBuilder builder; private final CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); static {
hostList = new ArrayList<>();
hostList.add(new HttpHost(hosts, port, schema));
hostList.add(new HttpHost(hosts1, port, schema));
hostList.add(new HttpHost(hosts2, port, schema));
} @Bean("restHighLevelClient")
public RestHighLevelClient client() {
builder = RestClient.builder(hostList.toArray(new HttpHost[]));
setConnectTimeOutConfig();
setMutiConnectConfig();
return new RestHighLevelClient(builder);
} /**
* 异步httpclient的连接延时配置
*/
private void setConnectTimeOutConfig() {
builder.setRequestConfigCallback(requestConfigBuilder -> {
requestConfigBuilder.setConnectTimeout(connectTimeOut);
requestConfigBuilder.setSocketTimeout(socketTimeOut);
requestConfigBuilder.setConnectionRequestTimeout(connectionRequestTimeOut);
return requestConfigBuilder;
});
} /**
* 异步httpclient的连接数配置
*/
private void setMutiConnectConfig() {
credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("elastic", ""));
builder.setHttpClientConfigCallback(httpClientBuilder -> {
httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
httpClientBuilder.setMaxConnTotal(maxConnectNum);
httpClientBuilder.setMaxConnPerRoute(maxConnectPerRoute);
return httpClientBuilder;
});
} } - ElasticsearchApplicationTests.class
@Log4j2
@RunWith(SpringRunner.class)
@SpringBootTest
public class ElasticsearchApplicationTests { @Autowired
RestHighLevelClient restHighLevelClient; @Test
public void contextLoads() { for (int i = ; i >= ; i--) {
Map<String, Object> jsonMap = new HashMap<>();
jsonMap.put("name", "测试" + i);
jsonMap.put("age", "" + i);
jsonMap.put("des", "啦啦啦啦啦啦啦啦啦啦啦啦啦啦啦啦啦啦啦啦拉了拉");
jsonMap.put("des1", "des1des1des1des1des1des1des1des1des1des1des1des1des1des1des1des1des1des1des1des1des1des1des1");
jsonMap.put("des2", "des2des2des2des2des2des2des2des2des2des2des2des2des2des2des2des2des2des2");
jsonMap.put("des3", "des3des3des3des3des3des3des3des3des3des3des3des3des3des3des3des3des3des3");
jsonMap.put("des4", "des4des4des4des4des4des4des4des4des4des4des4des4des4des4des4des4des4des4des4des4des4des4des4des4des4");
jsonMap.put("postDate", new Date());
jsonMap.put("message", "trying out Elasticsearch");
IndexRequest indexRequest = new IndexRequest("test").id("" + i).source(jsonMap);
try {
IndexResponse response = null;
try {
response = restHighLevelClient.index(indexRequest, RequestOptions.DEFAULT);
} catch (IOException e) {
e.printStackTrace();
}
log.info(response.toString());
} catch (ElasticsearchException e) {
if (e.status() == RestStatus.CONFLICT) {
System.out.println("e = " + e);
}
}
} GetRequest getRequest = new GetRequest("posts", "");
GetResponse response = null;
try {
response = restHighLevelClient.get(getRequest, RequestOptions.DEFAULT);
log.info(response.toString());
} catch (IOException e) {
e.printStackTrace();
} } } 错误信息,少引入elasticsearch-rest-client pom包
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'restHighLevelClient' defined in class path resource [com/dy/client/EsConfiguration.class]: Post-processing of merged bean definition failed; nested exception is java.lang.IllegalStateException: Failed to introspect Class [org.elasticsearch.client.RestHighLevelClient] from ClassLoader [sun.misc.Launcher$AppClassLoader@18b4aac2]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:) ~[spring-beans-5.1..RELEASE.jar:5.1..RELEASE]
at com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:) [junit-rt.jar:na]
at com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:) [junit-rt.jar:na]
Caused by: java.lang.IllegalStateException: Failed to introspect Class [org.elasticsearch.client.RestHighLevelClient] from ClassLoader [sun.misc.Launcher$AppClassLoader@18b4aac2]
at org.springframework.util.ReflectionUtils.getDeclaredMethods(ReflectionUtils.java:) ~[spring-core-5.1..RELEASE.jar:5.1..RELEASE]
... common frames omitted
Caused by: java.lang.NoClassDefFoundError: org/elasticsearch/client/Cancellable
at java.lang.Class.getDeclaredMethods0(Native Method) ~[na:1.8.0_191]
at org.springframework.util.ReflectionUtils.getDeclaredMethods(ReflectionUtils.java:) ~[spring-core-5.1..RELEASE.jar:5.1..RELEASE]
... common frames omitted
Caused by: java.lang.ClassNotFoundException: org.elasticsearch.client.Cancellable
at java.net.URLClassLoader.findClass(URLClassLoader.java:) ~[na:1.8.0_191]
at java.lang.ClassLoader.loadClass(ClassLoader.java:) ~[na:1.8.0_191]
... common frames omitted
ElasticSearch 6.x数据迁移ElasticSearch7.4
- 安装nodejs
yum install nodejs -y --registry=https://registry.npm.taobao.org
- 安装elasticdump
npm install elasticdump -g
- 升级nodejs
npm install -g n
n latest mapping拷贝(建议手动拷贝)
elasticdump --input=http://127.0.0.1:9200/index(修改为真实的索引名称) --output=http://10.0.1.236:9200/index --type=mapping(修改为真实的索引名称与需要导入的IP)
- data拷贝
# 创建认证文件
cat > authFile <<EOF
user=elastic
password=xxxxxx
EOF # dump数据
elasticdump --input=http://192.168.0.110:9200/test-20200510 --output=http://192.168.0.215:9201/test-20200510 --type=data --limit=100000 --httpAuthFile=authFile
Elasticsearch7.6 集群部署、集群认证及使用、数据备份的更多相关文章
- linux运维、架构之路-Kubernetes集群部署TLS双向认证
一.kubernetes的认证授权 Kubernetes集群的所有操作基本上都是通过kube-apiserver这个组件进行的,它提供HTTP RESTful形式的API供集群内外客户端调 ...
- 【集群实战】Rsync试题-异机数据备份解决方案
企业案例:Rsync上机实战考试题: 某公司有一台Web服务器,里面的数据很重要,但是如果硬盘坏了,数据就会丢失,现在领导要求你把数据在其它机器上做一个周期性定时备份. 要求如下: 每天晚上00点整在 ...
- elk 系列:Elasticsearch 7.2 集群部署+TLS 加密+认证登陆
背景 2019年5月21日,Elastic官方发布消息: Elastic Stack 新版本6.8.0 和7.1.0的核心安全功能现免费提供. 这意味着用户现在能够对网络流量进行加密.创建和管理用户. ...
- 面试连环炮系列(二):你们的项目Redis做了集群部署吗
你们的项目Redis做了集群部署吗? 我们有大量数据需要缓存,而单实例的容量毕竟是有限的,于是做了Redis集群部署. 采取的方案是什么,Codis还是Redis Cluster,为什么要选择这个方案 ...
- 使用kubeadm进行单master(single master)和高可用(HA)kubernetes集群部署
kubeadm部署k8s 使用kubeadm进行k8s的部署主要分为以下几个步骤: 环境预装: 主要安装docker.kubeadm等相关工具. 集群部署: 集群部署分为single master(单 ...
- 部署Redis Cluster 6.0 集群并开启密码认证 和 Redis-cluster-proxy负载
部署Redis Cluster集群并开启密码认证 如果只想简单的搭建Redis Cluster,不需要设置密码和公网访问,可以参考官方文档. 节点介绍 Cluster模式推荐最少有6个节点,本次实验搭 ...
- CentOS6.8部署MongoDB集群及支持auth认证
三个节点的副本集如下图所示: 实验目的: 配置MongoDB的3节点副本集 3个节点的副本集都要开启auth认证,并且开启认证后,能互相通信 第一步 - 准备环境 准备三个虚拟机,其中一个用作Prim ...
- ELK + filebeat集群部署
ELK + filebeat集群部署 一.ELK简介 1. Elasticsearch Elasticsearch是一个实时的分布式搜索分析引擎, 它能让你以一个之前从未有过的速度和规模,去探索你的数 ...
- OpenStack Swift集群部署流程与简单使用
之前介绍了<OpenStack Swift All In One安装部署流程与简单使用>,那么接下来就说一说Swift集群部署吧. 1. 简介 本文档详细描述了使用两台PC部署一个小型Sw ...
随机推荐
- 老哥,您看我这篇Java集合,还有机会评优吗?
集合在我们日常开发使用的次数数不胜数,ArrayList/LinkedList/HashMap/HashSet······信手拈来,抬手就拿来用,在 IDE 上龙飞凤舞,但是作为一名合格的优雅的程序猿 ...
- 实验01——java模拟银行ATM系统
用java写的一个模拟银行系统,比较初级. ATM.java package cn.tedu.yinhang; import java.util.Scanner; /** * @author 赵瑞鑫 ...
- node根据excel批量更名
程序预览 index.js var xlsx = require('node-xlsx'); var fs = require('fs'); process.stdin.setEncoding('ut ...
- 如果连这10个Python缩写都不知道,那你一定是Python新手
简介 对于许多开始学习编程的人来说,Python已经成为他们的首选.Python有非常直观的语法和支持动态类型的灵活性.此外,它是一种解释语言,这使得使用交互式控制台进行学习成为可能.基本上,我们只需 ...
- SEO(Search Engine Optimization)优化
SEO(Search Engine Optimization)汉议为搜索引擎优化,是一种利用搜索引擎的规则提高网站在有关搜索引擎内自然排名的方式. SEO的目的是对网站进行深度的优化,从而帮助网站获取 ...
- 百度小程序中swan.setPageInfo的用法
现在百度智能小程序是百度最新的流量入口,现在很多做SEO优化.小程序开发的企业为了获取更多的流量不得不开发了,很多的技术人员不了解百度小程序的标题和关键词.描述等信息不知道在哪里设置. 以下是小编给你 ...
- 解决 Could not resolve type alias 'com.deppon.gis.module.job.server.util.SdoGeometryTypeHandler'. 的办法
单元测试提示下面错误: 核心错误: Failed to parse mapping resource: 'file [D:\490993\安装程序\DPAP2.1\dpap_v2.0.1\dpap_v ...
- 轻量级Java EE企业应用实战:Struts2+Spring5+Hibernate5/JPA2
轻量级Java EE企业应用实战(第5版)——Struts 2+Spring 5+Hibernate 5/JPA 2整合开发是<轻量级Java EE企业应用实战>的第5版,这一版保持了前几 ...
- JAVA 下载单个文件
public void toDownLoad(String ape505, HttpServletRequest request, HttpServletResponse response) thro ...
- Linux进程管理与性能监控
1. 进程管理工具 这一节我们介绍进程管理工具: 使用进程管理工具,我们可以查询程序当前的运行状态,或终止一个进程: 任何进程都与文件关联:我们会用到lsof工具(list opened files) ...