Elasticsearch7.6 集群部署、集群认证及使用、数据备份
window 环境部署集群
注意:window下载解压elasticsearch一定需要解压多次。例如搭建的3节点的,需要解压3次,防止生成 cluster UUID 一致导致只能看到一个节点
1、elasticsearch.yml配置:
node.name区别:elastic_node1、 elastic_node2、 elastic_node3
cluster.name: elastic_cluster node.name: elastic_node1 node.master: true
node.data: true #path.data: /usr/local/elastic_node1/data
#path.logs: /usr/local/elastic_node1/logs bootstrap.memory_lock: true network.host: 0.0.0.0
network.tcp.no_delay: true
network.tcp.keep_alive: true
network.tcp.reuse_address: true
network.tcp.send_buffer_size: 256mb
network.tcp.receive_buffer_size: 256mb transport.tcp.port:
transport.tcp.compress: true http.max_content_length: 200mb
http.cors.enabled: true
http.cors.allow-origin: "*"
http.port: discovery.seed_hosts: ["127.0.0.1:9301","127.0.0.1:9302","127.0.0.1:9303"]
cluster.initial_master_nodes: ["127.0.0.1:9301","127.0.0.1:9302","127.0.0.1:9303"]
cluster.fault_detection.leader_check.interval: 15s
discovery.cluster_formation_warning_timeout: 30s
cluster.join.timeout: 30s
cluster.publish.timeout: 90s
cluster.routing.allocation.cluster_concurrent_rebalance:
cluster.routing.allocation.node_concurrent_recoveries:
cluster.routing.allocation.node_initial_primaries_recoveries:
2、依次运行生成集群
浏览器打开:http://127.0.0.1:9201/_cat/nodes?v
ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name
127.0.0.1 dilm - elastic_node3
127.0.0.1 dilm - elastic_node1
127.0.0.1 dilm * elastic_node2
3、生成证书
es集群通过证书来安全的组成集群
- 运行
bin/elasticsearch-certutil cert
注意: 密码后面需要单独设置,这里是集群安全认证,建议密码不设置,成功后生成的证书默认在es的config目录里面 elastic-certificates.p12;分别copy一份到其他节点的config里面(默认目录)
在elasticsearch.yml配置添加
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
4、给认证的集群创建用户密码
bin/elasticsearch-setup-passwords interactive
- elastic 账号:拥有 superuser 角色,是内置的超级用户。
- kibana 账号:拥有 kibana_system 角色,用户 kibana 用来连接 elasticsearch 并与之通信。Kibana 服务器以该用户身份提交请求以访问集群监视 API 和 .kibana 索引。不能访问 index。
- logstash_system 账号:拥有 logstash_system 角色。用户 Logstash 在 Elasticsearch 中存储监控信息时使用。
- beats_system账号:拥有 beats_system 角色。用户 Beats 在 Elasticsearch 中存储监控信息时使用。
5、配置kibana认证
elasticsearch.username: "kibana"
elasticsearch.password: ""
- 完整的elasticsearch.yml配置,注意不同节点node.name区别
cluster.name: elastic_cluster
node.name: elastic_node1
node.master: true
node.data: true #path.data: /usr/local/elastic_node1/data
#path.logs: /usr/local/elastic_node1/logs bootstrap.memory_lock: true network.host: 0.0.0.0
network.tcp.no_delay: true
network.tcp.keep_alive: true
network.tcp.reuse_address: true
network.tcp.send_buffer_size: 256mb
network.tcp.receive_buffer_size: 256mb transport.tcp.port:
transport.tcp.compress: true http.max_content_length: 200mb
http.cors.enabled: true
http.cors.allow-origin: "*"
http.port: discovery.seed_hosts: ["127.0.0.1:9301","127.0.0.1:9302","127.0.0.1:9303"]
cluster.initial_master_nodes: ["127.0.0.1:9301","127.0.0.1:9302","127.0.0.1:9303"]
cluster.fault_detection.leader_check.interval: 15s
discovery.cluster_formation_warning_timeout: 30s
cluster.join.timeout: 30s
cluster.publish.timeout: 90s
cluster.routing.allocation.cluster_concurrent_rebalance:
cluster.routing.allocation.node_concurrent_recoveries:
cluster.routing.allocation.node_initial_primaries_recoveries: xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
centos(docker-compose) 环境部署集群
1、docker-compose.yml配置
version: '2.2'
services:
es01:
image: elasticsearch:7.6.
container_name: es01
environment:
- node.name=es01
- cluster.name=es-docker-cluster
- discovery.seed_hosts=192.168.43.128:
- cluster.initial_master_nodes=es01,192.168.43.128:
- cluster.fault_detection.leader_check.interval=15s
- bootstrap.memory_lock=true
- http.cors.enabled=true
- http.cors.allow-origin=*
- network.host=0.0.0.0
- network.publish_host=192.168.43.129
- xpack.security.enabled=true
- xpack.security.transport.ssl.enabled=true
- "ES_JAVA_OPTS=-Xms256m -Xmx256m"
ulimits:
memlock:
soft: -
hard: -
volumes:
- ./mnt/data:/usr/share/elasticsearch/data
- ./mnt/logs:/usr/share/elasticsearch/logs
ports:
- :
- :
networks:
- elastic
cerebro:
image: lmenezes/cerebro:0.8.
container_name: cerebro
ports:
- "9000:9000"
command:
- -Dhosts..host=http://es01:9200
networks:
- elastic
volumes:
mnt:
driver: local networks:
elastic:
driver: bridge
权限问题执行 chmod -R 777 mnt/*
2、生成证书文件创建密码
- 进入容器 docker exec -it 5144d3b1dd56 /bin/bash
- 生成证书 bin/elasticsearch-certutil cert
- 复制证书并cp到其他节点 docker cp 09f57b6067e0:/usr/share/elasticsearch/elastic-certificates.p12 .
3、修改配置&&动态添加测试
version: '2.2'
services:
es01:
image: elasticsearch:7.6.
container_name: es01
environment:
- node.name=es01
- cluster.name=es-docker-cluster
- discovery.seed_hosts=192.168.43.128:
- cluster.initial_master_nodes=es01,192.168.43.128:
- cluster.fault_detection.leader_check.interval=15s
- bootstrap.memory_lock=true
- http.cors.enabled=true
- http.cors.allow-origin=*
- network.host=0.0.0.0
- network.publish_host=192.168.43.129
- xpack.security.enabled=true
- xpack.security.transport.ssl.enabled=true
- xpack.license.self_generated.type=basic
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.keystore.path=elastic-certificates.p12
- xpack.security.transport.ssl.truststore.path=elastic-certificates.p12
- "ES_JAVA_OPTS=-Xms256m -Xmx256m"
ulimits:
memlock:
soft: -
hard: -
volumes:
- ./mnt/data:/usr/share/elasticsearch/data
- ./mnt/logs:/usr/share/elasticsearch/logs
- ./mnt/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
ports:
- :
- :
networks:
- elastic
cerebro:
image: lmenezes/cerebro:0.8.
container_name: cerebro
ports:
- "9000:9000"
command:
- -Dhosts..host=http://es01:9200
networks:
- elastic
volumes:
mnt:
driver: local networks:
elastic:
driver: bridge
注意证书的位置,给权限 chmod -R 777 mnt/*
- 设置密码(建议进入主节点容器中) bin/elasticsearch-setup-passwords interactive -u 'http://es01:9200'
- 通用配置与window类似
springboot使用测试
1、引入pom
<dependency>
<groupId>org.elasticsearch</groupId>
<artifactId>elasticsearch</artifactId>
<version>7.6.</version>
</dependency> <dependency>
<groupId>org.elasticsearch.client</groupId>
<artifactId>elasticsearch-rest-client</artifactId>
<version>7.6.</version>
</dependency> <dependency>
<groupId>org.elasticsearch.client</groupId>
<artifactId>elasticsearch-rest-high-level-client</artifactId>
<version>7.6.</version>
</dependency>
2、 代码
- EsConfiguration.class
/**
* @author hdy
*/
@Configuration
public class EsConfiguration {
/**
* 集群地址
*/
private static String hosts = "192.168.43.128";
private static String hosts1 = "192.168.43.129";
private static String hosts2 = "192.168.43.130";
/**
* 使用的端口号
*/
private static int port = ;
/**
* // 使用的协议
*/
private static String schema = "http";
private static ArrayList<HttpHost> hostList = null;
/**
* 连接超时时间
*/
private static int connectTimeOut = ;
/**
* 连接超时时间
*/
private static int socketTimeOut = ;
/**
* 获取连接的超时时间
*/
private static int connectionRequestTimeOut = ;
/**
* 最大连接数
*/
private static int maxConnectNum = ;
/**
* 最大路由连接数
*/
private static int maxConnectPerRoute = ; private RestClientBuilder builder; private final CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); static {
hostList = new ArrayList<>();
hostList.add(new HttpHost(hosts, port, schema));
hostList.add(new HttpHost(hosts1, port, schema));
hostList.add(new HttpHost(hosts2, port, schema));
} @Bean("restHighLevelClient")
public RestHighLevelClient client() {
builder = RestClient.builder(hostList.toArray(new HttpHost[]));
setConnectTimeOutConfig();
setMutiConnectConfig();
return new RestHighLevelClient(builder);
} /**
* 异步httpclient的连接延时配置
*/
private void setConnectTimeOutConfig() {
builder.setRequestConfigCallback(requestConfigBuilder -> {
requestConfigBuilder.setConnectTimeout(connectTimeOut);
requestConfigBuilder.setSocketTimeout(socketTimeOut);
requestConfigBuilder.setConnectionRequestTimeout(connectionRequestTimeOut);
return requestConfigBuilder;
});
} /**
* 异步httpclient的连接数配置
*/
private void setMutiConnectConfig() {
credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("elastic", ""));
builder.setHttpClientConfigCallback(httpClientBuilder -> {
httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
httpClientBuilder.setMaxConnTotal(maxConnectNum);
httpClientBuilder.setMaxConnPerRoute(maxConnectPerRoute);
return httpClientBuilder;
});
} } - ElasticsearchApplicationTests.class
@Log4j2
@RunWith(SpringRunner.class)
@SpringBootTest
public class ElasticsearchApplicationTests { @Autowired
RestHighLevelClient restHighLevelClient; @Test
public void contextLoads() { for (int i = ; i >= ; i--) {
Map<String, Object> jsonMap = new HashMap<>();
jsonMap.put("name", "测试" + i);
jsonMap.put("age", "" + i);
jsonMap.put("des", "啦啦啦啦啦啦啦啦啦啦啦啦啦啦啦啦啦啦啦啦拉了拉");
jsonMap.put("des1", "des1des1des1des1des1des1des1des1des1des1des1des1des1des1des1des1des1des1des1des1des1des1des1");
jsonMap.put("des2", "des2des2des2des2des2des2des2des2des2des2des2des2des2des2des2des2des2des2");
jsonMap.put("des3", "des3des3des3des3des3des3des3des3des3des3des3des3des3des3des3des3des3des3");
jsonMap.put("des4", "des4des4des4des4des4des4des4des4des4des4des4des4des4des4des4des4des4des4des4des4des4des4des4des4des4");
jsonMap.put("postDate", new Date());
jsonMap.put("message", "trying out Elasticsearch");
IndexRequest indexRequest = new IndexRequest("test").id("" + i).source(jsonMap);
try {
IndexResponse response = null;
try {
response = restHighLevelClient.index(indexRequest, RequestOptions.DEFAULT);
} catch (IOException e) {
e.printStackTrace();
}
log.info(response.toString());
} catch (ElasticsearchException e) {
if (e.status() == RestStatus.CONFLICT) {
System.out.println("e = " + e);
}
}
} GetRequest getRequest = new GetRequest("posts", "");
GetResponse response = null;
try {
response = restHighLevelClient.get(getRequest, RequestOptions.DEFAULT);
log.info(response.toString());
} catch (IOException e) {
e.printStackTrace();
} } } 错误信息,少引入elasticsearch-rest-client pom包
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'restHighLevelClient' defined in class path resource [com/dy/client/EsConfiguration.class]: Post-processing of merged bean definition failed; nested exception is java.lang.IllegalStateException: Failed to introspect Class [org.elasticsearch.client.RestHighLevelClient] from ClassLoader [sun.misc.Launcher$AppClassLoader@18b4aac2]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:) ~[spring-beans-5.1..RELEASE.jar:5.1..RELEASE]
at com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:) [junit-rt.jar:na]
at com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:) [junit-rt.jar:na]
Caused by: java.lang.IllegalStateException: Failed to introspect Class [org.elasticsearch.client.RestHighLevelClient] from ClassLoader [sun.misc.Launcher$AppClassLoader@18b4aac2]
at org.springframework.util.ReflectionUtils.getDeclaredMethods(ReflectionUtils.java:) ~[spring-core-5.1..RELEASE.jar:5.1..RELEASE]
... common frames omitted
Caused by: java.lang.NoClassDefFoundError: org/elasticsearch/client/Cancellable
at java.lang.Class.getDeclaredMethods0(Native Method) ~[na:1.8.0_191]
at org.springframework.util.ReflectionUtils.getDeclaredMethods(ReflectionUtils.java:) ~[spring-core-5.1..RELEASE.jar:5.1..RELEASE]
... common frames omitted
Caused by: java.lang.ClassNotFoundException: org.elasticsearch.client.Cancellable
at java.net.URLClassLoader.findClass(URLClassLoader.java:) ~[na:1.8.0_191]
at java.lang.ClassLoader.loadClass(ClassLoader.java:) ~[na:1.8.0_191]
... common frames omitted
ElasticSearch 6.x数据迁移ElasticSearch7.4
- 安装nodejs
yum install nodejs -y --registry=https://registry.npm.taobao.org
- 安装elasticdump
npm install elasticdump -g
- 升级nodejs
npm install -g n
n latest mapping拷贝(建议手动拷贝)
elasticdump --input=http://127.0.0.1:9200/index(修改为真实的索引名称) --output=http://10.0.1.236:9200/index --type=mapping(修改为真实的索引名称与需要导入的IP)
- data拷贝
# 创建认证文件
cat > authFile <<EOF
user=elastic
password=xxxxxx
EOF # dump数据
elasticdump --input=http://192.168.0.110:9200/test-20200510 --output=http://192.168.0.215:9201/test-20200510 --type=data --limit=100000 --httpAuthFile=authFile
Elasticsearch7.6 集群部署、集群认证及使用、数据备份的更多相关文章
- linux运维、架构之路-Kubernetes集群部署TLS双向认证
一.kubernetes的认证授权 Kubernetes集群的所有操作基本上都是通过kube-apiserver这个组件进行的,它提供HTTP RESTful形式的API供集群内外客户端调 ...
- 【集群实战】Rsync试题-异机数据备份解决方案
企业案例:Rsync上机实战考试题: 某公司有一台Web服务器,里面的数据很重要,但是如果硬盘坏了,数据就会丢失,现在领导要求你把数据在其它机器上做一个周期性定时备份. 要求如下: 每天晚上00点整在 ...
- elk 系列:Elasticsearch 7.2 集群部署+TLS 加密+认证登陆
背景 2019年5月21日,Elastic官方发布消息: Elastic Stack 新版本6.8.0 和7.1.0的核心安全功能现免费提供. 这意味着用户现在能够对网络流量进行加密.创建和管理用户. ...
- 面试连环炮系列(二):你们的项目Redis做了集群部署吗
你们的项目Redis做了集群部署吗? 我们有大量数据需要缓存,而单实例的容量毕竟是有限的,于是做了Redis集群部署. 采取的方案是什么,Codis还是Redis Cluster,为什么要选择这个方案 ...
- 使用kubeadm进行单master(single master)和高可用(HA)kubernetes集群部署
kubeadm部署k8s 使用kubeadm进行k8s的部署主要分为以下几个步骤: 环境预装: 主要安装docker.kubeadm等相关工具. 集群部署: 集群部署分为single master(单 ...
- 部署Redis Cluster 6.0 集群并开启密码认证 和 Redis-cluster-proxy负载
部署Redis Cluster集群并开启密码认证 如果只想简单的搭建Redis Cluster,不需要设置密码和公网访问,可以参考官方文档. 节点介绍 Cluster模式推荐最少有6个节点,本次实验搭 ...
- CentOS6.8部署MongoDB集群及支持auth认证
三个节点的副本集如下图所示: 实验目的: 配置MongoDB的3节点副本集 3个节点的副本集都要开启auth认证,并且开启认证后,能互相通信 第一步 - 准备环境 准备三个虚拟机,其中一个用作Prim ...
- ELK + filebeat集群部署
ELK + filebeat集群部署 一.ELK简介 1. Elasticsearch Elasticsearch是一个实时的分布式搜索分析引擎, 它能让你以一个之前从未有过的速度和规模,去探索你的数 ...
- OpenStack Swift集群部署流程与简单使用
之前介绍了<OpenStack Swift All In One安装部署流程与简单使用>,那么接下来就说一说Swift集群部署吧. 1. 简介 本文档详细描述了使用两台PC部署一个小型Sw ...
随机推荐
- MIME-TYPE 列表
Suffixes applicable Media type and subtype(s) .3dm x-world/x-3dmf .3dmf x-world/x-3dmf .a applicatio ...
- 分析"傍富婆发财"
视频地址https://www.bilibili.com/video/BV1pZ4y1u7jf 半佛 被富婆阿姨毒打的原因: 1.地位不对等导致工具化 资源不对等的情况下,尤其是一方极度依赖另一方资源 ...
- c++中包含string成员的结构体拷贝导致的double free问题
最近调试代码遇到一个的问题,提示double free,但是找了好久也没有找到释放两次的地方,后来调试发现,是由于使用了一个包含string成员的结构体,这个结构体使用memcpy拷贝导致的问题: 代 ...
- 和菜鸟一起学linux之DBUS基础学习记录(转)
转自:https://www.cnblogs.com/wuyida/p/6299998.html D-Bus三层架构 D-Bus是一个为应用程序间通信的消息总线系统, 用于进程之间的通信.它是个3层架 ...
- 学习 Python,这 22 个包怎能不掌握?
如今全球各个行业内 Python 的使用状况怎么样呢? 很多人学习python,不知道从何学起.很多人学习python,掌握了基本语法过后,不知道在哪里寻找案例上手.很多已经做案例的人,却不知道如何去 ...
- Python使用pyexecjs代码案例解析
针对现在大部分的网站都是使用js加密,js加载的,并不能直接抓取出来,这时候就不得不适用一些三方类库来执行js语句 execjs,一个比较好用且容易上手的类库(支持py2,与py3),支持 JS ru ...
- Hive对字段进行urlDecode
最近项目中需要对埋点日志hive表进行分析,并且按一定的规则统计出来满足要求的用户pin.本来以为是一件比较简单的事,结果在查看导出的词表时发现很多带有"%"的明显具有url en ...
- docker 启动redis 报错!
首先通过命令进入: docker exec -it ‘容器名’ redis-cli 错误信息: There was an unexpected error (type=Internal Serve ...
- leetcode刷题笔记-3. 无重复字符的最长子串(java实现)
题目描述 给定一个字符串,请你找出其中不含有重复字符的 最长子串 的长度. 示例 1: 输入: "abcabcbb"输出: 3 解释: 因为无重复字符的最长子串是 "ab ...
- C#LeetCode刷题之#617-合并二叉树(Merge Two Binary Trees)
问题 该文章的最新版本已迁移至个人博客[比特飞],单击链接 https://www.byteflying.com/archives/4096 访问. 给定两个二叉树,想象当你将它们中的一个覆盖到另一个 ...