Elasticsearch 集群配置参考
资源说明
假设有三台服务器
| 名称 | ip |
|---|---|
| A | 192.168.1.1 |
| B | 192.168.1.2 |
| C | 192.168.1.3 |
每台服务器上部署一个 es 节点, 并且设置密码
集群配置
A
cluster.name: my-application
node.name: node1
network.host: 0.0.0.0
http.port: 9200
cluster.initial_master_nodes: ["node1"]
node.master: true
node.data: true
http.cors.enabled: true
http.cors.allow-origin: "*"
cluster.max_shards_per_node: 20000
transport.tcp.port: 9300
discovery.seed_hosts: ["192.168.1.2:9200","192.168.1.3:9200"]
B
cluster.name: my-application
node.name: node2
network.host: 0.0.0.0
http.port: 9200
cluster.initial_master_nodes: ["node1"]
node.master: true
node.data: true
http.cors.enabled: true
http.cors.allow-origin: "*"
cluster.max_shards_per_node: 20000
transport.tcp.port: 9300
discovery.seed_hosts: ["192.168.1.1:9200","192.168.1.3:9200"]
C
cluster.name: my-application
node.name: node3
network.host: 0.0.0.0
http.port: 9200
cluster.initial_master_nodes: ["node1"]
node.master: true
node.data: true
http.cors.enabled: true
http.cors.allow-origin: "*"
cluster.max_shards_per_node: 20000
transport.tcp.port: 9300
discovery.seed_hosts: ["192.168.1.1:9200","192.168.1.2:9200"]
加密访问
1. 在 A 服务器上生成证书
bin/elasticsearch-certutil cert -out config/elastic-certificates.p12 -pass ""
2. 拷贝到其他节点
scp config/elastic-certificates.p12 username@192.168.1.2:/.../config/elastic-certificates.p12
scp config/elastic-certificates.p12 username@192.168.1.3:/.../config/elastic-certificates.p12
3. 修改每个节点的配置并启动
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: config/elastic-certificates.p12
su -c "bin/elasticsearch" username
可能遇到的问题是无法访问证书,查看证书的所属用户如果是root,需要改为es的用户
chown username config/elastic-certificates.p12
4. 设置密码
使用cd命令切换到elasticsearch目录,然后使用 bin/elasticsearch-setup-passwords auto 命令自动生成好几个默认用户和密码。 如果想手动生成密码,则使用 bin/elasticsearch-setup-passwords interactive 命令。一般默认会生成好几个管理员账户,其中一个叫elastic的用户是超级管理员
bin/elasticsearch-setup-passwords interactive