线上环境elasticsearch5.0.1集群的配置部署
es集群的规划:
硬件:
7台8核、64G内存、2T ssd硬盘加1台8核16G的阿里云服务器
其中一台作为kibana+kafka连接查询的服务器
其他6台都作为node和master两种角色
操作系统:centos7.2 x86_64
为方便磁盘扩容建议将磁盘进行lvm逻辑卷配置,可以参考:
aliyun添加数据盘后的物理分区和lvm逻辑卷两种挂载方式
http://blog.csdn.net/reblue520/article/details/54174178
1.安装jdk1.8和elasticsearch5.0.1
rpm -ivh jdk-8u111-linux-x64.rpm
tar -zxvf elasticsearch-5.0.1.tar.gz
2.添加yunva这个运行elasticsearch的用户(es必须使用非root用户启动)
useradd yunva -d /home/yunva
echo 'pass'|passwd --stdin yunva
chown -R yunva.yunva /data
修改默认端口
sed -i 's/#Port 22/Port 2222/' /etc/ssh/sshd_config
sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
service sshd restart
3.针对es做的一些系统的优化配置
swapoff -a
echo "fs.file-max = 1000000" >> /etc/sysctl.conf
echo "vm.max_map_count=262144" >> /etc/sysctl.conf
echo "vm.swappiness = 1" >> /etc/sysctl.conf
sysctl -p
sed -i 's/* soft nofile 65535/* soft nofile 655350/g' /etc/security/limits.conf
sed -i 's/* hard nofile 65535/* hard nofile 655350/g' /etc/security/limits.conf
将java_home加入环境变量
cat >> /etc/profile <<EOF
export JAVA_HOME=/usr/java/jdk1.8.0_111
export PATH=\$JAVA_HOME/bin:\$PATH
EOF
source /etc/profile
4.es内存调整配置文件(建议配置为物理内存的一半或者更多最好不要超过32G,超过了也可能不会增强性能):
/data/elasticsearch-5.0.1/config/jvm.options
sed -i 's/-Xms2g/-Xms32g/' /data/elasticsearch-5.0.1/config/jvm.options
sed -i 's/-Xmx2g/-Xmx32g/' /data/elasticsearch-5.0.1/config/jvm.options
echo "-Xss256k" >>/data/elasticsearch-5.0.1/config/jvm.options
sed -i 's/-XX:+UseConcMarkSweepGC/-XX:+UseG1GC/' /data/elasticsearch-5.0.1/config/jvm.options
5.集群的主要配置文件
修改elasticsearch的参数
vim /etc/elasticsearch/elasticsearch.yml(rpm安装方式的配置文件位置)
vim /data/elasticsearch-5.0.1/config/elasticsearch.yml
es节点的配置:
# 节点名
cluster.name: yunva-es
# 集群的名称,可以不写
discovery.zen.ping.unicast.hosts: ["node-1","yunva_etl_es2", "yunva_etl_es3","yunva_etl_es4","yunva_etl_es5","yunva_etl_es6","yunva_etl_es7"]
node.name: yunva_etl_es6
node.master: true
node.data: true
path.data: /data/es/data
path.logs: /data/es/logs
action.auto_create_index: false
indices.fielddata.cache.size: 12g
bootstrap.memory_lock: false
# 内网地址,可以加快速度
network.host: 192.168.1.10
http.port: 9200
# 增加新的参数head插件可以访问es
http.cors.enabled: true
http.cors.allow-origin: "*"
gateway.recover_after_time: 8m
gateway.expected_nodes: 3
cluster.routing.allocation.node_initial_primaries_recoveries: 8
# 以下配置可以减少当es节点短时间宕机或重启时shards重新分布带来的磁盘io读写浪费
discovery.zen.fd.ping_timeout: 180s
discovery.zen.fd.ping_retries: 8
discovery.zen.fd.ping_interval: 30s
discovery.zen.ping_timeout: 120s
针对kibana的es配置(非node和master节点)
# cat /etc/elasticsearch/elasticsearch.yml
cluster.name: yunva-es
node.name: yunva_etl_es1
node.master: false
node.data: false
node.ingest: false
action.auto_create_index: false
path.data: /data/es/data
path.logs: /data/es/logs
bootstrap.memory_lock: false
network.host: 0.0.0.0
http.port: 9200
http.cors.enabled: true
http.cors.allow-origin: "*"
# 以下配置可以减少当es节点短时间宕机或重启时shards重新分布带来的磁盘io读写浪费
discovery.zen.fd.ping_timeout: 180s
discovery.zen.fd.ping_retries: 8
discovery.zen.fd.ping_interval: 30s
discovery.zen.ping_timeout: 120s
注意修改配置文件vim /etc/hosts 列出集群节点名称和对应ip地址的对应关系(有内网dns并且配置的就不需要再次配置了)
echo "10.28.50.131 node-1" >> /etc/hosts
echo "10.26.241.239 yunva_etl_es3" >> /etc/hosts
echo "10.25.135.215 yunva_etl_es2" >> /etc/hosts
echo "10.26.241.237 yunva_etl_es4" >> /etc/hosts
echo "10.27.78.228 yunva_etl_es5" >> /etc/hosts
echo "10.27.65.121 yunva_etl_es6" >> /etc/hosts
echo "10.27.35.94 yunva_etl_es7" >> /etc/hosts
6.创建日志和数据存放目录
mkdir -p /data/es/data
mkdir /data/es/logs
chown -R yunva.yunva /data
7.启动es服务:
# su - yunva
[yunva]$ cd /data/elasticsearch-5.0.1/bin/
./elasticsearch &
8.检查单台服务是否正常:
$ curl http://ip:9200/
{
"name" : "yunva_etl_es5",
"cluster_name" : "yunva-es",
"cluster_uuid" : "2shAg8u3SjCRNJ4mEUBzBQ",
"version" : {
"number" : "5.0.1",
"build_hash" : "080bb47",
"build_date" : "2016-11-11T22:08:49.812Z",
"build_snapshot" : false,
"lucene_version" : "6.2.1"
},
"tagline" : "You Know, for Search"
}
# 查看集群状态
$ curl http://ip:9200/_cluster/health/?pretty
{
"cluster_name" : "yunva-es",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 5,
"number_of_data_nodes" : 4,
"active_primary_shards" : 66,
"active_shards" : 132,
"relocating_shards" : 2,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
然后将配置好的es程序拷贝到其他服务器中,注意修改以下内容(network.host为内网地址,速度更快,节省互相复制、分片的时候处理带宽):
1.elasticsearch.yml文件的配置修改
node.name: 节点名称
network.host: es节点的内网IP地址
2./etc/hosts文件中内网ip和node.name的对应关系
后续添加对集群服务的监控,可以参考:
elasticsearch6.0的安装
一、确定服务器配置,新建硬件资源 需要配置es集群作为热数据,数据量不大,两台8核16G,200G磁盘的服务器做es集群即可 二、初始化系统 、关闭firewall,并安装iptables服务
systemctl stop firewalld.service #停止firewall systemctl disable firewalld.service #禁止firewall开机启动 yum install iptables-services -y # 添加防火墙规则
vim /usr/local/worksh/FireWall.sh #!/bin/bash
iptables -A INPUT -p udp --dport -j ACCEPT
################################################################
### Required modules
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_LOG
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_state
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ipt_owner
/sbin/modprobe ipt_REJECT ### Clean Rules
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P OUTPUT ACCEPT
iptables -F
iptables -t nat -F
#iptables -t mangle -F
iptables -X
iptables -t nat -X
#iptables -t mangle -X ### Drop all pocket,first
iptables -P INPUT DROP
#iptables -P OUTPUT DROP
iptables -P FORWARD DROP ### Create New chains
iptables -N bad_tcp_packets
#iptables -N allowed
iptables -N icmp_packets ### Bad_tcp_packets chain
/sbin/iptables -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP
/sbin/iptables -A bad_tcp_packets -p tcp --tcp-flags ALL ALL -j DROP
/sbin/iptables -A bad_tcp_packets -p tcp --tcp-flags ALL NONE -j DROP
/sbin/iptables -A bad_tcp_packets -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
/sbin/iptables -A bad_tcp_packets -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
/sbin/iptables -A bad_tcp_packets -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
/sbin/iptables -A bad_tcp_packets -p tcp --tcp-flags ACK,FIN FIN -j DROP
/sbin/iptables -A bad_tcp_packets -p tcp --tcp-flags ACK,PSH PSH -j DROP
/sbin/iptables -A bad_tcp_packets -p tcp --tcp-flags ACK,URG URG -j DROP ### ICMP Rules
iptables -A icmp_packets -p icmp --icmp-type -j ACCEPT
iptables -A icmp_packets -p icmp --icmp-type -j ACCEPT
#iptables -A icmp_packets -p icmp -j DROP ##keepalived
iptables -A INPUT -i eth1 -p vrrp -s 63.159.217.139 -j ACCEPT ### LookBack and Private interface
iptables -A INPUT -p ALL -i lo -j ACCEPT
iptables -A INPUT -p ALL -i eth0 -j ACCEPT ### INPUT chain
iptables -A INPUT -p tcp -j bad_tcp_packets
iptables -A INPUT -p icmp -j icmp_packets
iptables -A INPUT -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT ### EOP
iptables -A INPUT -p tcp -i eth1 --dport -s 47.91.75.80 -j ACCEPT ##rep
iptables -A INPUT -p tcp -i eth1 --dport -s 47.91.90.28 -j ACCEPT # Count Limit
#iptables -A INPUT -m limit --limit /minute --limit-burst -j LOG --log-level INFO --log-prefix "IPT INPUT PACKET DIED:"
############################################################
iptables -I INPUT -p udp --dport -j ACCEPT ### Open Ports
Public_access="80 443 8080"
Server_access="20 21 873 3306 2008 8899 9200 9300"
Company_access="20 21 873 9200 9300 9100"
aliyun_access=""
### Allow Ips Servers_ip="192.168.254.0/24"
Company_ip="1.1.1.1"
aliyun_ip="2.2.2.2"
Eus_server_ip="3.3.3.3" ### Public access Rules
for port in $Public_access
do
iptables -A INPUT -p tcp -i eth1 --dport $port -j ACCEPT
done ### Servers access Rules
for port in $Server_access
do
for ip in $Servers_ip
do
iptables -A INPUT -p tcp -i eth1 --dport $port -s $ip -j ACCEPT
done
done ### Eus_server access Rules
for port in $Server_access
do
for ip in $Eus_server_ip
do
iptables -A INPUT -p tcp -i eth1 --dport $port -s $ip -j ACCEPT
done
done ### Company access Rules
for port in $Company_access
do
for ip in $Company_ip
do
iptables -A INPUT -p tcp -i eth1 --dport $port -s $ip -j ACCEPT
done
done # chmod +x /usr/local/worksh/FireWall.sh
# sh -x /usr/local/worksh/FireWall.sh # 开机运行防火墙规则
[root@cms_elasticsearch01 elasticsearch-head]# tail -n /etc/rc.local
/usr/local/worksh/FireWall.sh ********************* # centos7设置洛杉矶时间 timedatectl set-timezone America/Los_Angeles # 修改文件句柄
sed -i 's#root soft nofile 65535#root soft nofile 655350#g' /etc/security/limits.conf
sed -i 's#root hard nofile 65535#root hard nofile 655350#g' /etc/security/limits.conf
sed -i 's#* soft nofile 65535#* soft nofile 655350#g' /etc/security/limits.conf
sed -i 's#* hard nofile 65535#* hard nofile 655350#g' /etc/security/limits.conf
sed -i 's#* soft nproc 4096##g' /etc/security/limits.d/-nproc.conf # 最终效果
root soft nofile
root hard nofile
* soft nofile
* hard nofile # 安装依赖
yum install -y gcc gcc-c++ htop telnet iotop iptraf iftop make logrotate xinetd ntsysv sysstat perl autoconf libjpeg libjpeg-devel libpng libpng-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel e2fsprogs e2fsprogs-devel krb5-devel libidn libidn-devel libxml2 libxml2-devel libxslt-devel libevent-devel libtool libtool-ltdl bison ntpdate patch vim wget openssh-clients bind-utils # 系统升级到最新
yum update -y # 安装jdk1.8_181 rpm -ivh jdk-8u181-linux-x64.rpm
# vim /etc/profile
export JAVA_HOME=/usr/java/jdk1..0_181-amd64
export PATH=$JAVA_HOME/bin:$PATH .添加运行elasticsearch的普通用户
##### 安装elasticsearch elasticsearch
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.3.2.tar.gz
tar -zxf elasticsearch-6.3..tar.gz #### 创建elasticsearch的普通账号
groupadd elasticsearch
useradd elasticsearch -g elasticsearch
chown -R elasticsearch.elasticsearch /data
chown -R elasticsearch.elasticsearch /usr/local/elasticsearch-6.3./ # 一些优化配置
swapoff -a echo "fs.file-max = 1000000" >> /etc/sysctl.conf
echo "vm.max_map_count=262144" >> /etc/sysctl.conf
echo "vm.swappiness = 1" >> /etc/sysctl.conf
# 让配置生效
sysctl -p # 创建数据和日志目录
mkdir -p /data/es/data
mkdir -p /data/es/logs es节点的配置: 主节点 master 配置:
[root@cms_elasticsearch01 config]# cat elasticsearch.yml
# 节点名
cluster.name: cms-uat-es
# 集群的名称,可以不写
discovery.zen.ping.unicast.hosts: ["cms_elasticsearch01","cms_elasticsearch02"]
node.name: cms_elasticsearch01
node.master: true
node.data: true
path.data: /data/es/data
path.logs: /data/es/logs
#action.auto_create_index: false
indices.fielddata.cache.size: 1g
# 内网地址,可以加快速度
#network.host: 192.168.254.36
network.host: 0.0.0.0
http.port:
# 增加新的参数head插件可以访问es
http.cors.enabled: true
http.cors.allow-origin: "*" gateway.recover_after_time: 8m # 以下配置可以减少当es节点短时间宕机或重启时shards重新分布带来的磁盘io读写浪费
discovery.zen.fd.ping_timeout: 300s
discovery.zen.fd.ping_retries:
discovery.zen.fd.ping_interval: 30s
discovery.zen.ping_timeout: 180s 数据节点配置
[root@cms_elasticsearch02 ~]# cat /usr/local/elasticsearch-6.3./config/elasticsearch.yml
# 节点名
cluster.name: cms-uat-es
# 集群的名称,可以不写
discovery.zen.ping.unicast.hosts: ["cms_elasticsearch01","cms_elasticsearch02"]
node.name: cms_elasticsearch02
node.master: false
node.data: true
path.data: /data/es/data
path.logs: /data/es/logs
#action.auto_create_index: false
indices.fielddata.cache.size: 1g
bootstrap.memory_lock: false
# 内网地址,可以加快速度
#network.host: 192.168.254.37
network.host: 0.0.0.0
http.port:
# 增加新的参数head插件可以访问es
http.cors.enabled: true
http.cors.allow-origin: "*" gateway.recover_after_time: 8m # 以下配置可以减少当es节点短时间宕机或重启时shards重新分布带来的磁盘io读写浪费
discovery.zen.fd.ping_timeout: 300s
discovery.zen.fd.ping_retries:
discovery.zen.fd.ping_interval: 30s
discovery.zen.ping_timeout: 180s # 修改hosts文件
echo "192.168.254.36 cms_elasticsearch01" >> /etc/hosts
echo "192.168.254.37 cms_elasticsearch02" >> /etc/hosts # 启动程序
su elasticsearch -c "cd /usr/local/elasticsearch-6.3.2 && bin/elasticsearch -d" 三、添加zabbix监控
硬件资源的监控
es的监控 # 集群状态监控脚本
UserParameter=es_status,curl -sXGET http://192.168.254.37:9200/_cluster/health/?pretty | grep "status"|awk -F '[ "]+' '{print $4}'|grep -c 'green' # 如果出现错误的监控
UserParameter=es_debug,sudo /bin/find /usr/local/elasticsearch-6.3. -name hs_err_pid*.log -o -name java_pid*.hprof|wc -l # 监控触发自动启动elasticsearch脚本: # vim /usr/local/zabbix_agents_3.2.0/scripts/start_es.sh #!/bin/bash
# if elasticsearch process exists kill it
source /etc/profile count_es=`ps -ef|grep elasticsearch|grep -v grep|wc -l`
if [ $count_es -ge ];then
ps -ef|grep elasticsearch|grep -v grep|/bin/kill `awk '{print $2}'`
fi
rm -f /usr/local/elasticsearch-6.3./bin/java_pid*.hprof
# start it
su elasticsearch -c "cd /usr/local/elasticsearch-6.3.2 && bin/elasticsearch -d" # chmod +x /usr/local/zabbix_agents_3.2.0/scripts/start_es.sh ######################################### # 安装head插件
# yum install -y epel-release
# yum install -y nodejs [root@cms_elasticsearch01 elasticsearch-head]# npm install -g cnpm --registry=https://registry.npm.taobao.org
npm WARN deprecated socks@1.1.: If using .x branch, please upgrade to at least 2.1. to avoid a serious bug with socket data flow and an import issue introduced in 2.1.
/usr/bin/cnpm -> /usr/lib/node_modules/cnpm/bin/cnpm
/usr/lib
└─┬ cnpm@6.0.
├── auto-correct@1.0.
├── bagpipe@0.3. [root@cms_elasticsearch01 elasticsearch-head]# npm install -g grunt
/usr/bin/grunt -> /usr/lib/node_modules/grunt/bin/grunt
/usr/lib
└─┬ grunt@1.0. [root@cms_elasticsearch01 elasticsearch-head]# npm install -g grunt-cli --registry=https://registry.npm.taobao.org --no-proxy
/usr/bin/grunt -> /usr/lib/node_modules/grunt-cli/bin/grunt
/usr/lib
└─┬ grunt-cli@1.3. [root@cms_elasticsearch01 elasticsearch-head]# grunt -version
grunt-cli v1.3.1 ()下载依赖
进入elasticsearch-head-master目录,执行下面命令
[root@cms_elasticsearch01 elasticsearch-head]# npm install ()修改配置,当有外网和内网IP的时候需要修改配置
elasticsearch-head/Gruntfile.js 文件
connect: {
server: {
options: {
hostname: '*',
port: ,
base: '.',
keepalive: true # 修改 elasticsearch-head/_site/app.js 将localhost修改为本机外网ip地址
this.base_uri = this.config.base_uri || this.prefs.get("app-base_uri") || "http://70.39.189.23:9200"; # 防火墙要互相放行
# 启动head插件
su elasticsearch -c "cd /usr/local/elasticsearch-head && nohup npm run start >> /usr/local/elasticsearch-head/logs/npm-start.log 2>&1 &" # chown -R elasticsearch.elasticsearch /usr/local/elasticsearch-head/ # 启动head插件脚本 #!/bin/sh
# stop elasticsearch master function
function stopelkmaster()
{
count=`ps -ef | grep -v grep |grep grunt | wc -l`
if [ $count -gt ];then
for i in `ps -ef | grep -v grep |grep grunt|awk '{print $2}'`
do
#echo "is exists:"
kill - $i
done
fi
} # start elasticsearch master function
function startelkmaster()
{
count=`ps -ef | grep -v grep |grep grunt | wc -l`
if [ $count -gt ];then
for i in `ps -ef | grep -v grep |grep grunt|awk '{print $2}'`
do
kill - $i
done
sleep
cd /opt/elasticsearch-head
su elasticsearch -c "cd /usr/local/elasticsearch-head && nohup npm run start >> /usr/local/elasticsearch-head/logs/npm-start.log 2>&1 &"
else
cd /opt/elasticsearch-head
su elasticsearch -c "cd /usr/local/elasticsearch-head && nohup npm run start >> /usr/local/elasticsearch-head/logs/npm-start.log 2>&1 &"
fi
}
isExistsElk=`ps -ef | grep -v grep |grep grunt | wc -l`
if [ $isExistsElk -eq ]
then
#echo "start process....."
startelkmaster
elif [ $isExistsElk -gt ]
then
stopelkmaster
sleep
startelkmaster
else
echo "error!"
fi