一、环境准备¶
1.1 机器配置(3台)¶
| CPU | 2C |
|---|---|
| MEMORY | 4G |
| DISK | 50G+ |
1.2 机器信息(3台)¶
| 主机名 | 主机IP |
|---|---|
| elk121 | 192.168.1.121 |
| elk122 | 192.168.1.122 |
| elk123 | 192.168.1.123 |
二、rpm部署¶
2.1 单点部署¶
1、下载ES软件包
地址链接:https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.5-x86_64.rpm
2、在elk121节点上安装es
| [root@elk121 ~]# rpm -ivh elasticsearch-7.17.5-x86_64.rpm |
|---|
3、修改es的配置文件
复制第56行内容修改ES服务监听对外暴露服务的地址为192.168.1.121,具体内容如下
[root@elk121 ~]# vim +56 /etc/elasticsearch/elasticsearch.yml
network.host: 192.168.1.121
复制第71行内容指定ES集群的节点IP,具体内容如下
[root@elk121 ~]# vim +71 /etc/elasticsearch/elasticsearch.yml
discovery.seed_hosts: ["192.168.1.121"]
复制第76行内容指定参与master选举的节点
[root@elk121 ~]# vim +76 /etc/elasticsearch/elasticsearch.yml
cluster.initial_master_nodes: ["192.168.1.121"]
最后修改后的配置文件如下:
[root@elk121 ~]# egrep -v '^#|^$' /etc/elasticsearch/elasticsearch.yml
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
discovery.seed_hosts: ["192.168.1.121"]
cluster.initial_master_nodes: ["192.168.1.121"]
4、在elk121节点上启动ES服务
| [root@elk121 ~]# systemctl enable --now elasticsearch |
|---|
5、验证elk121节点是否正常工作
[root@elk121 ~]# ss -ntl | grep -E '(9200|9300)'
LISTEN 0 128 [::]:9200 [::]:*
LISTEN 0 128 [::]:9300 [::]:*
说明:
-
9200端口作用: 对ES集群外部提供http/https服务。可以理解为对客户端提供服务。
-
9300端口作用: 对ES集群内部进行数据通信传输端口。走的tcp协议。
6、客户端验证
在elk122节点上进行验证测试
[root@elk122 ~]# curl 192.168.1.121:9200
{
"name" : "elk121",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "_na_",
"version" : {
"number" : "7.17.5",
"build_flavor" : "default",
"build_type" : "rpm",
"build_hash" : "8d61b4f7ddf931f219e3745f295ed2bbc50c8e84",
"build_date" : "2022-06-23T21:57:28.736740635Z",
"build_snapshot" : false,
"lucene_version" : "8.11.1",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
2.2 集群部署¶
1、下载ES软件包
地址链接:https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.5-x86_64.rpm
2、在elk121、elk122、elk123节点上安装es
[root@elk121 ~]# rpm -ivh elasticsearch-7.17.5-x86_64.rpm
[root@elk122 ~]# rpm -ivh elasticsearch-7.17.5-x86_64.rpm
[root@elk123 ~]# rpm -ivh elasticsearch-7.17.5-x86_64.rpm
3、修改elk121、elk122、elk123节点的配置文件
(1)在elk121节点上修改es的配置文件
复制第17行内容指定ES集群的名称,具体内容如下
[root@elk121 ~]# vim +17 /etc/elasticsearch/elasticsearch.yml
cluster.name: es
复制第56行内容修改ES服务监听对外暴露服务的地址为192.168.1.121,具体内容如下
[root@elk121 ~]# vim +56 /etc/elasticsearch/elasticsearch.yml
network.host: 192.168.1.121
复制第71行内容指定ES集群的节点IP,具体内容如下
[root@elk121 ~]# vim +71 /etc/elasticsearch/elasticsearch.yml
discovery.seed_hosts: ["192.168.1.121","192.168.1.122","192.168.1.123"]
复制第76行内容指定参与master选举的节点
[root@elk121 ~]# vim +76 /etc/elasticsearch/elasticsearch.yml
cluster.initial_master_nodes: ["192.168.1.121","192.168.1.122","192.168.1.123"]
最后修改后的配置文件如下:
[root@elk121 ~]# egrep -v '^#|^$' /etc/elasticsearch/elasticsearch.yml
cluster.name: es
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 192.168.1.121
discovery.seed_hosts: ["192.168.1.121","192.168.1.122","192.168.1.123"]
cluster.initial_master_nodes: ["192.168.1.121","192.168.1.122","192.168.1.123"]
(2)在elk122节点上修改es的配置文件
复制第17行内容指定ES集群的名称,具体内容如下
[root@elk122 ~]# vim +17 /etc/elasticsearch/elasticsearch.yml
cluster.name: es
复制第56行内容修改ES服务监听对外暴露服务的地址为192.168.1.122,具体内容如下
[root@elk122 ~]# vim +56 /etc/elasticsearch/elasticsearch.yml
network.host: 192.168.1.122
复制第71行内容指定ES集群的节点IP,具体内容如下
[root@elk122 ~]# vim +71 /etc/elasticsearch/elasticsearch.yml
discovery.seed_hosts: ["192.168.1.121","192.168.1.122","192.168.1.123"]
复制第76行内容指定参与master选举的节点
[root@elk122 ~]# vim +76 /etc/elasticsearch/elasticsearch.yml
cluster.initial_master_nodes: ["192.168.1.121","192.168.1.122","192.168.1.123"]
最后修改后的配置文件如下:
[root@elk122 ~]# egrep -v '^#|^$' /etc/elasticsearch/elasticsearch.yml
cluster.name: es
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 192.168.1.122
discovery.seed_hosts: ["192.168.1.121","192.168.1.122","192.168.1.123"]
cluster.initial_master_nodes: ["192.168.1.121","192.168.1.122","192.168.1.123"]
(3)在elk123节点上修改es的配置文件
复制第17行内容指定ES集群的名称,具体内容如下
[root@elk123 ~]# vim +17 /etc/elasticsearch/elasticsearch.yml
cluster.name: es
复制第56行内容修改ES服务监听对外暴露服务的地址为192.168.1.123,具体内容如下
[root@elk123 ~]# vim +56 /etc/elasticsearch/elasticsearch.yml
network.host: 192.168.1.123
复制第71行内容指定ES集群的节点IP,具体内容如下
[root@elk123 ~]# vim +71 /etc/elasticsearch/elasticsearch.yml
discovery.seed_hosts: ["192.168.1.121","192.168.1.122","192.168.1.123"]
复制第76行内容指定参与master选举的节点
[root@elk123 ~]# vim +76 /etc/elasticsearch/elasticsearch.yml
cluster.initial_master_nodes: ["192.168.1.121","192.168.1.122","192.168.1.123"]
最后修改后的配置文件如下:
[root@elk123 ~]# egrep -v '^#|^$' /etc/elasticsearch/elasticsearch.yml
cluster.name: es
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 192.168.1.123
discovery.seed_hosts: ["192.168.1.121","192.168.1.122","192.168.1.123"]
cluster.initial_master_nodes: ["192.168.1.121","192.168.1.122","192.168.1.123"]
4、在elk121、elk122、elk123节点上启动ES服务
[root@elk121 ~]# systemctl enable --now elasticsearch
[root@elk122 ~]# systemctl enable --now elasticsearch
[root@elk123 ~]# systemctl enable --now elasticsearch
5、验证ES集群节点是否正常工作
[root@elk121 ~]# curl 192.168.1.121:9200/_cat/nodes
192.168.1.122 6 72 2 1.79 0.88 0.35 cdfhilmrstw - elk122
192.168.1.121 5 72 1 0.12 0.09 0.07 cdfhilmrstw - elk121
192.168.1.123 14 72 3 2.08 1.00 0.39 cdfhilmrstw * elk123
[root@elk121 ~]# curl 192.168.1.121:9200/_cat/nodes?v
ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name
192.168.1.122 7 72 0 0.78 0.74 0.33 cdfhilmrstw - elk122
192.168.1.121 5 72 0 0.05 0.07 0.06 cdfhilmrstw - elk121
192.168.1.123 17 72 0 0.87 0.85 0.37 cdfhilmrstw * elk123
说明:*代表该节点为主节点。主节点挂掉后会飘到其他节点上面。之前的主节点恢复后不存在抢占机制。另外,也存在”半数存活”规则(防止脑裂),这意味着最多只能挂一台。
2.3 故障记录¶
故障现象:
在elk122节点上进行验证测试"cluster_uuid"显示"_na_"
[root@elk122 ~]# curl 192.168.1.121:9200
{
"name" : "elk121",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "_na_",
"version" : {
"number" : "7.17.5",
"build_flavor" : "default",
"build_type" : "rpm",
"build_hash" : "8d61b4f7ddf931f219e3745f295ed2bbc50c8e84",
"build_date" : "2022-06-23T21:57:28.736740635Z",
"build_snapshot" : false,
"lucene_version" : "8.11.1",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
故障原因:
如果遇到集群的uuid为"_na_"情况时,一般是因为多网卡环境导致的。
解决方案:
1、执行如下操作:
[root@elk121 ~]# systemctl stop elasticsearch.service
[root@elk121 ~]# rm -rf /var/lib/elasticsearch/* /var/log/elasticsearch/* /tmp/*
[root@elk121 ~]# systemctl start elasticsearch.service
2、复制第56行内容修改ES服务监听对外暴露服务的地址为192.168.1.121,具体内容如下
[root@elk121 ~]# vim +56 /etc/elasticsearch/elasticsearch.yml
network.host: 192.168.1.121
3、假如上面原因还是不行的话,建议更换成单网卡环境
[root@elk121 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1
…
…
ONBOOT="no"
…
…
[root@elk121 ~]# systemctl restart network
再次测试·
[root@elk122 ~]# curl 192.168.1.121:9200
{
"name" : "elk121",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "FVBP_Uu6RQaLkoDdPBSx2Q",
"version" : {
"number" : "7.17.5",
"build_flavor" : "default",
"build_type" : "rpm",
"build_hash" : "8d61b4f7ddf931f219e3745f295ed2bbc50c8e84",
"build_date" : "2022-06-23T21:57:28.736740635Z",
"build_snapshot" : false,
"lucene_version" : "8.11.1",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}