es集群搭建(6.8.2版本)
作者:互联网
es搭建
#!/bin/bash echo "请确保文件"elasticsearch-6.8.2.tar.gz,TencentKona8.0.6.b2-internal_jdk_linux-x86_64_8u292.tar.gz"已上传到/root目录" echo "自动化安装elasticsearch-6.4.3三台服务器集群:" if [ -f /root/TencentKona8.0.6.b2-internal_jdk_linux-x86_64_8u292.tar.gz ];then tar -xf /root/TencentKona8.0.6.b2-internal_jdk_linux-x86_64_8u292.tar.gz -C /usr/local cd /usr/local ln -s TencentKona-8.0.6-292 jdk cat >> /etc/profile << 'EOF' export JAVA_HOME=/usr/local/jdk export JAVA_BIN=/usr/local/jdk/bin export PATH=$PATH:$JAVA_HOME/bin export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar EOF source /etc/profile java -version echo "###完成jdk1.8安装(注意:如果发现java -version未正确返回,请重新打开ssh会话或者手动执行下:source /etc/profile)###" else echo "请把相应的包上传到/root目录,再进行下一步!" exit 0 fi read -p "请根据实际数据挂载盘输入es安装的主目录(建议/data):" maindir echo "---3台机均需执行该脚本,下面进行es集群创建---" cat >>/etc/sysctl.conf<<EOF vm.swappiness = 0 vm.max_map_count = 655360 EOF sysctl -p cat >>/etc/security/limits.conf<<EOF es soft nofile 65535 es hard nofile 65535 es soft nproc 4096 es hard nproc 4096 es memlock unlimited EOF if [ -f /root/elasticsearch-6.8.2.tar.gz ];then mkdir $maindir tar -xf /root/elasticsearch-6.8.2.tar.gz -C $maindir cd $maindir mv elasticsearch-6.8.2 es ip a read -p "请输入当前服务器ip地址:" ip read -p "请输入es集群第1台服务器的ip:" ip1 read -p "请输入es集群第2台服务器的ip:" ip2 read -p "请输入es集群第3台服务器的ip:" ip3 read -p "请输入当前节点名称(譬如:node-x):" node cat >>$maindir/es/config/elasticsearch.yml <<EOF cluster.name: es-cluster node.name: $node node.master: true node.data: true path.data: $maindir/es/data path.logs: $maindir/es/logs network.host: $ip http.port: 9200 transport.tcp.port: 9300 discovery.zen.ping.unicast.hosts: ["$ip1:9300","$ip2:9300","$ip3:9300"] discovery.zen.minimum_master_nodes: 1 xpack.security.enabled: true xpack.security.authc.accept_default_password: true xpack.security.transport.ssl.enabled: true EOF mkdir -p $maindir/es/config/certs cd $maindir/es/config free -h |grep Mem|awk '{print $2}' #sed -i "s/-Xms1g/-Xms${mem}/g" jvm.options (mem设置为本机内存的一半) #sed -i "s/-Xmx1g/-Xmx${mem}/g" jvm.options sed -i "/appender.rolling.strategy.action.condition.glob =/a\appender.rolling.strategy.action.condition.nested_condition.type = IfLastModified" log4j2.properties sed -i "/appender.rolling.strategy.action.condition.nested_condition.type = IfLastModified/a\appender.rolling.strategy.action.condition.nested_condition.age = 60D" log4j2.properties sed -i "s/appender.rolling.strategy.action.condition.nested_condition.exceeds = 2GB/#appender.rolling.strategy.action.condition.nested_condition.exceeds = 2GB/g" log4j2.properties sed -i "s/appender.rolling.strategy.action.condition.nested_condition.type = IfAccumulatedFileSize/#appender.rolling.strategy.action.condition.nested_condition.type = IfAccumulatedFileSize/g" log4j2.properties adduser es chown -R es /home/es chown -R es $maindir/es cat >>/etc/profile <<EOF PATH=\$PATH:$maindir/es/bin export PATH EOF source /etc/profile su - es <<EOF $maindir/es/bin/elasticsearch -d; exit; EOF sleep 2 else echo "请把相应的包上传到/root目录,再进行下一步!" exit 0 fi echo "启动es操作:su es $maindir/es/bin/elasticsearch -d 在Elasticsearch目录中运行命令:./bin/elasticsearch-setup-passwords interactive,切记切换到es用户执行,回车之后为每一个用户设置独立的密码。记住ES实例必须启动。 你需要在后续步骤中使用这些内置用户,因此务必牢记前面设置的密码!elastic, kibana, logstash_system,beats_system 想要建立以安全的ES集群,请往下看: 开启ES集群的安全认证之路 (这里说明一下,ES集群之间的节点是通过凭证来通信的,所以才有生成凭证这一步骤) 1. 生成证书: ./bin/elasticsearch-certutil ca 中间会让输入路径跟密码,路径可以不输,直接回车,但是密码还要设置一下的,为了安全嘛,我们就假定密码就是:123456 完成后会生成一个文件:elastic-stack-ca.p12 2.生成秘钥 bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 中间需要输入刚才设置的密码就直接输入就可以了,需要输入路径的地方就直接回车,别输了,然后会生成一个文件:elastic-certificates.p12 这个就是ES的各个节点之间通信的凭证了。 这里说明一下,一个ES集群生成一个凭证就可以了,其他节点不需要生成凭证。 3.将凭证迁移到指定目录,并发送到其他节点 mv /bin/elastic-certificates.p12 /data/es/config/certs/ cat >> /data/es/config/elasticsearch.yml <<EOF xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12 EOF ./elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password 输入生成证书的密码 ./elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password 输入生成证书的密码 各节点重启es" echo "在所有节点都完成部署之后,输入以下命令查看集群状态 curl http://$ip:9200/_cat/nodes?v -uelastic"
标签:tar,jdk,gz,etc,集群,elasticsearch,es,6.8 来源: https://www.cnblogs.com/soymilk2019/p/16116034.html