前言
前面介紹了es7相關的一些用法。這一節我們來實踐下集羣高可用搭建,以及賬號權限的配置。之前看了很多博主介紹的都是從主模式,主節點掛了集羣也就不能對外服務了。
目前使用的最新版本7.6.0。賬號配置需要破解x-pack包。(如果不需要設置密碼可以忽略)
配置
集羣間證書認證
不需要用戶權限配置可以忽略。
## 在 $ES_HOME 目錄下執行
bin/elasticsearch-certutil ca
## 直接回車默認是生成文件 elastic-stack-ca.p12
Please enter the desired output file [elastic-stack-ca.p12]:
...
# 生成 elastic-stack-ca.p12後,執行命令elasticsearch-certutil
bin/elasticsearch-certutil cert --ca $ES_HOME/elastic-stack-ca.p12
...
# 直接回車生成elastic-certificates.p12文件
# 然後將生成的文件拷貝到各個節點的config下
elasticsearch.yml
主節點:
# 集羣名稱
cluster.name: "es_cluster"
# 節點名稱 master1
node.name: master1
# 是否可以成爲master節點
node.master: true
# 是否允許該節點存儲數據,默認開啓
node.data: true
# 網絡綁定,這裏我綁定 0.0.0.0,支持外網訪問
network.host: ["0.0.0.0"]
# 設置對外服務的http端口,默認爲9200
http.port: 9200
# 支持跨域訪問
http.cors.enabled: true
http.cors.allow-origin: "*"
# 設置節點間交互的tcp端口,默認是9300
transport.tcp.port: 9300
# 集羣發現的節點ip
discovery.seed_hosts: ["dc_es1","dc_es2","dc_es3"]
# 手動指定可以成爲 mater 的所有節點的 name 或者 ip,這些配置將會在第一次選舉中進行計算
cluster.initial_master_nodes: ["dc_es1","dc_es2","dc_es3"]
# 數據倉儲位置
path.data: /data/es/data
path.logs: /data/es/logs
# 備份數據存儲路徑
path.repo: ["/data/es/backup"]
# 用戶權限配置,不止的用戶的可以忽略,
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
# es 應用是不鎖住jvm內存
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
如果你的集羣是三個節點,需要高可用配置。那麼其他兩個節點的配置只需要修改下node.name,另外cluster.initial_master_nodes 允許爲主節點的ip需要設置爲單數,如果集羣3個節點只配置了兩個個initial_master_nodes,cluster.initial_master_nodes: ["dc_es1","dc_es2"],當主節點掛了就有用以下異常:
[2020-02-25T13:56:16,123][WARN ][o.e.c.c.ClusterFormationFailureHelper] [master2] master not discovered yet: have discovered [{master2
}{2GvgG6GvStmPR2Z68wkQeg}{9jC8kh0gQuidUAMOoegSGA}{dc_es3}{dc_es3:9300}{dil}{ml.machine_memory=33520295936, xpack.installed=tru
e, ml.max_open_jobs=20}]; discovery will continue using [dc_es1:9300, 10.10.141.79:9300] from hosts providers and [{master}{0
OkhhL3LQGejjq5WNnGIdA}{1t0Pahd1SGmEH-M6G5WwNA}{dc_es1}{dc_es1:9300}{dilm}{ml.machine_memory=33520295936, ml.max_open_jobs=20,
xpack.installed=true}] from last-known cluster state; node term 8, last-accepted version 88 in term 8
[2020-02-25T13:56:24,610][WARN ][o.e.t.TcpTransport ] [master2] exception caught on transport layer [Netty4TcpChannel{localAddr
ess=/dc_es3:9300, remoteAddress=/dc_es:47282}], closing connection
io.netty.handler.codec.DecoderException: java.io.StreamCorruptedException: SSL/TLS request received but SSL/TLS is not enabled on th
is node, got (16,3,3,1)
密碼設置
任意節點下執行:bin/elasticsearch-setup-passwords interactive
會提示是否要設置6個賬號密碼[y/n],我們執行y,然後配置每個賬號的密碼就可以了。
驗證
配置好後,我們可以通過Elasticsearch-head查看集羣狀態。
當然也可用命令隨機查詢一臺節點。查看集羣狀態,主節點ip。如果沒有用戶–user可用省略
curl -XGET --user elastic:sZEXdEQr2I5iW6KxGxM2 'http://dc_es2:9200/_cat/nodes?v'
master下帶*號標記的就爲主節點,可用看到目前是節點名爲master1
此時關閉master1節點對應的es進程,如果配置正常集羣仍然是可用的。同樣發送curl命令。發現master2做爲主節點了,集羣能響應請求說明是高可用的。
然後我們再查看下具體的日誌
[2020-02-25T18:32:03,942][INFO ][o.e.c.s.MasterService ] [master2] node-left[{master1}{0OkhhL3LQGejjq5WNnGIdA}{Y0-fG9YVSIS7yh_yTwPpvg}{dc_es1}{dc_es1:9300}{dilm}{ml.machine_memory=33520295936, ml.max_open_jobs=20, xpack.installed=true} reason: disconnected], term: 15, version: 217, delta: removed {{master1}{0OkhhL3LQGejjq5WNnGIdA}{Y0-fG9YVSIS7yh_yTwPpvg}{dc_es1}{dc_es1:9300}{dilm}{ml.machine_memory=33520295936, ml.max_open_jobs=20, xpack.installed=true}}
[2020-02-25T18:32:03,976][INFO ][o.e.c.s.ClusterApplierService] [master2] removed {{master1}{0OkhhL3LQGejjq5WNnGIdA}{Y0-fG9YVSIS7yh_yTwPpvg}{dc_es1}{dc_es1:9300}{dilm}{ml.machine_memory=33520295936, ml.max_open_jobs=20, xpack.installed=true}}, term: 15, version: 217, reason: Publication{term=15, version=217}
[2020-02-25T18:32:03,990][INFO ][o.e.c.r.DelayedAllocationService] [master2] scheduling reroute for delayed shards in [59.9s] (5 delayed shards)
[2020-02-25T18:32:03,999][INFO ][o.e.i.s.IndexShard ] [master2] [app_reg_idfa][0] primary-replica resync completed with 0 operations
[2020-02-25T18:32:04,000][INFO ][o.e.i.s.IndexShard ] [master2] [.security-7][0] primary-replica resync completed with 0 operations
[2020-02-25T18:32:04,000][INFO ][o.e.i.s.IndexShard ] [master2] [app_active_idfa][0] primary-replica resync completed with 0 operations
[2020-02-25T18:33:03,458][INFO ][o.e.c.s.MasterService ] [master2] node-join[{master1}{0OkhhL3LQGejjq5WNnGIdA}{yJjSDIXPTZGsgK8XlH9vOg}{dc_es1}{dc_es1:9300}{dilm}{ml.machine_memory=33520295936, ml.max_open_jobs=20, xpack.installed=true} join existing leader], term: 15, version: 218, delta: added {{master1}{0OkhhL3LQGejjq5WNnGIdA}{yJjSDIXPTZGsgK8XlH9vOg}{dc_es1}{dc_es1:9300}{dilm}{ml.machine_memory=33520295936, ml.max_open_jobs=20, xpack.installed=true}}
[2020-02-25T18:33:03,805][INFO ][o.e.c.s.ClusterApplierService] [master2] added {{master1}{0OkhhL3LQGejjq5WNnGIdA}{yJjSDIXPTZGsgK8XlH9vOg}{dc_es1}{dc_es1:9300}{dilm}{ml.machine_memory=33520295936, ml.max_open_jobs=20, xpack.installed=true}}, term: 15, version: 218, reason: Publication{term=15, version=218}
[2020-02-25T18:33:04,676][INFO ][o.e.c.r.a.AllocationService] [master2] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[app_reg_idfa][0]]])
可以看到master節點離開,原因是disconnected,master2將master1移除,然後同步副本小於預值的索引。
現在我們重新啓動dc_es1上的master1,在執行curl命令。此時master1節點回來了,但是主節點仍然是替換後的master2。
客戶端集羣配置
restHighLevelClient
spring.elasticsearch.rest.uris=${ip1}:9200,${ip2}:${port}
spring.elasticsearch.rest.username=
spring.elasticsearch.rest.password=
jdbc
7.6.0版本,目前EsDataSource還沒有多個url配置,需要的話可以考慮lvs。