Rancher搭建ES容器集群
ES集群效果
检查集群状况
集群搭建步骤
FROM 192.168.30.113/library/java:latest
ENV TZ=Asia/Shanghai
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo '$TZ' > /etc/timezone
COPY elasticsearch /elasticsearch
RUN adduser elasticsearch
RUN chown -R elasticsearch:elasticsearch /elasticsearch
ENTRYPOINT ["/bin/bash","/elasticsearch/bin/start-escluster.sh"]
Dockerfile
#!/bin/bash
#change es config
ordinal=`env | grep podname | cut -d"=" -f2 | cut -d"-" -f2`
hostip=`env | grep hostip | cut -d"=" -f2`
seed_hosts=`env | grep seed_hosts | cut -d"=" -f2`
let severid=$ordinal 1
let hport=9700 $ordinal
let tport=9800 $ordinal
#sed -i "s/network.publish_host:.*/network.publish_host: $hostip/g" /elasticsearch/config/elasticsearch.yml
sed -i "s/discovery.seed_hosts:.*/discovery.seed_hosts: $seed_hosts/g" /elasticsearch/config/elasticsearch.yml
if [ $ordinal -eq 0 ];
then
sed -i "s/node.data:.*/node.data: false/g" /elasticsearch/config/elasticsearch.yml
else
sed -i "s/node.name:.*/node.name: node$severid/g" /elasticsearch/config/elasticsearch.yml
#sed -i "s/http.port:.*/http.port: $hport/g" /elasticsearch/config/elasticsearch.yml
#sed -i "s/transport.tcp.port:.*/transport.tcp.port: $tport/g" /elasticsearch/config/elasticsearch.yml
sed -i "s/node.data:.*/node.data: true/g" /elasticsearch/config/elasticsearch.yml
fi
# start es cluster
echo "start es cluster........"
su - elasticsearch -c /elasticsearch/bin/elasticsearch
start-escluster.sh
启动pod的时候传递根据需要创建pod的数量传递对应的环境变量参数
把master的pod映射到主机进行访问
1.创建一个DNS记录
2.通过主机浏览器访问ES集群
ES集群证书生成
1.添加卷映射
2.在pod中生成证书和密码
./elasticsearch-certutil cert --ip 192.168.30.106 --out /elasticsearch/config/certs/elastic-stack-ca.zip --pem
./elasticsearch-setup-passwords interactive --batch --url https://192.168.30.106:39200
3.修改elastic的配置yml文件,添加certs证书认证
cluster.name: "taishi-escluster"
node.name: node1
network.host: 0.0.0.0
http.port: 9200
transport.tcp.port: 9300
bootstrap.memory_lock: false
cluster.initial_master_nodes: [ "node1" ]
http.cors.enabled: true
http.cors.allow-origin: "*"
node.master: true
node.data: false
discovery.seed_hosts: ["127.0.0.1:9300"]
xpack.license.self_generated.type: basic
xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /elasticsearch/config/certs/instance/instance.key
xpack.security.http.ssl.certificate: /elasticsearch/config/certs/instance/instance.crt
xpack.security.http.ssl.certificate_authorities: /elasticsearch/config/certs/ca/ca.crt
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /elasticsearch/config/certs/instance/instance.key
xpack.security.transport.ssl.certificate: /elasticsearch/config/certs/instance/instance.crt
xpack.security.transport.ssl.certificate_authorities: /elasticsearch/config/certs/ca/ca.crt
elasticsearch.yml
4.验证https登录es
5.集群https访问成功
6.总结
1.需要手动执行命令生成证书和密码
2.需要手动传入所有pod的名称discovery.seed_hosts.示例 : ["elastic-0.elastic","elastic-1.elastic"]
3.需要手动把证书目录拷贝到集群的所有主机的映射卷上
7.程序访问es
虽然在浏览器中可以通过集群中任何一个主机的39200端口访问es集群 但是通过程序访问的时候就必须设置在生成证书时候指定的IP地址 否则会出现下面的错误
在生成证书的时候指定的IP是30.106 那么在应用中配置es连接信息的时候就只能用30.106不能用集群中的其他IP地址
修改成在命令中指定的主机
缺点
同一个主机上如果被分配同一个类型的多个Pod,这些Pod挂载的卷是同一个主机目录.这种情况Pod中的数据存储是会发生异常的。
在集群的规划上.集群中的每个主机上只能运行一个类型相同的有状态的Pod.无状态的Pod可以运行多个
可以做个端口映射每次在主机上启动一个Pod,就监听主机上一个指定的端口。这样当主机上再启动另外一个Pod的时候由于主机端口被占用而无法成功运行
ES重启集群不需要重新生成证书
Kibana的安装
1.拉取一个kibana的镜像
2.映射pod中kibana应用的配置文件目录
3.配置kibana.yml文件内容
server.name: kibana
server.host: "0"
#xpack.monitoring.ui.container.elasticsearch.enabled: true
##
#### X-Pack security credentials
##
elasticsearch.hosts: [ "https://192.168.30.106:39200/" ]
monitoring.ui.container.elasticsearch.enabled: true
elasticsearch.username: kibana_system
elasticsearch.password: Trar@123
elasticsearch.ssl.certificateAuthorities: /usr/share/kibana/config/ca.crt
elasticsearch.ssl.verificationMode: certificate
server.ssl.enabled: true
server.ssl.certificate: /usr/share/kibana/config/instance.crt
server.ssl.key: /usr/share/kibana/config/instance.key
kibana.yml
4.创建kibana的service
5.访问kibana页面
ES容器集群自动生成证书
1.使用sidecar模式来自动为es生成证书
2.查看日志
3.sidecar容器启动脚本
#!/bin/bash
ordinal=`env | grep podname | cut -d"=" -f2 | cut -d"-" -f2`
hostip=`env | grep hostip | cut -d"=" -f2`
passwd=`env | grep espassword | cut -d"=" -f2`
esport=9200
num=0
CAFile="/elasticsearch/config/certs/elastic-stack-ca.zip"
if [ $ordinal -eq 0 ];
then
while [[ $num -le 0 ]]
do
num=`ss -anp | grep $esport | wc -l`
echo "检测es服务未启动................"
done
if [ ! -f "$CAFile" ];
then
echo "开始创建es证书..............."
/elasticsearch/bin/elasticsearch-certutil cert --ip $hostip --out /elasticsearch/config/certs/elastic-stack-ca.zip --pem
echo "证书生成完毕.............."
echo "开始解压CA证书.............."
cd /elasticsearch/config/certs/ && unzip ./elastic-stack-ca.zip
echo "解压CA证书完毕................"
else
echo "CA证书文件已经存在,不需要重新生成........."
fi
echo "开始生成用户名和密码"
echo $passwd
expect <<EOF
spawn /elasticsearch/bin/elasticsearch-setup-passwords interactive --batch --url https://$hostip:$esport
expect {
"elastic" { send "$passwd\n";exp_continue}
"elastic" { send "$passwd\n";exp_continue}
"apm_system" { send "$passwd\n";exp_continue}
"apm_system" { send "$passwd\n";exp_continue}
"kibana_system" { send "$passwd\n";exp_continue}
"kibana_system" { send "$passwd\n";exp_continue}
"logstash_system" { send "$passwd\n";exp_continue}
"logstash_system" { send "$passwd\n";exp_continue}
"beats_system" { send "$passwd\n";exp_continue}
"beats_system" { send "$passwd\n";exp_continue}
"remote_monitoring_user" { send "$passwd\n";exp_continue}
"remote_monitoring_user" { send "$passwd\n"}
}
expect eof
EOF
echo "用户名和密码生成完毕................."
fi
tail -f /dev/null
start-esca.sh
4.es主容器启动脚本
#!/bin/bash
#change es config
ordinal=`env | grep podname | cut -d"=" -f2 | cut -d"-" -f2`
hostip=`env | grep hostip | cut -d"=" -f2`
seed_hosts=`env | grep seed_hosts | cut -d"=" -f2`
let severid=$ordinal 1
let hport=9700 $ordinal
let tport=9800 $ordinal
#sed -i "s/network.publish_host:.*/network.publish_host: $hostip/g" /elasticsearch/config/elasticsearch.yml
sed -i "s/discovery.seed_hosts:.*/discovery.seed_hosts: $seed_hosts/g" /elasticsearch/config/elasticsearch.yml
if [ $ordinal -eq 0 ];
then
sed -i "s/node.data:.*/node.data: false/g" /elasticsearch/config/elasticsearch.yml
else
sed -i "s/node.name:.*/node.name: node$severid/g" /elasticsearch/config/elasticsearch.yml
#sed -i "s/http.port:.*/http.port: $hport/g" /elasticsearch/config/elasticsearch.yml
#sed -i "s/transport.tcp.port:.*/transport.tcp.port: $tport/g" /elasticsearch/config/elasticsearch.yml
sed -i "s/node.data:.*/node.data: true/g" /elasticsearch/config/elasticsearch.yml
fi
# start es cluster
echo "start es cluster........"
su - elasticsearch -c /elasticsearch/bin/elasticsearch
start-escluster.sh
5. 重新生成es密码
1.删除elasticsearch目录下的data下的文件即可
2.删除elasticsearch目录下的config目录下的elasticsearch.keystore
命令行初始化ES数据
curl -XGET 192.168.30.75:9200/_cat/templates
curl -XGET https://192.168.30.75:9200/_cat/templates --insecure
curl -XGET https://elastic:Transfar@123@192.168.30.75:9200/_cat/templates --insecure
curl --user elastic:Transfar@123 -XGET https://192.168.30.75:9200/_cat/templates --insecure
初始化es的索引模板
curl --insecure --user elastic:Transfar@123 -XPUT https://192.168.30.75:9200/_template/event '{'
{"error":{"root_cause":[{"type":"parse_exception","reason":"request body is required"}],"type":"parse_exception","reason":"request body is required"},"status":400}
curl --insecure --user elastic:Transfar@123 -XPUT https://192.168.30.75:9200/_template/event -d'{
{"error":"Content-Type header [application/x-www-form-urlencoded] is not supported","status":406}
-H 表示提交消息的类型
curl --insecure -H "Content-Type: application/json" --user elastic:Transfar@123 -XPUT https://192.168.30.75:9200/_template/event -d'{
"order" : 0,
"index_patterns" : [
"event*"
],
"settings" : {
"index" : {
"number_of_shards" : "2",
"number_of_replicas" : "1",
"refresh_interval": "30s"
}
},
"mappings" : {
"properties" : {
"src_port" : {
"type" : "long"
},
"log_id" : {
"type" : "keyword"
},
"event_id" : {
"type" : "keyword"
},
"event_type" : {
"type" : "keyword"
},
"occur_time" : {
"type" : "date"
},
"dst_address" : {
"type" : "ip"
},
"src_address" : {
"type" : "ip"
},
"dst_port" : {
"type" : "long"
},
"receive_time" : {
"type" : "date"
},
"event_name" : {
"type" : "keyword"
},
"dev_address" : {
"type" : "keyword"
},
"event_type_name" : {
"type" : "keyword"
}
}
},
"aliases" : { }
}'
curl操作ES
这篇好文章是转载于:学新通技术网
- 版权申明: 本站部分内容来自互联网,仅供学习及演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,请提供相关证据及您的身份证明,我们将在收到邮件后48小时内删除。
- 本站站名: 学新通技术网
- 本文地址: /boutique/detail/tanhibgaka
-
photoshop保存的图片太大微信发不了怎么办
PHP中文网 06-15 -
word里面弄一个表格后上面的标题会跑到下面怎么办
PHP中文网 06-20 -
photoshop扩展功能面板显示灰色怎么办
PHP中文网 06-14 -
《学习通》视频自动暂停处理方法
HelloWorld317 07-05 -
TikTok加速器哪个好免费的TK加速器推荐
TK小达人 10-01 -
Android 11 保存文件到外部存储,并分享文件
Luke 10-12 -
微信公众号没有声音提示怎么办
PHP中文网 03-31 -
excel下划线不显示怎么办
PHP中文网 06-23 -
微信运动停用后别人还能看到步数吗
PHP中文网 07-22 -
excel打印预览压线压字怎么办
PHP中文网 06-22