Skip to main content
Version: v22.10

Elasticsearch

假设有如下服务器用于设置 Elasticsearch 集群:

  • Elasticsearch Node 1 192.168.1.6
  • Elasticsearch Node 2 192.168.1.7
  • Elasticsearch Node 3 192.168.1.9

1. 配置 Node 1

登录 Elasticsearch Node 1 192.168.1.6 并切换工作目录

cd /data/tencent-survey-v22.10.1-amd64

执行以下命令生成证书

证书生成后将放置于 etc/elasticsearch/certs/elastic-certificates.p12,需要将该证书拷贝至其他 Elasticsearch 节点

docker compose -f docker-compose-certsgen.yaml up

修改 docker-compose-pass.yaml 文件,services 部分仅保留以下配置,同时修改 discovery.zen.ping.unicast.hostsnetwork.host 为实际 IP 地址

name: "tencent-survey"
version: "3.9"
services:
    elasticsearch-server:
        privileged: ${PRIVILEGED}
        restart: always
        image: "${IMAGE_ELASTICSEARCH}"
        container_name: elasticsearch-server
        volumes:
            - ./var/lib/elasticsearch/:/usr/share/elasticsearch/data/
            - ./etc/elasticsearch/certs:/usr/share/elasticsearch/config/certs
        environment:
            - cluster.name=docker-cluster
            - bootstrap.memory_lock=true
            - "ES_JAVA_OPTS=-Xms1g -Xmx1g"
            - discovery.zen.ping.unicast.hosts=192.168.1.6,192.168.1.7,192.168.1.8
            - network.host=192.168.1.6
            - ELASTIC_PASSWORD=${ES_PASSWORD}
            - xpack.security.enabled=true
            - xpack.security.transport.ssl.enabled=true
            - xpack.security.transport.ssl.verification_mode=certificate
            - xpack.security.transport.ssl.keystore.path=certs/elastic-certificates.p12
            - xpack.security.transport.ssl.truststore.path=certs/elastic-certificates.p12
            - xpack.ml.enabled=false
            - TZ=Asia/Shanghai
        network_mode: "host"
        ulimits:
            memlock:
                soft: -1
                hard: -1
            nofile:
                soft: 65535
                hard: 65535
        ports:
            - 9200:9200
        healthcheck:
            test: ["CMD", "curl", "-f", "http://elastic:${ES_PASSWORD}@${ES_SERVER}:9200/_cluster/health?pretty&wait_for_status=yellow&timeout=10s"]

2. 启动 Node 1

注意:启动 Docker Compose 之前需要设置 vm.max_map_count 至少为 262144,否则 Elasticsearch 无法启动。

sudo sysctl -w vm.max_map_count=262144
docker compose -f docker-compose-paas.yaml up

3. 验证 Node 1

通过执行以下命令来确认 Node 1 已经成功启动

curl elastic:$ES_PASSWORD@192.168.1.6:9200/_cat/nodes\?v\&pretty

# 正常情况下会有类似如下输出:
# ip           heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name
# 192.168.1.6           61          79   2    0.10    0.36     0.39 mdi       -      erqssq9

4. 配置 Node 2

将 Node 1 的证书 etc/elasticsearch/certs/elastic-certificates.p12 拷贝至 Node 2 工作目录下 etc/elasticsearch/certs

修改 docker-compose-pass.yaml 文件,services 部分仅保留以下配置,同时修改 discovery.zen.ping.unicast.hostsnetwork.host 为实际 IP 地址

name: "tencent-survey"
version: "3.9"
services:
    elasticsearch-server:
        privileged: ${PRIVILEGED}
        restart: always
        image: "${IMAGE_ELASTICSEARCH}"
        container_name: elasticsearch-server
        volumes:
            - ./var/lib/elasticsearch/:/usr/share/elasticsearch/data/
            - ./etc/elasticsearch/certs:/usr/share/elasticsearch/config/certs
        environment:
            - cluster.name=docker-cluster
            - bootstrap.memory_lock=true
            - "ES_JAVA_OPTS=-Xms1g -Xmx1g"
            - discovery.zen.ping.unicast.hosts=192.168.1.6,192.168.1.7,192.168.1.8
            - network.host=192.168.1.7
            - ELASTIC_PASSWORD=${ES_PASSWORD}
            - xpack.security.enabled=true
            - xpack.security.transport.ssl.enabled=true
            - xpack.security.transport.ssl.verification_mode=certificate
            - xpack.security.transport.ssl.keystore.path=certs/elastic-certificates.p12
            - xpack.security.transport.ssl.truststore.path=certs/elastic-certificates.p12
            - xpack.ml.enabled=false
            - TZ=Asia/Shanghai
        network_mode: "host"
        ulimits:
            memlock:
                soft: -1
                hard: -1
            nofile:
                soft: 65535
                hard: 65535
        ports:
            - 9200:9200
        healthcheck:
            test: ["CMD", "curl", "-f", "http://elastic:${ES_PASSWORD}@${ES_SERVER}:9200/_cluster/health?pretty&wait_for_status=yellow&timeout=10s"]

5. 启动 Node 2

sudo sysctl -w vm.max_map_count=262144
docker compose -f docker-compose-paas.yaml up

6. 验证 Node 2

通过执行以下命令来确认 Node 2 已经成功启动

curl elastic:$ES_PASSWORD@192.168.1.7:9200/_cat/nodes\?v\&pretty

# 正常情况下会有类似如下输出:
# ip           heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name
# 192.168.1.7           61          79   2    0.10    0.36     0.39 mdi       -      Wndi3ZF

7. 配置其他 Node

重复 Node 2 的配置步骤

8. 验证集群状态

curl elastic:$ES_PASSWORD@192.168.1.6:9200/_cat/nodes\?v\&pretty

# 正常情况下会有类似如下输出:
# ip           heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name
# 192.168.1.6           61          79   2    0.10    0.36     0.39 mdi       -      erqssq9
# 192.168.1.7           60          80   1    0.03    0.22     0.34 mdi       *      Wndi3ZF

9. 修改 Elasticsearch 连接地址

登录所有应用服务器并切换至工作目录,修改 .env 中以下配置为 Elasticsearch Node 1 的实际连接信息:

# Elasticsearch 6.8
ES68_HOST=elastic:$ES_PASSWORD@192.168.1.6:9200
# Elasticsearch 6.8 for log
LOG_ES_HOST=elastic:$ES_PASSWORD@192.168.1.6:9200

注意,需要在所有应用服务器中重复执行

修改完成后,使用以下命令重启所有应用服务:

docker compose -f docker-compose.yaml restart

其他

更多详细信息,可参考 Elasticsearch 6.8 官方配置文档