如何基于Oracle Linux 9.x部署Elasticsearch?

Elastic Stack

1 基础知识

1.1 Elasticsearch的简介

– Elasticsearch是一个分布式、RESTful风格和数据分析引擎
– Elasticsearch能够应对不断涌现的各种用例
– Elasticsearch作为Elastic堆栈的核心可集中存储你的数据

1.2 Elasticsearch的特点

1.2.1 架构的优点

– 弹性扩展,分布式部署,可随时进行横向扩展或称增加节点
– 高可用性,多个节点集群联合提供索引和搜索功能,正分片节点故障可自动故障转移至副分片节点
– 节点修复,自动使用副本代替故障节点
– 分片平衡,集群自动管理并平行正副分片的分布
– 机架意识,自动分开正副分片存储位置,确保正副分片不在同一物理节点、同一个机架或同一分区
– 集群复制,支持跨集群复制(CCR)将远程集群数据中的索引复制到本地集群中(支持跨数据中心)

1.2.2 数据阶层管理

– 热节点,有更新且可查询
– 温节点,无更新但可查询
– 冷节点,无更新且少查询
– 删节点,无更新且无查询

1.3.3 索引管理

– 允许用户定义自动执行策略控制某个索引四个阶段的停留时间
– 允许用户定义自动执行的各个节点针对索引所采取的行动集合

1.3.4 快照备份

– Elasticsearch支持快照备份单个索引或集群
– Elasticsearch支持快照存储到共享文件系统中
– Elasticsearch支持通过插件支持远程存储库
– Elasticsearch支持对象存储(Amazon S3、Azure Storage或Google Cloud Storage)备份分片
– Elasticsearch支持快照生命周期管理(SLM)API能够允许管理员定义集群的快照的频率
– Elasticsearch支持通过专属UI与SLM允许定义快照保留时限、自动创建和删除时间
– Elasticsearch支持支持直接从快照中查询索引(无需还原数据即可查询)
– Elasticsearch支持存元数据快照(只包含字段和索引元数据,不包含索引或文件所以占用空间只有50%且不能搜索)

2 最佳实践

2.1 环境信息

OS = Oracle Linux 9.x x86_64
IP Address = any
Host Name = any

2.2 安装前的准备

2.2.1 基本环境配置

如何完成CentOS 7.x的基本服务?

2.2.2 配置安装源

vim /etc/yum.repos.d/elasticsearc.repo

加入如下配置,

[elasticsearch]
name=Elasticsearch repository for 8.x packages
baseurl=https://artifacts.elastic.co/packages/8.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

2.3 安装elasticsearch

2.3.1 安装指定的版本

dnf install -y elasticsearch-8.11.3

2.3.2 修改服务控制脚本

vim /usr/lib/systemd/system/elasticsearch.service

文件修改如下,

[Unit]
Description=Elasticsearch
Documentation=https://www.elastic.co
Wants=network-online.target
After=network-online.target

[Service]
Type=notify
NotifyAccess=all
RuntimeDirectory=elasticsearch
PrivateTmp=true
Environment=ES_HOME=/usr/share/elasticsearch
Environment=ES_PATH_CONF=/etc/elasticsearch
Environment=PID_DIR=/var/run/elasticsearch
Environment=ES_SD_NOTIFY=true
EnvironmentFile=-/etc/sysconfig/elasticsearch

WorkingDirectory=/usr/share/elasticsearch

User=elasticsearch
Group=elasticsearch
ExecStartPre=/usr/bin/bash -c "mkdir -p ${PID_DIR}; chown ${User}:${Group} ${PID_DIR}"
ExecStart=/usr/share/elasticsearch/bin/systemd-entrypoint -p ${PID_DIR}/elasticsearch.pid --quiet

StandardOutput=journal
StandardError=inherit
LimitNOFILE=65535
LimitNPROC=4096
LimitAS=infinity
LimitFSIZE=infinity
TimeoutStopSec=0
KillSignal=SIGTERM
KillMode=process
SendSIGKILL=no
SuccessExitStatus=143
TimeoutStartSec=900

[Install]
WantedBy=multi-user.target

以上修改的是加粗部分,然后你需要使用如下命令重载服务使配置生效,

systemctl daemon-reload

2.3.3 启动服务并设置自启动

systemctl start elasticsearch.service
systemctl enable elasticsearch.service

另外,建议你使用如下命令检查服务状态,

systemctl status elasticsearch.service

可见如下提示,

● elasticsearch.service - Elasticsearch
     Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; preset: disabled)
     Active: active (running) since Mon 2024-01-08 11:10:21 CST; 11s ago
       Docs: https://www.elastic.co
    Process: 5750 ExecStartPre=/usr/bin/bash -c mkdir -p ${PID_DIR}; chown ${User}:${Group} ${PID_DIR} (code=exited, status=0/SUCCESS)
   Main PID: 5769 (java)
      Tasks: 78 (limit: 47368)
     Memory: 4.0G
        CPU: 39.172s
     CGroup: /system.slice/elasticsearch.service
             ├─5769 /usr/share/elasticsearch/jdk/bin/java -Xms4m -Xmx64m -XX:+UseSerialGC -Dcli.name=server -Dcli.script=/usr/share/elasticsearch/bin/elas>
             ├─5827 /usr/share/elasticsearch/jdk/bin/java -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -Djava.security.manag>
             └─5847 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller

Jan 08 11:10:02 elasticsearch01.cmdschool.org systemd[1]: Starting Elasticsearch...
Jan 08 11:10:05 elasticsearch01.cmdschool.org systemd-entrypoint[5769]: Jan 08, 2024 11:10:05 AM sun.util.locale.provider.LocaleProviderAdapter 
Jan 08 11:10:05 elasticsearch01.cmdschool.org systemd-entrypoint[5769]: WARNING: COMPAT locale provider will be removed in a future release
Jan 08 11:10:21 elasticsearch01.cmdschool.org systemd[1]: Started Elasticsearch.

由以上可知elasticsearch是由Java开发的,如果需要查询运行的进程号,可使用如下命令,

/usr/share/elasticsearch/jdk/bin/jps

可见如下显示,

5921 Jps
5827 Elasticsearch
5769 CliToolLauncher

或者,也可以使用如下命令,

pgrep -u elasticsearch java -a

可见如下显示,

5769 /usr/share/elasticsearch/jdk/bin/java -Xms4m -Xmx64m -XX:+UseSerialGC -Dcli.name=server -Dcli.script=/usr/share/elasticsearch/bin/elasticsearch -Dcli.libs=lib/tools/server-cli -Des.path.home=/usr/share/elasticsearch -Des.path.conf=/etc/elasticsearch -Des.distribution.type=rpm -cp /usr/share/elasticsearch/lib/*:/usr/share/elasticsearch/lib/cli-launcher/* org.elasticsearch.launcher.CliToolLauncher -p /var/run/elasticsearch/elasticsearch.pid --quiet
5827 /usr/share/elasticsearch/jdk/bin/java -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -Djava.security.manager=allow -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Dlog4j2.formatMsgNoLookups=true -Djava.locale.providers=SPI,COMPAT --add-opens=java.base/java.io=org.elasticsearch.preallocate -XX:+UseG1GC -Djava.io.tmpdir=/tmp/elasticsearch-159787212663564361 --add-modules=jdk.incubator.vector -XX:+HeapDumpOnOutOfMemoryError -XX:+ExitOnOutOfMemoryError -XX:HeapDumpPath=/var/lib/elasticsearch -XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,level,pid,tags:filecount=32,filesize=64m -Xms3721m -Xmx3721m -XX:MaxDirectMemorySize=1951399936 -XX:G1HeapRegionSize=4m -XX:InitiatingHeapOccupancyPercent=30 -XX:G1ReservePercent=15 -Des.distribution.type=rpm --module-path /usr/share/elasticsearch/lib --add-modules=jdk.net --add-modules=ALL-MODULE-PATH -m org.elasticsearch.server/org.elasticsearch.bootstrap.Elasticsearch

然后,服务倾听的端口可使用如下命令,

for i in `pgrep -u elasticsearch java`; do netstat -anp | grep $i; done

可见如下显示,

unix  3      [ ]         STREAM     CONNECTED     34215    5769/java            
tcp6       0      0 ::1:9300                :::*                    LISTEN      5827/java           
tcp6       0      0 127.0.0.1:9300          :::*                    LISTEN      5827/java           
tcp6       0      0 :::9200                 :::*                    LISTEN      5827/java           
unix  3      [ ]         STREAM     CONNECTED     35982    5827/java            
unix  2      [ ]         STREAM     CONNECTED     35979    5827/java            
unix  3      [ ]         STREAM     CONNECTED     35981    5827/java   

注:可见当前配置并不适合生产环境

2.3.4 修改配置文件

cp /etc/elasticsearch/elasticsearch.yml /etc/elasticsearch/elasticsearch.yml.default
vim /etc/elasticsearch/elasticsearch.yml

修改如下配置,

path.data: /data/elasticsearch
path.logs: /var/log/elasticsearch
network.host: _ens192:ipv4_
http.port: 9200
xpack.security.enabled: false
xpack.security.enrollment.enabled: false
xpack.security.http.ssl:
  enabled: false
  keystore.path: certs/http.p12
xpack.security.transport.ssl:
  enabled: false
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
cluster.initial_master_nodes: ["elasticsearch.cmdschool.org"]
http.host: 0.0.0.0

根据配置文件创建服务所需的目录,

mkdir -p /data/elasticsearch
chown elasticsearch:elasticsearch /data/elasticsearch
chmod 750 /data/elasticsearch
chmod g+s /data/elasticsearch

另外,建议修改JVM内存值,

vim /etc/elasticsearch/jvm.options

修改如下配置,

-Xms6g
-Xmx6g

重启服务使配置生效,

systemctl restart elasticsearch.service

2.3.5 测试节点

curl -k http://localhost:9200 | jq

可见如下输出,

{
  "name": "elasticsearch.cmdschool.org",
  "cluster_name": "elasticsearch",
  "cluster_uuid": "tMf9ASzLQ0eqwBAdIdXPFw",
  "version": {
    "number": "8.11.3",
    "build_flavor": "default",
    "build_type": "rpm",
    "build_hash": "64cf052f3b56b1fd4449f5454cb88aca7e739d9a",
    "build_date": "2023-12-08T11:33:53.634979452Z",
    "build_snapshot": false,
    "lucene_version": "9.8.0",
    "minimum_wire_compatibility_version": "7.17.0",
    "minimum_index_compatibility_version": "7.0.0"
  },
  "tagline": "You Know, for Search"
}

参阅文档
=============

安装教程
———-
https://www.elastic.co/guide/en/elasticsearch/reference/8.11/rpm.html
https://www.elastic.co/guide/en/elastic-stack/current/index.html
https://www.elastic.co/guide/index.html

软件的下载
———–
https://www.elastic.co/cn/downloads/past-releases#elasticsearch
https://www.elastic.co/cn/downloads/elasticsearch

产品首页
———–
https://www.elastic.co/cn/elasticsearch/

产品功能
———–
https://www.elastic.co/cn/elasticsearch/features

没有评论

发表回复

Elastic Stack
如何部署带安全认证的WinLogBeat?

1 前言 一个问题,一篇文章,一出故事。 由于笔者需要收集Windows的日志,于是本章将整理Win …

Elastic Stack
如何部署带安全认证的Filebeat与logstash集成?

1 前言 一个问题,一篇文章,一出故事。 本章将整理Filebeat与Logstash集成,然后通过 …

Elastic Stack
如何部署带安全认证的Logstash?

1 基础知识 1.1 软件简介 – Logstash是免费且开放的服务器端实时数据处理管 …