项目部署原因: 因为前期节点部署资源紧张导致es是单节点启动,目前因为访问量增加需要部署到集群.

集群版本:7.16.1

参考文档:
建议翻墙看,全是官方的不翻墙有点慢
https://www.elastic.co/guide/en/elasticsearch/reference/7.16/important-settings.html#unicast.hosts
https://www.elastic.co/guide/en/elasticsearch/reference/7.16/modules-node.html
https://www.elastic.co/guide/en/elasticsearch/reference/7.16/important-settings.html#unicast.hosts
单节点启动命令:

docker run -itd –name es -p 9200:9200 -p 9300:9300 -v /data/data_elk:/usr/share/elasticsearch/data -v /data/elk_docker/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12 -v /data/elk_docker/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml -e “discovery.type=single-node” elasticsearch:7.16.1

整体改造流程:

(1)修改单节点的docker 启动变量 (需要重启docker),修改配置文件

(2)其他节点部署并且加入集群

预备!!!开始!

1.修改单节点的docker 启动变量 (需要重启docker),修改配置文件

目前单节点运行情况:
[root@elk-3 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
acc8e54ec5dd 10.0.0.107/app/elasticsearch:7.16.1 “/bin/tini – /usr/l…” 36 minutes ago Up 20 minutes 0.0.0.0:9200->9200/tcp, 0.0.0.0:9300->9300/tcp es
[root@elk-3 ~]#

docker 的初始环境变量目录: /var/lib/docker/containers/
cd /var/lib/docker/containers/
[root@elk-3 containers]# ls
acc8e54ec5dd3208c6c1a574b5096d03a55281ddff85b3d9399eca992d69e4ac

[root@elk-3 containers]# cd acc8e54ec5dd3208c6c1a574b5096d03a55281ddff85b3d9399eca992d69e4ac/

进入此文件夹 然后查看到以下配置文件
[root@elk-3 acc8e54ec5dd3208c6c1a574b5096d03a55281ddff85b3d9399eca992d69e4ac]# ls
acc8e54ec5dd3208c6c1a574b5096d03a55281ddff85b3d9399eca992d69e4ac-json.log
config.v2.json
hostname
mounts
resolv.conf.hash
checkpoints
hostconfig.json
hosts
resolv.conf

其中使用config.v2.json

drwx—–x 4 root root 237 Apr 11 17:11 .
drwx—–x. 3 root root 78 Apr 11 17:00 …
-rw-r—– 1 root root 66618 Apr 11 17:01 acc8e54ec5dd3208c6c1a574b5096d03a55281ddff85b3d9399eca992d69e4ac-json.log
drwx—— 2 root root 6 Apr 11 17:00 checkpoints
-rw——- 1 root root 4039 Apr 11 17:11 config.v2.json #配置参数,包含ENV环境变量
-rw-r–r– 1 root root 1559 Apr 11 17:00 hostconfig.json #主机配置参数
-rw-r–r– 1 root root 13 Apr 11 17:00 hostname # 主机名称
-rw-r–r– 1 root root 174 Apr 11 17:00 hosts #域名解析文件
drwx—–x 2 root root 6 Apr 11 17:00 mounts
-rw-r–r– 1 root root 94 Apr 11 17:00 resolv.conf #dns 配置文件
-rw-r–r– 1 root root 71 Apr 11 17:00 resolv.conf.hash

修改文件需要停止服务
systemc stop docker

进入到config.v2.json文件中查找discovery.type=single-node 删除他

修改完字段后需要将原有elasticsearch.yml 文件进行修改

我的原有文件:

cluster.name: “es-cluster01”
network.host: 0.0.0.0
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
http.cors.enabled: true
http.cors.allow-origin: “*”

修改为如下文件然后需要将此行注释
#cluster.initial_master_nodes: [“10.0.0.30″,”10.0.0.31”]

cluster.name: “es-cluster01”
network.host: 0.0.0.0
network.publish_host : 10.0.0.30
node.name: node-10.0.0.30
http.cors.enabled: true
http.cors.allow-origin: “*”
node.master : true
node.data : true
http.port: 9200
transport.tcp.port: 9300
discovery.seed_hosts: [“10.0.0.30”,“10.0.0.31”]
#cluster.initial_master_nodes: [“10.0.0.30”,“10.0.0.31”]
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.keystore.type: PKCS12
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.type: PKCS12
xpack.security.audit.enabled: true

此时已经修改完成,步骤为

(1)修改 discovery.type=single-node
(2)修改 elasticsearch.yml
(3)与之前的老节点为相同的CA文件

2.其他节点部署并且加入集群

我是为了测试只加一个节点,默认的话是三个节点,或者6个节点防止脑裂.

加入节点部署

此脚本是之前是es集群的,此时用它部署es加入节点

#!/bin/bash
#********************************************************************
#Author:         liujinxin
#QQ:             942207953
#Date: 	         2021-12-29
#FileName：      docker_start_es.sh
#E-MAIL:         [email protected]
#Description：   The test script
#Copyright (C): 2021 All rights reserved
#********************************************************************
DOCKER_ES_VERSION='7.16.1'
DOCKER_IMAGEES="10.0.0.107/app/elasticsearch:${DOCKER_ES_VERSION}"
ECS_DATE='/usr/local/src/docker_ELK/data'
ECS_PLUGINS='/usr/local/src/docker_ELK/plugins1'
ECS_CA='/usr/local/src/docker_ELK/elastic-certificates.p12'
ECS_YML='/usr/local/src/docker_ELK/elasticsearch.yml'
ELK_DATE='/usr/share/elasticsearch/data'
ELK_PLUGINS='/usr/share/elasticsearch/plugins'
ELk_CA='/usr/share/elasticsearch/config/elastic-certificates.p12'
ELK_YML='/usr/share/elasticsearch/config/elasticsearch.yml'
volume="-v   ${ECS_YML}:${ELK_YML} \
        -v   ${ECS_DATE}:${ELK_DATE} \
        -v   ${ECS_PLUGINS}:${ELK_PLUGINS} \
        -v   ${ECS_CA}:${ELk_CA}"
Money='-e "ES_JAVA_OPTS=-Xms512m -Xmx512m"'
DOCKER_ELK_DIR='/usr/local/src/docker_ELK'
HTTP_PORT='9200'
TRANS_PORT='9300'
CA_NAME='elastic-certificates.p12'
PORT="-p ${HTTP_PORT}:${HTTP_PORT} -p ${TRANS_PORT}:${TRANS_PORT} "
#集群地址使用IP
cluster_1='10.0.0.30'
cluster_2='10.0.0.31'
cluster_3='10.0.0.32'
#FOR循环使用IP
IP="
10.0.0.30
10.0.0.31
10.0.0.32
"

#_______________________________________________________________________________________________________________
#ssh_key

SSH_KEY() {
    
PASS=123456
#设置网段最后的地址，4-255之间，越小扫描越快
END=254

IP=`ip a s eth0 | awk -F'[ /]+' 'NR==3{print $3}'`
NET=${IP%.*}.

rm -f /root/.ssh/id_rsa
[ -e ./SCANIP.log ] && rm -f SCANIP.log
for((i=3;i<="$END";i++));do
ping -c 1 -w 1  ${NET}$i &> /dev/null  && echo "${NET}$i" >> SCANIP.log &
done
wait

ssh-keygen -P "" -f /root/.ssh/id_rsa



apt  -y install sshpass || yum  -y install   sshpass 
sshpass -p $PASS ssh-copy-id -o StrictHostKeyChecking=no $IP 

AliveIP=(`cat SCANIP.log`)
for n in ${AliveIP[*]};do
sshpass -p $PASS scp -o StrictHostKeyChecking=no -r /root/.ssh root@${n}:
done

#把.ssh/known_hosts拷贝到所有主机，使它们第一次互相访问时不需要输入回车
for n in ${AliveIP[*]};do
scp /root/.ssh/known_hosts ${n}:.ssh/
done
}


#_______________________________________________________________________________________________________________

ES_cluster(){
    
COLOR="echo -e \\033[01;32m"
END='\033[0m'

${COLOR}使用脚本前请提前进入脚本查看,需要手动修改集群地址,并且修改yaml参数可以DIY${END}
${COLOR}创建单集群命令为 docker run -d -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node"   ${DOCKER_IMAGEES} ${END}
${COLOR}进入docker 容器 命令为  docker exec -it DOCKER_NAME  bash ${END}
${COLOR} 此脚本需要提前准备ca文件elastic-certificates.p12,创建方法为到es容器中执行./bin/elasticsearch-certutil ca 和./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 名字可以自己取${END}
${COLOR}此脚本需要集群文件夹配置相同,因为是跨主机行动所以比较复杂,请提前做好ssh-key验证,并且创建想对应目录${END}
${COLOR}docker_ES的数据目录在/usr/local/src/docker_ELK/下${END}
${COLOR}集群起来后,需要通过进入docker添加密码命令./bin/elasticsearch-setup-passwords interactive${END}
${COLOR}此脚本会自动创建目录,自动添加777权限,但是需要做ssh-key验证${END}
${COLOR}----------------------------------10秒后开始运行脚本----------------------------------------------${END}
sleep 1 
${COLOR} 9 ${END}
sleep 1 
${COLOR} 8 ${END}
sleep 1 
${COLOR} 7 ${END}
sleep 1 
${COLOR} 6 ${END}
sleep 1 
${COLOR} 5 ${END}
sleep 1 
${COLOR} 4 ${END}
sleep 1 
${COLOR} 3 ${END}
sleep 1 
${COLOR} 2 ${END}
sleep 1 
${COLOR} 1 ${END}
sleep 1 
${COLOR} 0 ${END}

#配置文件创建
for  i in ${IP} ;do 
NAME="es-${i}"

SSH_CHECK_DIR_1=`ssh ${
     i}  ls  /usr/local/src/ | grep -o docker_ELK`
SSH_CHECK_DIR_2=`ssh ${
     i}  ls  /usr/local/src/docker_ELK | grep -o data`
SSH_CHECK_DIR_3=`ssh ${
     i}  ls  /usr/local/src/docker_ELK | grep -o plugins`

cat > elasticsearch.yml <<-EOF
cluster.name: "es-cluster01"
network.host: 0.0.0.0
network.publish_host : ${i}
node.name: node-${i}
http.cors.enabled: true
http.cors.allow-origin: "*"
node.master : true
node.data : true
http.port: ${HTTP_PORT}
transport.tcp.port: ${TRANS_PORT}
discovery.seed_hosts: ["${cluster_1}","${cluster_2}","${cluster_3}"]
cluster.initial_master_nodes: ["${cluster_1}","${cluster_2}","${cluster_3}"]

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.keystore.type: PKCS12
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: ${CA_NAME}
xpack.security.transport.ssl.truststore.path: ${CA_NAME}
xpack.security.transport.ssl.truststore.type: PKCS12
xpack.security.audit.enabled: true
EOF

#文件/文件夹/验证
if  [ ${SSH_CHECK_DIR_1} == 'docker_ELK' ]  &&  [ ${SSH_CHECK_DIR_2} == 'data' ] && [ ${SSH_CHECK_DIR_3} == 'plugins' ] ; then 
    scp   elasticsearch.yml ${i}:${DOCKER_ELK_DIR}/  &> /dev/null
    scp ${ECS_CA} ${i}:${DOCKER_ELK_DIR}/ &> /dev/null
    ssh ${i}  chmod 777 ${DOCKER_ELK_DIR}  ${ECS_DATE}   ${ECS_PLUGINS} ${DOCKER_ELK_DIR}/elasticsearch.yml &> /dev/null
    ssh ${i} docker run -d --name ${NAME}  ${PORT}  ${volume}   ${Money}  ${DOCKER_IMAGEES}  &> /dev/null
else 
    ssh ${i}  mkdir -p ${DOCKER_ELK_DIR}  ${ECS_DATE}   ${ECS_PLUGINS}  &> /dev/null
    scp   elasticsearch.yml ${i}:${DOCKER_ELK_DIR}/  &> /dev/null 
    scp ${ECS_CA} ${i}:${DOCKER_ELK_DIR}/ &> /dev/null 
    ssh ${i}  chmod 777 ${DOCKER_ELK_DIR}  ${ECS_DATE}   ${ECS_PLUGINS} ${DOCKER_ELK_DIR}/elasticsearch.yml &> /dev/null 
    ssh ${i} docker run -d --name ${NAME}  ${PORT}  ${volume}   ${Money}  ${DOCKER_IMAGEES}  &> /dev/null 
fi



#集群单节点验证
CHECK_DOCKER_ELK_COM_1=`ssh ${
     i}  docker ps | grep -o  "es-${i}" `
CHECK_DOCKER_ELK_COM_2=`ssh ${
     i}  ss -ntl | grep -o "${HTTP_PORT} " `
CHECK_DOCKER_ELK_COM_3=`ssh ${
     i}  ss -ntl | grep -o "${TRANS_PORT} " `

if [ ${CHECK_DOCKER_ELK_COM_1} == "es-"${i}"" ]  && [ ${CHECK_DOCKER_ELK_COM_2} == '9200' ] && [ ${CHECK_DOCKER_ELK_COM_3} == '9300' ] ; then
       ${COLOR} ${i}配置完成      [True] ${END}

else 
       ${COLOR} ${i}配置失败      [False] ${END}
fi
done 

}

#集群所有设备验证
CHECK_CLUSTER(){
    

COLOR="echo -e \\033[01;33m"
END='\033[0m'
for k in ${IP} ;do
CHECK_DOCKER_ELK_COM_1=`ssh ${
     k}  docker ps | grep -o  "es-${k}" `
CHECK_DOCKER_ELK_COM_2=`ssh ${
     k}  ss -ntl | grep -o "${HTTP_PORT} " `
CHECK_DOCKER_ELK_COM_3=`ssh ${
     k}  ss -ntl | grep -o "${TRANS_PORT} " `

if [ ${CHECK_DOCKER_ELK_COM_1} == "es-${k}" ]  && [ ${CHECK_DOCKER_ELK_COM_2} == '9200' ] && [ ${CHECK_DOCKER_ELK_COM_3} == '9300' ] ; then
     echo '${k} is True ' >> cluster.txt
    
else 
     echo '${k} is False ' >> cluster.txt
fi
done

FILER_TRUE=`grep -o 'True'  'cluster.txt' |wc -l`
FILER_FALSE=`grep -o 'False' 'cluster.txt'  |wc -l`


if  [ ${FILER_TRUE} == '3'  ]  ; then
   ${COLOR}  集群配置成功       ${END}
elif [ ${FILER_FALSE} == '1|2|3' ] ; then 
   ${COLOR}  集群配置失败       ${END}
else 
    ${COLOR}  集群配置有问题   ${END}
fi

rm -rf  elasticsearch.yml
rm -rf  cluster.txt
}



SSH_KEY #SSH-KEY验证
ES_cluster #ES集群部署
CHECK_CLUSTER #集群验证

部署节点完成后也需要修改现成的文件,因为这个脚本只会部署不会直接加入,然后两个集群的ca文件记住一定是同一个!!!
此时需要修改新节点yml文件

新节点修改如下:

cluster.name: “es-cluster01”
network.host: 0.0.0.0
network.publish_host : 10.0.0.30
node.name: node-10.0.0.30
http.cors.enabled: true
http.cors.allow-origin: “*”
node.master : true
node.data : true
http.port: 9200
transport.tcp.port: 9300
discovery.seed_hosts: [“10.0.0.30”,“10.0.0.31”]
cluster.initial_master_nodes: [“10.0.0.30”,“10.0.0.31”]
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.keystore.type: PKCS12
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.type: PKCS12
xpack.security.audit.enabled: true

确定好,此时新节点的配置

(1)ca文件是与之前单节点是同一个!
(2)集群discovery两个节点是相同的!

此时就可以将新节点进行重启! docker restart 容器ID
然后再把老节点的docker 起来 systemctl start docker && docker start 容器ID

此时通过edge 或者google 访问 就直接看到俩节点
为了防止有些老baby不会处理json文件我把我已经删除的dis参数截图贴在这

感谢elasticsearch 官方文档!!!
个人博客地址:https://www.ghostxin.cn/