ElasticSearch7.x集群安装部署

创建用户

groupadd es && useradd es -g es -M -s /bin/bash
chown -R es:es /opt/$ES_HOME

系统参数修改

• vi /etc/sysctl.conf添加如下配置

vm.max_map_count=262144

使得重启之后也生效，即永久生效

执行如下命令使得立即生效

sysctl –p

• 修改/etc/security/limits.conf添加以下配置

  es hard nofile 65535
  es soft nofile 65535

• /etc/systemd/user.conf和/etc/systemd/system.conf分别添加以下配置

  DefaultLimitNOFILE=65535

systemd启动elasticsearch，需要设置这两个文件，否则启动会报如下错误
[1] bootstrap checks failed
[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]

解压

tar xzvf elasticsearch-7.6.1-linux-x86_64.tar.gz -C /opt/

配置ES

1主2从的配置

• node-1

cluster.name: my-es

node.name: node-1
node.master: true
node.data: true

network.host: 0.0.0.0
network.publish_host: 192.168.56.131

discovery.seed_hosts: [ "192.168.56.132","192.168.56.133"]
cluster.initial_master_nodes: ["node-1"]

# 允许跨域，elastic header需要
http.cors.enabled: true
http.cors.allow-origin: "*"

• node-2

cluster.name: my-es

node.name: node-2
node.master: false
node.data: true

network.host: 0.0.0.0
network.publish_host: 192.168.56.132

discovery.seed_hosts: ["192.168.56.131","192.168.56.133"]

cluster.initial_master_nodes: ["node-1"]

# 允许跨域，elastic header需要
http.cors.enabled: true
http.cors.allow-origin: "*"

• node-3

cluster.name: my-es

node.name: node-3
node.master: false
node.data: true

network.host: 0.0.0.0
network.publish_host: 192.168.56.133

discovery.seed_hosts: ["192.168.56.131", "192.168.56.132"]

cluster.initial_master_nodes: ["node-1"]

# 允许跨域，elastic header需要
http.cors.enabled: true
http.cors.allow-origin: "*"

生产环境建议network.host: 指定IP

检查集群状态

curl -XGET http://192.168.56.131:9200/_cluster/health?pretty

{
cluster_name: "my-es",
status: "green",
timed_out: false,
number_of_nodes: 3,
number_of_data_nodes: 3,
active_primary_shards: 0,
active_shards: 0,
relocating_shards: 0,
initializing_shards: 0,
unassigned_shards: 0,
delayed_unassigned_shards: 0,
number_of_pending_tasks: 0,
number_of_in_flight_fetch: 0,
task_max_waiting_in_queue_millis: 0,
active_shards_percent_as_number: 100
}

开机启动ElasticSearch

方案一 在/etc/init.d目录下

创建名为elasticsearch的文件，内容如下

#!/bin/sh
#description: elasticsearch
### BEGIN INIT INFO
# Provides:          elasticsearch
# Required-Start:    $all
# Required-Stop:
# Default-Start:     2 3 4 5
# Default-Stop:
# Short-Description: start elasticsearch
### END INIT INFO


case "$1" in
start)
    cd /opt/elasticsearch-7.6.1
    ./bin/elasticsearch -d
!
    echo "elasticsearch startup"
    ;;
stop)
    es_pid=`ps aux|grep elasticsearch | grep -v 'grep elasticsearch' | awk '{print $2}'`
    kill -9 $es_pid
    echo "elasticsearch stopped"
    ;;
restart)
    es_pid=`ps aux|grep elasticsearch | grep -v 'grep elasticsearch' | awk '{print $2}'`
    kill -9 $es_pid
    echo "elasticsearch stopped"
    cd /opt/elasticsearch-7.6.1
    ./bin/elasticsearch -d
!
    echo "elasticsearch startup"
    ;;
*)
    echo "start|stop|restart"
    ;;
esac

exit $?

$ chmod a+x elasticsearch.sh

方案二 在/lib/systemd/system目录下

创建名为elasticsearch.service的文件，内容如下

[Unit]
Description=elasticsearch
After=network.target

[Service]
Type=simple
ExecStart=/bin/bash /opt/elasticsearch-7.6.1/bin/elasticsearch
Restart=always
User=es
Group=es
WorkingDirectory=/opt/elasticsearch-7.6.1
[Install]
WantedBy=mutil-user.target

重载配置文件

$ sudo systemctl daemon-reload

启用服务

$ sudo systemctl enable elasticsearch

启动服务

$ sudo systemctl start elasticsearch

如果启动失败，想看下日志

# 查看状态
$ sudo systemctl status elasticsearch

# 查看日志
$ sudo journalctl -u elasticsearch

# 实时输出最新日志
$ sudo journalctl --follow -u elasticsearch

通过systemctl 启动服务报如下错误

Mar 15 10:08:51 ubuntu bash[1308]: ERROR: [1] bootstrap checks failed
Mar 15 10:08:51 ubuntu bash[1308]: [1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]
Mar 15 10:08:51 ubuntu bash[1308]: ERROR: Elasticsearch did not exit normally - check the logs at /opt/elasticsearch-7.6.1/logs/my-es.log
Mar 15 10:08:51 ubuntu bash[1308]: [2020-03-15T02:08:51,352][INFO ][o.e.n.Node               ] [node-1] stopping ...
Mar 15 10:08:51 ubuntu bash[1308]: [2020-03-15T02:08:51,462][INFO ][o.e.n.Node               ] [node-1] stopped
Mar 15 10:08:51 ubuntu bash[1308]: [2020-03-15T02:08:51,463][INFO ][o.e.n.Node               ] [node-1] closing ...
Mar 15 10:08:51 ubuntu bash[1308]: [2020-03-15T02:08:51,535][INFO ][o.e.n.Node               ] [node-1] closed

划重点：通过systemctrl自建elasticsearch系统服务的形式来启动的es,则需要修改/etc/systemd/user.conf,/etc/systemd/system.conf这两个文件，添加以下配置

DefaultLimitNOFILE=65536

常见错误

org.elasticsearch.bootstrap.StartupException: java.lang.RuntimeException: can not run elasticsearch as root
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:174) ~[elasticsearch-7.6.1.jar:7.6.1]
	at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:161) ~[elasticsearch-7.6.1.jar:7.6.1]
	at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-7.6.1.jar:7.6.1]
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:125) ~[elasticsearch-cli-7.6.1.jar:7.6.1]
	at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-7.6.1.jar:7.6.1]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:126) ~[elasticsearch-7.6.1.jar:7.6.1]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-7.6.1.jar:7.6.1]
Caused by: java.lang.RuntimeException: can not run elasticsearch as root
	at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:105) ~[elasticsearch-7.6.1.jar:7.6.1]
	at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:172) ~[elasticsearch-7.6.1.jar:7.6.1]
	at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:349) ~[elasticsearch-7.6.1.jar:7.6.1]
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:170) ~[elasticsearch-7.6.1.jar:7.6.1]

这个是最常见的了，不能用root用户来启动elasticsearch

Exception in thread "main" org.elasticsearch.bootstrap.BootstrapException: java.nio.file.AccessDeniedException: /opt/elasticsearch-7.6.1/config/elasticsearch.keystore
Likely root cause: java.nio.file.AccessDeniedException: /opt/elasticsearch-7.6.1/config/elasticsearch.keystore
	at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:90)
	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:116)
	at java.base/sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:219)
	at java.base/java.nio.file.Files.newByteChannel(Files.java:374)
	at java.base/java.nio.file.Files.newByteChannel(Files.java:425)
	at org.apache.lucene.store.SimpleFSDirectory.openInput(SimpleFSDirectory.java:77)
	at org.elasticsearch.common.settings.KeyStoreWrapper.load(KeyStoreWrapper.java:219)
	at org.elasticsearch.bootstrap.Bootstrap.loadSecureSettings(Bootstrap.java:234)
	at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:305)
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:170)
	at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:161)
	at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:125)
	at org.elasticsearch.cli.Command.main(Command.java:90)
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:126)
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92)

处理方法 chown -R es:es $ES_HOME/conf

2020-03-07 14:50:20,774 main ERROR Unable to invoke factory method in class org.apache.logging.log4j.core.appender.RollingFileAppender for element RollingFile: java.lang.IllegalStateException: No factory method found for class org.apache.logging.log4j.core.appender.RollingFileAppender java.lang.IllegalStateException: No factory method found for class org.apache.logging.log4j.core.appender.RollingFileAppender
	at org.apache.logging.log4j.core.config.plugins.util.PluginBuilder.findFactoryMethod(PluginBuilder.java:235)
	at org.apache.logging.log4j.core.config.plugins.util.PluginBuilder.build(PluginBuilder.java:135)
	at org.apache.logging.log4j.core.config.AbstractConfiguration.createPluginObject(AbstractConfiguration.java:959)
	at org.apache.logging.log4j.core.config.AbstractConfiguration.createConfiguration(AbstractConfiguration.java:899)
	at org.apache.logging.log4j.core.config.AbstractConfiguration.createConfiguration(AbstractConfiguration.java:891)
	at org.apache.logging.log4j.core.config.AbstractConfiguration.doConfigure(AbstractConfiguration.java:514)
	at org.apache.logging.log4j.core.config.AbstractConfiguration.initialize(AbstractConfiguration.java:238)
	at org.apache.logging.log4j.core.config.AbstractConfiguration.start(AbstractConfiguration.java:250)
	at org.apache.logging.log4j.core.LoggerContext.setConfiguration(LoggerContext.java:547)
	at org.apache.logging.log4j.core.LoggerContext.start(LoggerContext.java:263)
	at org.elasticsearch.common.logging.LogConfigurator.configure(LogConfigurator.java:234)
	at org.elasticsearch.common.logging.LogConfigurator.configure(LogConfigurator.java:127)
	at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:310)
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:170)
	at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:161)
	at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:125)
	at org.elasticsearch.cli.Command.main(Command.java:90)
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:126)
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92)

处理方法 chown -R es:es $ES_HOME/logs

[2020-03-07T14:11:03,119][WARN ][o.e.c.c.Coordinator      ] [node-1] failed to validate incoming join request from node [{node-2}{OTFjHR3wRuyQBMbb9PdGoQ}{GH_dXyYZQIuyjnnBTsELRw}{192.168.56.132}{192.168.56.132:9300}{dil}{ml.machine_memory=3665874944, ml.max_open_jobs=20, xpack.installed=true}]
org.elasticsearch.transport.RemoteTransportException: [node-2][192.168.56.132:9300][internal:cluster/coordination/join/validate]
Caused by: org.elasticsearch.cluster.coordination.CoordinationStateRejectedException: join validation on cluster state with a different cluster uuid of6I6UasSd209Y_5-YdZ2A than local cluster uuid 4jifFlHcR9K7wQflerzo3g, rejecting
	at org.elasticsearch.cluster.coordination.JoinHelper.lambda$new$4(JoinHelper.java:148) ~[elasticsearch-7.6.1.jar:7.6.1]
	at org.elasticsearch.xpack.security.transport.SecurityServerTransportInterceptor$ProfileSecuredRequestHandler$1.doRun(SecurityServerTransportInterceptor.java:257) ~[?:?]
	at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) ~[elasticsearch-7.6.1.jar:7.6.1]
	at org.elasticsearch.xpack.security.transport.SecurityServerTransportInterceptor$ProfileSecuredRequestHandler.messageReceived(SecurityServerTransportInterceptor.java:315) ~[?:?]
	at org.elasticsearch.transport.RequestHandlerRegistry.processMessageReceived(RequestHandlerRegistry.java:63) ~[elasticsearch-7.6.1.jar:7.6.1]
	at org.elasticsearch.transport.InboundHandler$RequestHandler.doRun(InboundHandler.java:264) ~[elasticsearch-7.6.1.jar:7.6.1]
	at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:692) ~[elasticsearch-7.6.1.jar:7.6.1]
	at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) ~[elasticsearch-7.6.1.jar:7.6.1]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) [?:?]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [?:?]
	at java.lang.Thread.run(Thread.java:830) [?:?]

如果集群所有节点cluster.name设置都一样的，但还是报以上错误，可以将集群内的节点的data目录删掉后重启

附加

目前es没有桌面客户端，不过elasticsearch-head算是比较方便的，用于快速查询下数据。
这里我就给出elastic-head，systemd服务的脚本

[Unit]
Description=elasticsearch head
After=network.target

[Service]
Type=simple
Environment=PATH=/opt/node-v12.16.1/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
ExecStart=/opt/node-v12.16.1/bin/npm run start
Restart=always
User=es
Group=es
WorkingDirectory=/opt/elasticsearch-head

[Install]
WantedBy=mutil-user.target

请事先安装好node环境，并在/opt/elasticsearch-head目录，执行好npm i -V安装好相关module

执行如下命令，下次就能开机启动了

$ systemctl daemon-reload
$ systemctl enable elasticsearch-head

参考

https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html
https://www.elastic.co/guide/en/elasticsearch/reference/current/targz.html
https://www.elastic.co/guide/en/elasticsearch/reference/7.6/docker.html
https://www.elastic.co/guide/en/elasticsearch/reference/current/settings.html
https://www.linuxtechi.com/set-ulimit-file-descriptors-limit-linux-servers/
https://askubuntu.com/questions/1102512/set-ulimit-for-non-root-user
https://superuser.com/questions/1200539/cannot-increase-open-file-limit-past-4096-ubuntu/1200818#1200818
http://www.ruanyifeng.com/blog/2018/03/systemd-timer.html