Installation du cluster Elasticsearch 8.6
Dans ce guide, nous allons décrire comment configurer un cluster Elasticsearch de 3 nœuds à l'aide de conteneurs Docker sur Ubuntu. Dans notre exemple, tous les nœuds sont polyvalents, c'est-à-dire qu'ils ont tous les rôles Master et Data. Cependant, pour un vrai cluster de production, il est recommandé de séparer les nœuds Master et Data.
Pré-requis
Avoir une machine virtuelle avec ubuntu installé, docker et docker-compose installés. Au minimum et en fonction de vos besoin, il faut compter 2GB de RAM et 1 vCPU par nœud.
Création et configuration des conteneurs docker
1. Créer un répertoire de travail /app/elasticsearch.
root@data-resilience:/app# mkdir -p /app/elasticsearch root@data-resilience:/app# cd /app/elasticsearch
2. Créer un Dockerfile avec le contenu suivant:
root@data-resilience:/app/elasticsearch# cat Dockerfile FROM ubuntu:latest LABEL maintainer="data-resilience" LABEL version="1" LABEL description="Image docker pour elasticsearch 8" ARG DEBIAN_FRONTEND=noninteractive RUN apt update RUN apt install -y vim wget curl gnupg apt-transport-https lsb-release systemctl RUN apt clean
3. Construire l'image docker elasticsearch-img avec la commande suivante:
docker build -t elasticsearch-img .
4. Vérifier éventuellement que l'image a bien été créée.
root@data-resilience:/app/elasticsearch# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
elasticsearch-img latest 2b52bd672e48 10 seconds ago 203MB
ubuntu latest 58db3edaf2be 12 days ago 77.8MB
postgres12-img latest 4039441833b3 3 weeks ago 727MB
couchbase/server enterprise-7.0.5 1a64a8235967 7 weeks ago 1.33GB
ubuntu 20.04 d5447fc01ae6 2 months ago 72.8MB
5. Lancer un conteneur à partir de notre image Docker.
root@data-resilience:/app/elasticsearch# docker run -tid --name elasticsearch-server elasticsearch-img e3abadbd8385c031857d9d92d71818ccfa0d8259db748773f82ff79f6ab69c7e
6. Se connecter au conteneur elasticsearch-server avec la commande suivante:
docker exec -ti elasticsearch-server bash
7. Ajouter le dépôt de d'Elasticsearch 8.6 en exécutant les commandes suivantes:
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | tee /etc/apt/sources.list.d/elastic-8.x.list apt-get update
8. Créez une nouvelle image Docker nommée elasticsearch-img à partir du conteneur elasticsearch-server.
root@data-resilience:/app/elasticsearch# docker commit elasticsearch-server elasticsearch-img sha256:2c7971b5ec48f2267d89b335c840e87f5fb5094b01d1fb02655c25859c974c5b
9. Supprimer le conteneur elasticsearch-server car il n'est plus nécessaire pour la suite de l'article.
root@data-resilience:/app/elasticsearch# docker rm -f elasticsearch-server elasticsearch-server
10. Créer un fichier docker-compose.yml avec le contenu suivant:
root@data-resilience:/app/elasticsearch# cat docker-compose.yml
version: '3.5'
services:
elasticsearch1:
tty: true
hostname: elasticsearch1
container_name: elasticsearch1
image: elasticsearch-img
volumes:
- es_config1:/etc/elasticsearch
- es_data1:/var/lib/elasticsearch
networks:
dbNetwork:
ipv4_address: 172.18.56.61
ports:
- '9100:9200'
mem_limit: 1073741824
ulimits:
memlock:
soft: -1
hard: -1
elasticsearch2:
tty: true
hostname: elasticsearch2
container_name: elasticsearch2
image: elasticsearch-img
volumes:
- es_config2:/etc/elasticsearch
- es_data2:/var/lib/elasticsearch
networks:
dbNetwork:
ipv4_address: 172.18.56.62
ports:
- '9200:9200'
mem_limit: 1073741824
ulimits:
memlock:
soft: -1
hard: -1
elasticsearch3:
tty: true
hostname: elasticsearch3
container_name: elasticsearch3
image: elasticsearch-img
volumes:
- es_config3:/etc/elasticsearch
- es_data3:/var/lib/elasticsearch
networks:
dbNetwork:
ipv4_address: 172.18.56.63
ports:
- '9300:9200'
mem_limit: 1073741824
ulimits:
memlock:
soft: -1
hard: -1
networks:
dbNetwork:
name: dbNetwork
driver: bridge
ipam:
config:
- subnet: 172.18.56.0/24
volumes:
es_config1:
es_data1:
es_config2:
es_data2:
es_config3:
es_data3:
11. Lancer docker-compose avec la commande suivante:
root@data-resilience:/app/elasticsearch# docker-compose up -d Creating elasticsearch2 ... done Creating elasticsearch1 ... done Creating elasticsearch3 ... done
12. Vérifier que les 3 nœuds sont en cours d'exécution.
root@data-resilience:/app/elasticsearch# docker-compose ps
Name Command State Ports
-----------------------------------------------------------------------------
elasticsearch1 /bin/bash Up 0.0.0.0:9100->9200/tcp,:::9100->9200/tcp
elasticsearch2 /bin/bash Up 0.0.0.0:9200->9200/tcp,:::9200->9200/tcp
elasticsearch3 /bin/bash Up 0.0.0.0:9300->9200/tcp,:::9300->9200/tcp
Installation et configuration d'Elasticsearch sur premier nœud "elasticsearch1"
13. Se connecter sur le premier nœud "elasticsearch1" puis installer elasticsearch avec la commande suivate:
root@data-resilience:/app/elasticsearch# docker exec -ti elasticsearch1 bash root@elasticsearch1:/# apt-get install elasticsearch Reading package lists... Done Building dependency tree... Done Reading state information... Done The following NEW packages will be installed: elasticsearch 0 upgraded, 1 newly installed, 0 to remove and 5 not upgraded. Need to get 582 MB of archives. After this operation, 1195 MB of additional disk space will be used. Get:1 https://artifacts.elastic.co/packages/8.x/apt stable/main amd64 elasticsearch amd64 8.6.1 [582 MB] Fetched 582 MB in 21s (27.5 MB/s) debconf: delaying package configuration, since apt-utils is not installed Selecting previously unselected package elasticsearch. (Reading database ... 8021 files and directories currently installed.) Preparing to unpack .../elasticsearch_8.6.1_amd64.deb ... Creating elasticsearch group... OK Creating elasticsearch user... OK Unpacking elasticsearch (8.6.1) ... Setting up elasticsearch (8.6.1) ... ERROR:systemctl:Unit systemd-sysctl.service could not be found. --------------------------- Security autoconfiguration information ------------------------------ Authentication and authorization are enabled. TLS for the transport and HTTP layers is enabled and configured. The generated password for the elastic built-in superuser is : vLl9wgxQz=_PqEMefTWQ If this node should join an existing cluster, you can reconfigure this with '/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token' after creating an enrollment token on your existing cluster. You can complete the following actions at any time: Reset the password of the elastic built-in superuser with '/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'. Generate an enrollment token for Kibana instances with '/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'. Generate an enrollment token for Elasticsearch nodes with '/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'. ------------------------------------------------------------------------------------------------- ### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd sudo systemctl daemon-reload sudo systemctl enable elasticsearch.service ### You can start elasticsearch service by executing sudo systemctl start elasticsearch.service
PS: Par défaut, Elasticsearch génère automatiquement un mot de passe pour l'utilisateur "elastic". Nous verrons plus tard comment définir un autre mot de passe.
14. Créer le répertoire /var/run/elasticsearch sur le premier nœud "elasticsearch1".
mkdir -p /var/run/elasticsearch chown -R elasticsearch:elasticsearch /var/run/elasticsearch chown -R elasticsearch:elasticsearch /var/lib/elasticsearch
15. Modifier la taille de la JVM heap en exécutant les commandes suivantes:
sed -i 's/## -Xms4g/-Xms1g/g' /etc/elasticsearch/jvm.options sed -i 's/## -Xmx4g/-Xmx1g/g' /etc/elasticsearch/jvm.options
16. Modifier les paramètres de configuration d'elasticsearch soit manuellement en édittant le fichier /etc/elasticsearch/elasticsearch.yml ou à l'aide des commandes suivantes:
sed -i 's/^#cluster.name:.*/cluster.name: es-cluster/g' /etc/elasticsearch/elasticsearch.yml sed -i 's/#node.name:.*/node.name: elasticsearch1/g' /etc/elasticsearch/elasticsearch.yml sed -i 's/^#network.host:.*/network.host: 172.18.56.61/g' /etc/elasticsearch/elasticsearch.yml sed -i 's/^#discovery.seed_hosts:.*/discovery.seed_hosts: ["172.18.56.61:9300", "172.18.56.62:9300", "172.18.56.63:9300"]/g' /etc/elasticsearch/elasticsearch.yml sed -i 's/^#cluster.initial_master_nodes:.*/cluster.initial_master_nodes: ["172.18.56.61", "172.18.56.62", "172.18.56.63"]/g' /etc/elasticsearch/elasticsearch.yml
17. Démarrer le service elasticsearch.
systemctl daemon-reload systemctl enable elasticsearch.service systemctl start elasticsearch.service
PS: Le démarrage du service Elasticsearch peut être compromis si la valeur de vm.max_map_count dans votre configuration est inférieure à 262144.
Vous pouvez ajuster la valeur de vm.max_map_count à 262144 en utilisant la commande sysctl -w vm.max_map_count=262144 ou en l'ajoutant au fichier /etc/sysctl.conf de votre machine ubuntu pour une persistance au redémarrage.
18. Vérifier que le service elasticsearch est bien démarré.
root@elasticsearch1:~# systemctl status elasticsearch.service
elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service, enabled)
Active: active (running)
19. Personaliser le mot de passe du l'utilisateur elastic.
root@elasticsearch1:~# /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic -i This tool will reset the password of the [elastic] user. You will be prompted to enter the password. Please confirm that you would like to continue [y/N]y Enter password for [elastic]: Re-enter password for [elastic]: Password for the [elastic] user successfully reset.
L'utilisation de l'option "-i" en mode interactif vous permet de saisir votre propre mot de passe, sinon, il sera généré automatiquement par Elasticsearch.
20. Vérifier l'état de nœud du cluster.
root@elasticsearch1:~# curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200
Enter host password for user 'elastic':
{
"name" : "elasticsearch1",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "W_M14OJjRZqNTGfn48W9-Q",
"version" : {
"number" : "8.6.1",
"build_flavor" : "default",
"build_type" : "deb",
"build_hash" : "180c9830da956993e59e2cd70eb32b5e383ea42c",
"build_date" : "2023-01-24T21:35:11.506992272Z",
"build_snapshot" : false,
"lucene_version" : "9.4.2",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"
}
Installation et configuration d'Elasticsearch sur deuxième nœud "elasticsearch2"
21. Se connecter sur le deuxième nœud "elasticsearch2" puis installer elasticsearch avec la commande suivate:
root@data-resilience:~# docker exec -ti elasticsearch2 bash root@elasticsearch2:/# apt-get install elasticsearch Reading package lists... Done Building dependency tree... Done Reading state information... Done The following NEW packages will be installed: elasticsearch 0 upgraded, 1 newly installed, 0 to remove and 5 not upgraded. Need to get 582 MB of archives. After this operation, 1195 MB of additional disk space will be used. Get:1 https://artifacts.elastic.co/packages/8.x/apt stable/main amd64 elasticsearch amd64 8.6.1 [582 MB] Fetched 582 MB in 20s (29.5 MB/s) debconf: delaying package configuration, since apt-utils is not installed (Reading database ... 8025 files and directories currently installed.) Preparing to unpack .../elasticsearch_8.6.1_amd64.deb ... Unpacking elasticsearch (8.6.1) ... Setting up elasticsearch (8.6.1) ... ERROR:systemctl:Unit systemd-sysctl.service could not be found. --------------------------- Security autoconfiguration information ------------------------------ Authentication and authorization are enabled. TLS for the transport and HTTP layers is enabled and configured. The generated password for the elastic built-in superuser is : 0--1c9CJAdU3zYkf3F59 If this node should join an existing cluster, you can reconfigure this with '/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token' after creating an enrollment token on your existing cluster. You can complete the following actions at any time: Reset the password of the elastic built-in superuser with '/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'. Generate an enrollment token for Kibana instances with '/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'. Generate an enrollment token for Elasticsearch nodes with '/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'. ------------------------------------------------------------------------------------------------- ### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd sudo systemctl daemon-reload sudo systemctl enable elasticsearch.service ### You can start elasticsearch service by executing sudo systemctl start elasticsearch.service
22. Créer le répertoire /var/run/elasticsearch sur le deuxième nœud.
mkdir -p /var/run/elasticsearch chown -R elasticsearch:elasticsearch /var/run/elasticsearch chown -R elasticsearch:elasticsearch /var/lib/elasticsearch
23. Modifier la taille de la JVM heap en exécutant les commandes suivantes:
sed -i 's/## -Xms4g/-Xms1g/g' /etc/elasticsearch/jvm.options sed -i 's/## -Xmx4g/-Xmx1g/g' /etc/elasticsearch/jvm.options
24. Générer un token pour l'enregistrement de ce nœud dans le cluster. Le token doit être généré depuis un nœud déjà rattaché au cluster.
root@data-resilience:/app/elasticsearch# docker exec -ti elasticsearch1 bash root@elasticsearch1:/# /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node eyJ2ZXIiOiI4LjYuMSIsImFkciI6WyIxNzIuMTguNTYuNjE6OTIwMCJdLCJmZ3IiOiIwYjZlYThhYjZkYmMwNDU4MWI1ZGM3YjVhMWRjNDkwNTIxNzkxODIzY2ZlMzQzOWM2ZWI0ZjhiYzUyMzUwNTM5Iiwia2V5IjoiYklOeUxvWUJoLTllaENWOHJ3RXY6ZUE1NkhZbFJTc2FPOG0yS3VTVFRldyJ9
25. Ajouter le deuxième nœud au cluster avec la commande elasticsearch-reconfigure-node.
root@data-resilience:~# docker exec -ti elasticsearch2 bash root@elasticsearch2:/# /usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token eyJ2ZXIiOiI4LjYuMSIsImFkciI6WyIxNzIuMTguNTYuNjE6OTIwMCJdLCJmZ3IiOiIwYjZlYThhYjZkYmMwNDU4MWI1ZGM3YjVhMWRjNDkwNTIxNzkxODIzY2ZlMzQzOWM2ZWI0ZjhiYzUyMzUwNTM5Iiwia2V5IjoiYklOeUxvWUJoLTllaENWOHJ3RXY6ZUE1NkhZbFJTc2FPOG0yS3VTVFRldyJ9 This node will be reconfigured to join an existing cluster, using the enrollment token that you provided. This operation will overwrite the existing configuration. Specifically: - Security auto configuration will be removed from elasticsearch.yml - The [certs] config directory will be removed - Security auto configuration related secure settings will be removed from the elasticsearch.keystore Do you want to continue with the reconfiguration process [y/N]y
26. Modifier les paramètres de configuration d'elasticsearch soit manuellement en édittant le fichier /etc/elasticsearch/elasticsearch.yml ou à l'aide des commandes suivantes:
sed -i 's/^#cluster.name:.*/cluster.name: es-cluster/g' /etc/elasticsearch/elasticsearch.yml sed -i 's/#node.name:.*/node.name: elasticsearch2/g' /etc/elasticsearch/elasticsearch.yml sed -i 's/^#network.host:.*/network.host: 172.18.56.62/g' /etc/elasticsearch/elasticsearch.yml sed -i 's/^#discovery.seed_hosts:.*/discovery.seed_hosts: ["172.18.56.61:9300", "172.18.56.62:9300", "172.18.56.63:9300"]/g' /etc/elasticsearch/elasticsearch.yml sed -i 's/^#cluster.initial_master_nodes:.*/cluster.initial_master_nodes: ["172.18.56.61", "172.18.56.62", "172.18.56.63"]/g' /etc/elasticsearch/elasticsearch.yml
27. Démarrer le service elasticsearch.
systemctl daemon-reload systemctl enable elasticsearch.service systemctl start elasticsearch.service
28. Vérifier le statut de service elasticsearch.
root@elasticsearch2:/# systemctl status elasticsearch.service
elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service, disabled)
Active: active (running)
29. Personaliser le mot de passe de l'utilisateur elastic.
root@elasticsearch2:/# /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic -i This tool will reset the password of the [elastic] user. You will be prompted to enter the password. Please confirm that you would like to continue [y/N]y Enter password for [elastic]: Re-enter password for [elastic]: Password for the [elastic] user successfully reset.
30. Vérifier l'état de nœud du cluster
root@elasticsearch2:/# curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200
Enter host password for user 'elastic':
{
"name" : "elasticsearch2",
"cluster_name" : "es-cluster",
"cluster_uuid" : "W_M14OJjRZqNTGfn48W9-Q",
"version" : {
"number" : "8.6.1",
"build_flavor" : "default",
"build_type" : "deb",
"build_hash" : "180c9830da956993e59e2cd70eb32b5e383ea42c",
"build_date" : "2023-01-24T21:35:11.506992272Z",
"build_snapshot" : false,
"lucene_version" : "9.4.2",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"
}
Installation et configuration d'Elasticsearch sur troisième nœud "elasticsearch3"
31. Se connecter sur le troisième nœud "elasticsearch3" puis installer elasticsearch avec la commande suivate:
root@data-resilience:~# docker exec -ti elasticsearch3 bash root@elasticsearch3:/# apt-get install elasticsearch Reading package lists... Done Building dependency tree... Done Reading state information... Done The following NEW packages will be installed: elasticsearch 0 upgraded, 1 newly installed, 0 to remove and 5 not upgraded. Need to get 582 MB of archives. After this operation, 1195 MB of additional disk space will be used. Get:1 https://artifacts.elastic.co/packages/8.x/apt stable/main amd64 elasticsearch amd64 8.6.1 [582 MB] Fetched 582 MB in 21s (27.9 MB/s) debconf: delaying package configuration, since apt-utils is not installed Selecting previously unselected package elasticsearch. (Reading database ... 8021 files and directories currently installed.) Preparing to unpack .../elasticsearch_8.6.1_amd64.deb ... Creating elasticsearch group... OK Creating elasticsearch user... OK Unpacking elasticsearch (8.6.1) ... Setting up elasticsearch (8.6.1) ... ERROR:systemctl:Unit systemd-sysctl.service could not be found. --------------------------- Security autoconfiguration information ------------------------------ Authentication and authorization are enabled. TLS for the transport and HTTP layers is enabled and configured. The generated password for the elastic built-in superuser is : HiJdVB*CYNzRjDgvhGdL If this node should join an existing cluster, you can reconfigure this with '/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token' after creating an enrollment token on your existing cluster. You can complete the following actions at any time: Reset the password of the elastic built-in superuser with '/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'. Generate an enrollment token for Kibana instances with '/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'. Generate an enrollment token for Elasticsearch nodes with '/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'. ------------------------------------------------------------------------------------------------- ### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd sudo systemctl daemon-reload sudo systemctl enable elasticsearch.service ### You can start elasticsearch service by executing sudo systemctl start elasticsearch.service
32. Créer le répertoire /var/run/elasticsearch sur le troisième nœud.
mkdir -p /var/run/elasticsearch chown -R elasticsearch:elasticsearch /var/run/elasticsearch chown -R elasticsearch:elasticsearch /var/lib/elasticsearch
33. Modifier la taille de la JVM heap en exécutant les commandes suivantes:
sed -i 's/## -Xms4g/-Xms1g/g' /etc/elasticsearch/jvm.options sed -i 's/## -Xmx4g/-Xmx1g/g' /etc/elasticsearch/jvm.options
34. Générer un token pour l'enregistrement de ce nœud dans le cluster. Le token doit être généré depuis un nœud déjà rattaché au cluster.
root@data-resilience:/app/elasticsearch# docker exec -ti elasticsearch1 bash root@elasticsearch1:/# /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node eyJ2ZXIiOiI4LjYuMSIsImFkciI6WyIxNzIuMTguNTYuNjE6OTIwMCJdLCJmZ3IiOiIwYjZlYThhYjZkYmMwNDU4MWI1ZGM3YjVhMWRjNDkwNTIxNzkxODIzY2ZlMzQzOWM2ZWI0ZjhiYzUyMzUwNTM5Iiwia2V5IjoiYm9PRkxvWUJoLTllaENWOEVRRUs6UTI2VHdLZWpUajJ3YXZ6ajZRbHJBdyJ9
35. Ajouter le troisième nœud au cluster.
root@data-resilience:/app/elasticsearch# docker exec -ti elasticsearch3 bash root@elasticsearch3:/# /usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token eyJ2ZXIiOiI4LjYuMSIsImFkciI6WyIxNzIuMTguNTYuNjE6OTIwMCJdLCJmZ3IiOiIwYjZlYThhYjZkYmMwNDU4MWI1ZGM3YjVhMWRjNDkwNTIxNzkxODIzY2ZlMzQzOWM2ZWI0ZjhiYzUyMzUwNTM5Iiwia2V5IjoiYm9PRkxvWUJoLTllaENWOEVRRUs6UTI2VHdLZWpUajJ3YXZ6ajZRbHJBdyJ9 This node will be reconfigured to join an existing cluster, using the enrollment token that you provided. This operation will overwrite the existing configuration. Specifically: - Security auto configuration will be removed from elasticsearch.yml - The [certs] config directory will be removed - Security auto configuration related secure settings will be removed from the elasticsearch.keystore Do you want to continue with the reconfiguration process [y/N]y
36. Modifier les paramètres de configuration d'elasticsearch soit manuellement en édittant le fichier /etc/elasticsearch/elasticsearch.yml ou à l'aide des commandes suivantes:
sed -i 's/^#cluster.name:.*/cluster.name: es-cluster/g' /etc/elasticsearch/elasticsearch.yml sed -i 's/#node.name:.*/node.name: elasticsearch3/g' /etc/elasticsearch/elasticsearch.yml sed -i 's/^#network.host:.*/network.host: 172.18.56.63/g' /etc/elasticsearch/elasticsearch.yml sed -i 's/^#discovery.seed_hosts:.*/discovery.seed_hosts: ["172.18.56.61:9300", "172.18.56.62:9300", "172.18.56.63:9300"]/g' /etc/elasticsearch/elasticsearch.yml sed -i 's/^#cluster.initial_master_nodes:.*/cluster.initial_master_nodes: ["172.18.56.61", "172.18.56.62", "172.18.56.63"]/g' /etc/elasticsearch/elasticsearch.yml
37. Démarrer le service elasticsearch.
systemctl daemon-reload systemctl enable elasticsearch.service systemctl start elasticsearch.service
38. Vérifier que le service elasticsearch est bien démarré.
root@elasticsearch3:/# systemctl status elasticsearch.service
elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service, enabled)
Active: active (running)
39. Personaliser le mot de passe de l'utilisateur elastic.
root@elasticsearch3:/# /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic -i This tool will reset the password of the [elastic] user. You will be prompted to enter the password. Please confirm that you would like to continue [y/N]y Enter password for [elastic]: Re-enter password for [elastic]: Password for the [elastic] user successfully reset.
40. Vérifier l'état de nœud du cluster.
root@elasticsearch3:/# curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200
Enter host password for user 'elastic':
{
"name" : "elasticsearch3",
"cluster_name" : "es-cluster",
"cluster_uuid" : "W_M14OJjRZqNTGfn48W9-Q",
"version" : {
"number" : "8.6.1",
"build_flavor" : "default",
"build_type" : "deb",
"build_hash" : "180c9830da956993e59e2cd70eb32b5e383ea42c",
"build_date" : "2023-01-24T21:35:11.506992272Z",
"build_snapshot" : false,
"lucene_version" : "9.4.2",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"
}
Finalisation de la configuration du cluster
41. Vérifier le statut global du cluster.
root@elasticsearch1:/# curl -ku elastic:rachid -X GET "https://localhost:9200/_cluster/health?wait_for_status=yellow&timeout=50s&pretty"
{
"cluster_name" : "es-cluster",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 3,
"number_of_data_nodes" : 3,
"active_primary_shards" : 2,
"active_shards" : 4,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
42. Les répertoires les plus importants de Elasticsearch
home: /usr/share/elasticsearch bin: /usr/share/elasticsearch/bin les fichiers de configuration de base: /etc/elasticsearch configuration des variables d'environnement: /etc/default/elasticsearch configuration la clé TLS et certificats: /etc/elasticsearch/certs data: /var/lib/elasticsearch jdk: /usr/share/elasticsearch/jdk logs: /var/log/elasticsearch plugins: /usr/share/elasticsearch/plugins
43. Désactiver le swapping
Le swapping entraîne une dégradation des performances. Afin d'assurer des performances optimales et la stabilité du cluster Elasticsearch, il est impératif de désactiver le swapping.
La commande suivante permet de désactiver temporairement le swapping. Il n'est pas nécessaire de redémarrer Elasticsearch.
swapoff -a
Pour désactiver de manière permanente le swapping, il est nécessaire de supprimer l'entrée de montage de swap dans le fichier de configuration /etc/fstab.
44. Ajuster la valeur de descripteurs de fichier nofile
Le paramètre "max open files" Unix ou "nofile" doit avoir une valeur minimale de 65535. S'il est inférieur, il doit être ajusté à ce niveau minimum. Pour vérifier la valeur de "nofile" sur tous les nœuds du cluster, vous pouvez utiliser la commande suivante.
root@elasticsearch1:/# curl -ku elastic:rachid -X GET "https://localhost:9200/_nodes/stats/process?filter_path=**.max_file_descriptors&pretty"
{
"nodes" : {
"aU7_vboVRuiM-WgTaUvQWA" : {
"process" : {
"max_file_descriptors" : 1048576
}
},
"Zo17b7T6SFq07GLYpN7JaA" : {
"process" : {
"max_file_descriptors" : 1048576
}
},
"EyI8Dx9oRJeuTa-LTZ9qeQ" : {
"process" : {
"max_file_descriptors" : 1048576
}
}
}
}
45. Ajuster le nombre de threads nproc
La valeur minimale de nombre d’unités de traitement "nproc" doit être 4096. Utiliser la commande suivante pour ajuster la valeur de nproc.
ulimit -u 4096
46. Ajuster le timeout de retransmission TCP
La plupart des systèmes d'exploitation sont conçus pour retransmettre les paquets perdus en cas de défaillance réseau. Cependant, un nombre élevé de retransmissions peut entraîner une baisse de performance et mettre le cluster en danger. En cas de défaillance d'un nœud, par exemple, il fallait attendre longtemps avant de le détecter et rediriger les requêtes vers les shards secondaires, voire élire un nouveau master.
Pour réduire le nombre de retransmissions, vous pouvez utiliser la commande suivante:
sysctl -w net.ipv4.tcp_retries2=5
Pour rendre la modification permanente, il convient de spécifier la valeur du paramètre net.ipv4.tcp_retries2 dans le fichier de configuration /etc/sysctl.conf.
Dans les prochaines articles, nous allons explorer comment installer et configurer Kibana et Logstash pour tirer le meilleur parti de la stack ELK.