흙수저의 엔지니어링

PUT _cluster/settings
{ "persistent": { "cluster.max_shards_per_node": "3000" } }

elasticsearch 8.6.0 버전은 기본적으로 SSL 암호화 통신을 합니다.

저는 현재 설정은 SSL을 사용하지 않는 방법을 이용하겠습니다.

향후 SSL 적용 매뉴얼도 작성해서 올리도록 하겠습니다.

• SSL 암호화 통신 하지 않음
• cluster 설정 사용
  • cluster를 사용할 경우 로그: /var/log/elasticsearch/{cluster.name}.log
  • cluster를 사용하지 않을 경우 로그: /var/log/elasticsearch/elasticsearch.log

클러스터 설정 사용하지 않을 경우

# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
# 클러스터 사용할 경우 아래 항목 활성화
# cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: tmplogsvr
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
# discovery.seed_hosts: ["127.0.0.1"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
# 클러스터 사용할 경우 아래 항목 설정 적용
# cluster.initial_master_nodes: ["tmplogsvr"]
#
# For more information, consult the discovery and cluster formation module documentation.
#

설정에 맞게 사용 (전체 설정 내용)

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: tmplogsvr
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
network.host: 0.0.0.0
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["127.0.0.1", "[::1]"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes: ["tmplogsvr"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# --------------------------------- Readiness ----------------------------------
#
# Enable an unauthenticated TCP readiness endpoint on localhost
#
#readiness.port: 9399
#
# ---------------------------------- Various -----------------------------------
#
# Allow wildcard deletion of indices:
#
#action.destructive_requires_name: false

#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically
# generated to configure Elasticsearch security features on 16-02-2023 03:11:46
#
# --------------------------------------------------------------------------------

# Enable security features
xpack.security.enabled: false

xpack.security.enrollment.enabled: false

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: false
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: false
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
#cluster.initial_master_nodes: ["localhost"]

# Allow HTTP API connections from anywhere
# Connections are encrypted and require user authentication
http.host: 0.0.0.0

# Allow other nodes to join the cluster from anywhere
# Connections are encrypted and mutually authenticated
#transport.host: 0.0.0.0

#----------------------- END SECURITY AUTO CONFIGURATION -------------------------
# Error 로그에exception during geoip databases update 가 있는 경우
ingest.geoip.downloader.enabled: false

설치할 elasticsearch 방식 선택

해당 매뉴얼은 centos에서 설치하여 yum을 선택하였습니다.

https://www.elastic.co/kr/downloads/elasticsearch

yum을 이용할 repository 추가

현재 기준으로 표준 설치는 elasticsearch 8.6.2 이지만, elastalert의 plugin 버전을 맞춘겁니다.

설치 시 꼭 하단 링크의 elastalert의 버전과 호환되는 버전으로 설치하세요

elastalert-plugin: https://github.com/karql/elastalert-kibana-plugin/releases

yum을 이용한 elasticsearch 설치

elasticsearch 시스템 등록

elasticsearch 시스템 시작 / 중지