知识养成了思想,思想同时又在融化知识。这篇文章主要讲述Elasitcsearch 带认证及ssl集群部署相关的知识,希望能为你提供帮助。
【Elasitcsearch 带认证及ssl集群部署】首先批量部署基础服务,可参照ansible-playbook脚本 install_es.yml
---
- name: install elasticsearch
hosts: " ip "
user: root
vars:
- elasticsearch_version: 7.8.1
- hostip: "ansible_default_ipv4[address]"
tasks:
- name: create dir
file: path= itemstate=directory
with_items:
- /opt/elasticsearch
- name: copy file
copy: src= https://www.songbingjia.com/android/item.srcdest= item.destmode=0755
with_items:
- src: "elasticsearch- elasticsearch_version -linux-x86_64.tar.gz",
dest: "/opt/elasticsearch/"
- name: unarchinve the tar package
unarchive: src=https://www.songbingjia.com/opt/elasticsearch/elasticsearch- elasticsearch_version -linux-x86_64.tar.gz dest=/usr/local/ copy=no
- name: modify config
lineinfile:
path: /usr/local/elasticsearch- elasticsearch_version /config/elasticsearch.yml
regexp: " item.old "
line: " item.new "
with_items:
- old: #node.name,new: node.name: node-1
- old: #bootstrap.memory_lock,new: bootstrap.memory_lock: false
- old: #bootstrap.system_call_filter,new: bootstrap.system_call_filter: false
- old: #cluster.initial_master_nodes,new: cluster.initial_master_nodes: ["node-1"]
- old: #http.cors.enabled,new: http.cors.enabled: true
- old: #http.cors.allow-origin,new: http.cors.allow-origin: "*"
- old: #network.host,new: network.host: 0.0.0.0
- old: #http.port,new: http.port: 9200
- old: #transport.host,new: transport.host:hostip
- old: #transport.tcp.port,new: transport.tcp.port: 9300
- old: #xpack.security.enabled,new: xpack.security.enabled: true
- old: #xpack.security.transport.ssl.enabled,new: xpack.security.transport.ssl.enabled: true
- old: #xpack.security.transport.ssl.verification_mode,new: xpack.security.transport.ssl.verification_mode: certificate
- old: #xpack.security.transport.ssl.keystore.path,new: xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
- old: #xpack.security.transport.ssl.truststore.path,new: xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
- old: #discovery.zen.ping.unicast.hosts,new: discovery.zen.ping.unicast.hosts: [ ip ]
- old: #discovery.zen.minimum_master_nodes,new: discovery.zen.minimum_master_nodes: 2
- old: #node.master,new: node.master: true
- old: #node.data,new: node.data: false
- old: #node.ingest,new: node.ingest: false
- name: modify jvm
lineinfile:
path: /usr/local/elasticsearch- elasticsearch_version /config/jvm.options
regexp: " item.old1 "
line: " item.new1 "
with_items:
- old1: -Xms1g,new1: -Xms16g
- old1: -Xmx1g,new1: -Xmx16g
- name: create dir for certs
file: path= itemstate=directory
with_items:
- /usr/local/elasticsearch- elasticsearch_version /config/certs
- name: create user es
user:
name: es
state: present
- name推荐阅读
- NFS挂载后原始文件隐藏问题
- Ubuntu更换镜像源,更快升级和更新软件
- 第一周小结
- #yyds干货盘点#K8S 之网络互联通信
- git原理版本控制远程仓库
- #yyds干货盘点#linux不间断会话服务
- 冬奥季忆编程之美
- clearos安装clearos系统
- Ubuntu Ports更换成阿里云镜像源