Elasticsearch 업그레이드(Elasticsearche rpm install on CentOS 7)
테스트 환경
- CentOS 7
- elasticsearch 7.10.2
목표
- Upgrade Elasticsearche : https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-upgrade.html
- elasticsearch 8.3.1로 업그레이드
- 7.10에서 7.17로 업그레이드, 7.17에서 8.3으로 업그레이드
elasticsearch 패키지 다운로드
rpm 다운로드 - https://www.elastic.co/guide/en/elasticsearch/reference/8.3/rpm.html#rpm-repo
인증서 생성
CA 인증서(elastic-stack-ca.p12) 생성
/usr/share/elasticsearch/bin/elasticsearch-certutil ca
elastic-certificates.p12 인증서 생성
/usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca /usr/share/elasticsearch/elastic-stack-ca.p12
elasticsearch.yml 편집
vim /etc/elasticsearch/elasticsearch.yml
$ vim /etc/elasticsearch/elasticsearch.yml
...
xpack.license.self_generated.type: basic
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-methods : OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers : Authorization, X-Requested-With,X-Auth-Token,Content-Type, Content-Length
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: none
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: elastic-certificates.p12
xpack.security.http.ssl.truststore.path: elastic-certificates.p12
xpack.security.http.ssl.client_authentication: optional
원복을 위해 7.10.2 버전도 준비합니다.
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.10.2-x86_64.rpm
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.5-x86_64.rpm
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.3.1-x86_64.rpm
elasticsearch 7.10, 7.16 설정
elasticsearch.yml 편집
cluster.name: es-cluster
node.name: ndatanode01
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
bootstrap.memory_lock: true
bootstrap.system_call_filter: false
network.host: 0.0.0.0
http.port: 9200
transport.port: 9300
discovery.seed_hosts: [ "es01", "es02", "es03" ]
cluster.initial_master_nodes: [ "es01", "es02", "es03" ]
action.auto_create_index: true
xpack.monitoring.collection.enabled: true
path.repo: ['/usr/share/elasticsearch/backup']
xpack.license.self_generated.type: basic
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: none
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
kibana 7.10 docker-compose
- ELASTICSEARCH_USERNAME=elastic
- ELASTICSEARCH_PASSWORD=elastic1!
services:
kibana:
image: docker.elastic.co/kibana/kibana:7.10.2
container_name: kibana
hostname: kibana
restart: unless-stopped
user: "981"
extra_hosts:
- "es01:1.1.1.1"
- "es02:2.2.2.2"
- "es03:3.3.3.3"
environment:
- SERVERNAME=0.0.0.0
- ELASTICSEARCH_URL=http://es01:9200
- ELASTICSEARCH_HOSTS=http://es01:9200
- ELASTICSEARCH_USERNAME=elastic
- ELASTICSEARCH_PASSWORD=elastic1!
volumes:
- /usr/share/zoneinfo/Asia/Seoul:/etc/localtime:ro
- ./config/kibana.yml:/usr/share/kibana/config/kibana.yml
network_mode: host
healthcheck:
test: ["CMD", "curl", "-s", "-f", "http://localhost:5601/login"]
retries: 6
참고 - config/kibana.yml
---
#
# ** THIS IS AN AUTO-GENERATED FILE **
#
# Default Kibana configuration for docker target
server.name: kibana
server.port: 5601
server.host: "0.0.0.0"
# elasticsearch.ssl.verificationMode: none
elasticsearch.hosts: ["http://es01:9200"]
elasticsearch.username: "elastic"
elasticsearch.password: "elastic1!"
monitoring.ui.container.elasticsearch.enabled: true
elasticsearch 8.3 설정
elasticsearch.yml 편집
- bootstrap.system_call_filter: false 삭제
cluster.name: es-cluster
node.name: ndatanode01
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
bootstrap.memory_lock: true
network.host: 0.0.0.0
http.port: 9200
transport.port: 9300
discovery.seed_hosts: [ "es01", "es02", "es03" ]
cluster.initial_master_nodes: [ "es01", "es02", "es03" ]
action.auto_create_index: true
xpack.monitoring.collection.enabled: true
path.repo: ['/usr/share/elasticsearch/backup']
xpack.license.self_generated.type: basic
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: none
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
kibana 8.3 docker-compose
- ELASTICSEARCH_USERNAME=kibana_system
- ELASTICSEARCH_PASSWORD=elastic1!
services:
kibana:
image: docker.elastic.co/kibana/kibana:8.3.1
container_name: kibana
hostname: kibana
restart: unless-stopped
user: "981"
extra_hosts:
- "es01:1.1.1.1"
- "es02:2.2.2.2"
- "es03:3.3.3.3"
environment:
- SERVERNAME=0.0.0.0
- ELASTICSEARCH_URL=http://es01:9200
- ELASTICSEARCH_HOSTS=http://es01:9200
- ELASTICSEARCH_USERNAME=kibana_system
- ELASTICSEARCH_PASSWORD=elastic1!
volumes:
- /usr/share/zoneinfo/Asia/Seoul:/etc/localtime:ro
- ./config/kibana.yml:/usr/share/kibana/config/kibana.yml
network_mode: host
healthcheck:
test: ["CMD", "curl", "-s", "-f", "http://localhost:5601/login"]
retries: 6
kibana 설정
docker-compose.yml 편집
vim docker-compose.yml
version: '3.8'
services:
kibana:
image: docker.elastic.co/kibana/kibana:8.3.0
container_name: kibana
hostname: kibana
restart: unless-stopped
user: "981"
extra_hosts:
- "es01:1.1.1.1"
- "es02:2.2.2.2"
- "es03:3.3.3.3"
environment:
- SERVERNAME=kibana
- ELASTICSEARCH_URL=https://ndatanode01:9200
- ELASTICSEARCH_HOSTS=https://ndatanode01:9200
- ELASTICSEARCH_USERNAME=kibana_system
- ELASTICSEARCH_PASSWORD=elastic1!
volumes:
- /usr/share/zoneinfo/Asia/Seoul:/etc/localtime:ro
- ./config/kibana.yml:/usr/share/kibana/config/kibana.yml
- ./config/elastic-stack-ca.p12:/usr/share/kibana/config/elastic-stack-ca.p12
network_mode: host
# ports:
# - '5601:5601'
healthcheck:
test: ["CMD", "curl", "-s", "-f", "http://localhost:5601/login"]
retries: 6
kibana-encryption-keys 생성
docker-compose exec kibana bin/kibana-encryption-keys generate
kibana.yml 편집
vim config/kibana.yml
# Default Kibana configuration for docker target
server.name: kibana
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["https://es01:9200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "elastic1!"
monitoring.ui.container.elasticsearch.enabled: true
elasticsearch.ssl.certificateAuthorities: [ "/usr/share/kibana/config/elastic-stack-ca.p12" ]
elasticsearch.ssl.verificationMode: none
server.publicBaseUrl: "http://localhost:5601"
xpack.reporting.kibanaServer.hostname: localhost
xpack.encryptedSavedObjects.encryptionKey: dc41237082a02956042450c02c18b452
xpack.reporting.encryptionKey: e45f96375b51dfecd0b45726acc556d0
xpack.security.encryptionKey: ae32fdc8f26c57690042a9b9b51f077a
'리눅스' 카테고리의 다른 글
우분투에서 InfluxDB를 설치하고 설정하는 방법 (0) | 2022.07.06 |
---|---|
[리눅스] elasticsearch TLS 암호화 및 HTTPS 활성화 (0) | 2022.07.05 |
[리눅스] Elasticsearch Snapshot and Restore (0) | 2022.06.23 |
[리눅스] Export/Import kibana dashboards (0) | 2022.06.23 |
[draft] CentOS 7에서 root 패스워드를 초기화하는 방법 (0) | 2022.06.22 |