본문 바로가기

리눅스

[리눅스] Elasticsearch 업그레이드(Elasticsearche rpm install on CentOS 7)

728x90

Elasticsearch 업그레이드(Elasticsearche rpm install on CentOS 7)

테스트 환경

- CentOS 7

- elasticsearch 7.10.2

목표

- Upgrade Elasticsearche : https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-upgrade.html

- elasticsearch 8.3.1로 업그레이드

- 7.10에서 7.17로 업그레이드, 7.17에서 8.3으로 업그레이드

elasticsearch 패키지 다운로드

rpm 다운로드 - https://www.elastic.co/guide/en/elasticsearch/reference/8.3/rpm.html#rpm-repo


인증서 생성

CA 인증서(elastic-stack-ca.p12) 생성

/usr/share/elasticsearch/bin/elasticsearch-certutil ca

elastic-certificates.p12 인증서 생성

/usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca /usr/share/elasticsearch/elastic-stack-ca.p12

elasticsearch.yml 편집

vim /etc/elasticsearch/elasticsearch.yml
$ vim /etc/elasticsearch/elasticsearch.yml
...
xpack.license.self_generated.type: basic

http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-methods : OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers : Authorization, X-Requested-With,X-Auth-Token,Content-Type, Content-Length

xpack.security.enabled: true

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: none
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: elastic-certificates.p12
xpack.security.http.ssl.truststore.path: elastic-certificates.p12
xpack.security.http.ssl.client_authentication: optional

원복을 위해 7.10.2 버전도 준비합니다.

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.10.2-x86_64.rpm
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.5-x86_64.rpm
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.3.1-x86_64.rpm

elasticsearch 7.10, 7.16 설정

elasticsearch.yml 편집

cluster.name: es-cluster

node.name: ndatanode01

path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch

bootstrap.memory_lock: true

bootstrap.system_call_filter: false

network.host: 0.0.0.0

http.port: 9200
transport.port: 9300

discovery.seed_hosts: [ "es01", "es02", "es03" ]
cluster.initial_master_nodes: [ "es01", "es02", "es03" ]

action.auto_create_index: true

xpack.monitoring.collection.enabled: true

path.repo: ['/usr/share/elasticsearch/backup']

xpack.license.self_generated.type: basic

xpack.security.enabled: true

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: none
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

kibana 7.10 docker-compose

- ELASTICSEARCH_USERNAME=elastic
 - ELASTICSEARCH_PASSWORD=elastic1!

services:
  kibana:
    image: docker.elastic.co/kibana/kibana:7.10.2
    container_name: kibana
    hostname: kibana
    restart: unless-stopped
    user: "981"
    extra_hosts:
      - "es01:1.1.1.1"
      - "es02:2.2.2.2"
      - "es03:3.3.3.3"
    environment:
      - SERVERNAME=0.0.0.0
      - ELASTICSEARCH_URL=http://es01:9200
      - ELASTICSEARCH_HOSTS=http://es01:9200
      - ELASTICSEARCH_USERNAME=elastic
      - ELASTICSEARCH_PASSWORD=elastic1!
    volumes:
      - /usr/share/zoneinfo/Asia/Seoul:/etc/localtime:ro
      - ./config/kibana.yml:/usr/share/kibana/config/kibana.yml
    network_mode: host
    healthcheck:
      test: ["CMD", "curl", "-s", "-f", "http://localhost:5601/login"]
      retries: 6

참고 - config/kibana.yml 

---
#
# ** THIS IS AN AUTO-GENERATED FILE **
#

# Default Kibana configuration for docker target
server.name: kibana
server.port: 5601
server.host: "0.0.0.0"
# elasticsearch.ssl.verificationMode: none
elasticsearch.hosts: ["http://es01:9200"]
elasticsearch.username: "elastic"
elasticsearch.password: "elastic1!"

monitoring.ui.container.elasticsearch.enabled: true

elasticsearch 8.3 설정

elasticsearch.yml 편집

- bootstrap.system_call_filter: false 삭제

cluster.name: es-cluster

node.name: ndatanode01

path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch

bootstrap.memory_lock: true

network.host: 0.0.0.0

http.port: 9200
transport.port: 9300

discovery.seed_hosts: [ "es01", "es02", "es03" ]
cluster.initial_master_nodes: [ "es01", "es02", "es03" ]

action.auto_create_index: true

xpack.monitoring.collection.enabled: true

path.repo: ['/usr/share/elasticsearch/backup']

xpack.license.self_generated.type: basic

xpack.security.enabled: true

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: none
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

kibana 8.3 docker-compose

- ELASTICSEARCH_USERNAME=kibana_system
 - ELASTICSEARCH_PASSWORD=elastic1!

services:
  kibana:
    image: docker.elastic.co/kibana/kibana:8.3.1
    container_name: kibana
    hostname: kibana
    restart: unless-stopped
    user: "981"
    extra_hosts:
      - "es01:1.1.1.1"
      - "es02:2.2.2.2"
      - "es03:3.3.3.3"
    environment:
      - SERVERNAME=0.0.0.0
      - ELASTICSEARCH_URL=http://es01:9200
      - ELASTICSEARCH_HOSTS=http://es01:9200
      - ELASTICSEARCH_USERNAME=kibana_system
      - ELASTICSEARCH_PASSWORD=elastic1!
    volumes:
      - /usr/share/zoneinfo/Asia/Seoul:/etc/localtime:ro
      - ./config/kibana.yml:/usr/share/kibana/config/kibana.yml
    network_mode: host
    healthcheck:
      test: ["CMD", "curl", "-s", "-f", "http://localhost:5601/login"]
      retries: 6

kibana 설정

docker-compose.yml 편집

vim docker-compose.yml
version: '3.8'
services:
  kibana:
    image: docker.elastic.co/kibana/kibana:8.3.0
    container_name: kibana
    hostname: kibana
    restart: unless-stopped
    user: "981"
    extra_hosts:
      - "es01:1.1.1.1"
      - "es02:2.2.2.2"
      - "es03:3.3.3.3"
    environment:
      - SERVERNAME=kibana
      - ELASTICSEARCH_URL=https://ndatanode01:9200
      - ELASTICSEARCH_HOSTS=https://ndatanode01:9200
      - ELASTICSEARCH_USERNAME=kibana_system
      - ELASTICSEARCH_PASSWORD=elastic1!
    volumes:
      - /usr/share/zoneinfo/Asia/Seoul:/etc/localtime:ro
      - ./config/kibana.yml:/usr/share/kibana/config/kibana.yml
      - ./config/elastic-stack-ca.p12:/usr/share/kibana/config/elastic-stack-ca.p12
    network_mode: host
    # ports:
    #   - '5601:5601'
    healthcheck:
      test: ["CMD", "curl", "-s", "-f", "http://localhost:5601/login"]
      retries: 6

kibana-encryption-keys 생성

docker-compose exec kibana bin/kibana-encryption-keys generate

kibana.yml 편집

vim config/kibana.yml
# Default Kibana configuration for docker target
server.name: kibana
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["https://es01:9200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "elastic1!"

monitoring.ui.container.elasticsearch.enabled: true

elasticsearch.ssl.certificateAuthorities: [ "/usr/share/kibana/config/elastic-stack-ca.p12" ]
elasticsearch.ssl.verificationMode: none

server.publicBaseUrl: "http://localhost:5601"

xpack.reporting.kibanaServer.hostname: localhost

xpack.encryptedSavedObjects.encryptionKey: dc41237082a02956042450c02c18b452
xpack.reporting.encryptionKey: e45f96375b51dfecd0b45726acc556d0
xpack.security.encryptionKey: ae32fdc8f26c57690042a9b9b51f077a
728x90