elasticsearch集群配置负载均衡，elasticsearch + x-pack 实现集群配置

之前用的一直是单机，但是出现了很多的问题，所以就像安装了x-pack之后，也能不能搞个elasticsearch集群呢？
不多说，就是干。
对x-pack的破解 可以再生成之后加入 也可以生成之前加入：
正式开始：

**

1 配置SSL/TSL的集群文件 授权配置

**
在/usr/local/nlp/elasticsearch-6.0.1/config目录下创建一个certs目录
用来存放证书和相对应的SLL-key
$ mkdir certs
创建文件 instances.yml
$ touch instances.yml

instances.yml配置信息：

instances:
  - name: "node-1"
    ip:
      - "10.168.12.138"
  - name: "node-2"
    ip:
      - "10.168.12.95"

**

2 通过yml生产证书

**

用x-pack中的certgen生产证书

$ ./bin/x-pack/certgen -in /config/certs/instances.yml

生成证书时会提示选择一个目录（certs.zip必须是不存在的文件）

**

3 解压生成的zip文件

**

查看文件config/certs
$ cd /usr/local/elasticsearch-6.0.1/config/certs
$ ll

-rw------- 1 xxxx xxxx 7837 4月   1 10:43 certs.zip
-rw-rw-r-- 1 xxxx xxxx  114 4月   1 10:43 instances.yml

$ unzip certs.zip

drwxrwxr-x 2 xxxx xxxx 4096 4月   1 10:43 ca
-rw------- 1 xxxx xxxx 7837 4月   1 10:43 certs.zip
-rw-rw-r-- 1 xxxx xxxx  114 4月   1 10:43 instances.yml
drwxrwxr-x 2 xxxx xxxx 4096 4月   1 10:43 node-1
drwxrwxr-x 2 xxxx xxxx 4096 4月   1 13:52 node-2

**

4 配置 将相应的node-x和ca分发到各个节点进行配置

**
(注：例如你有两台机器做负载，在其中一台机器上生成证书文件即可，不用两台都生成

将生成好的证书文件直接分发到各个集群的机器上进行配置即可)

配置第一个节点

# ---------------------------------- Cluster -----------------------------------
cluster.name: my-application
node.name: node-1
node.attr.rack: r1
path.data: /usr/local/es/date

# ---------------------------------- Network -----------------------------------
network.host: 100.100.100.100
http.port: 8200
transport.tcp.port: 8201

# --------------------------------- Discovery ----------------------------------
discovery.zen.ping.unicast.hosts: ["100.100.100.100:8201", "100.100.100.101:8201"]
discovery.zen.minimum_master_nodes: 1

# ---------------------------------- Various -----------------------------------
bootstrap.memory_lock: false
bootstrap.system_call_filter: false

# ------------------------------- 配置head连接 -----------------------------------
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,Content-Type

# ----------------------- 配置x-pack属性 --------------------------------------
#xpack.security.enabled: false
xpack.graph.enabled: false
xpack.ml.enabled: false
#xpack.reporting.enabled: false
xpack.monitoring.enabled: false
xpack.watcher.enabled: false
xpack.security.transport.ssl.enabled: true

xpack.ssl.key: /usr/local/elasticsearch-6.0.1/config/certs/node-1/node-1.key
xpack.ssl.certificate: /usr/local/elasticsearch-6.0.1/config/certs/node-1/node-1.crt
xpack.ssl.certificate_authorities: /usr/local/elasticsearch-6.0.1/config/certs/ca/ca.crt

注意：配置文件中 添加了 transport.tcp.port: 8201，在配置Discovery节点的时候端口号是tcp的端口，这里千万别搞错了，之前在这里踩过坑，还有就是xpack.security.enabled: true的朋友 ，注意修改为 xpack.security.transport.ssl.enabled: true ，

第二台的配置信息：

配置第二个节点

# ---------------------------------- Cluster -----------------------------------
cluster.name: my-application
node.name: node-2
node.attr.rack: r1
path.data: /usr/local/es/date

# ---------------------------------- Network -----------------------------------
network.host: 100.100.100.101
http.port: 8200
transport.tcp.port: 8201

# --------------------------------- Discovery ----------------------------------
discovery.zen.ping.unicast.hosts: ["100.100.100.100:8201", "100.100.100.101:8201"]
discovery.zen.minimum_master_nodes: 1

# ---------------------------------- Various -----------------------------------
bootstrap.memory_lock: false
bootstrap.system_call_filter: false

# ------------------------------- 配置head连接 -----------------------------------
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,Content-Type

# ----------------------- 配置x-pack属性 --------------------------------------
#xpack.security.enabled: true
xpack.graph.enabled: false
xpack.ml.enabled: false
#xpack.reporting.enabled: true
xpack.monitoring.enabled: false
xpack.watcher.enabled: false
xpack.security.transport.ssl.enabled: true

xpack.ssl.certificate_authorities: /usr/local//elasticsearch-6.0.1/config/certs/ca/ca.crt
xpack.ssl.key: /usr/local/elasticsearch-6.0.1/config/certs/node-2/node-2.key
xpack.ssl.certificate: /usr/local/elasticsearch-6.0.1/config/certs/node-2/node-2.crt

现在全部配置完成，我们用head连接一下试试