简介
本文次要介绍在国产操作系统 Kylin V10 (Lance)-aarch64 上装置单机版 Easysearch/Console/Agent/Gateway/Loadgen
系统配置
在装置之前,须要先进行零碎参数调整并创立操作用户,以下命令均须要应用 root 用户操作。
# 配置 nofile 和 memlock
tee /etc/security/limits.d/21-infini.conf <<-'EOF'
* soft nofile 1048576
* hard nofile 1048576
* soft memlock unlimited
* hard memlock unlimited
root soft nofile 1048576
root hard nofile 1048576
root soft memlock unlimited
root hard memlock unlimited
EOF
#敞开 THP
echo never > /sys/kernel/mm/transparent_hugepage/enabled
echo never > /sys/kernel/mm/transparent_hugepage/defrag
grep -i HugePages_Total /proc/meminfo
grep -wq transparent_hugepage /etc/rc.local || cat <<-'EOF' >> /etc/rc.local
if test -f /sys/kernel/mm/transparent_hugepage/enabled; then
echo never > /sys/kernel/mm/transparent_hugepage/enabled
fi
if test -f /sys/kernel/mm/transparent_hugepage/defrag; then
echo never > /sys/kernel/mm/transparent_hugepage/defrag
fi
EOF
chmod 755 /etc/rc.local
#内核调优
tee /etc/sysctl.d/70-infini.conf <<-'EOF'
vm.max_map_count = 262145
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 65535
net.ipv4.tcp_max_syn_backlog = 65535
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_timestamps=1
net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_keepalive_time = 900
net.ipv4.tcp_max_tw_buckets = 2000000
net.ipv4.ip_local_port_range = 1024 65535
EOF
sysctl -p /etc/sysctl.d/70-infini.conf
用户配置
# 创立 Easysearch 操作用户
groupadd -g 602 es
useradd -u 602 -g es -m -d /home/es -c 'easysearch' -s /bin/bash es
配置 JDK
# 在各个节点上别离操作
wget -N https://release.infinilabs.com/easysearch/jdk/zulu17.40.19-ca-jdk17.0.6-linux_aarch64.tar.gz -P /usr/src
mkdir -p /usr/local/jdk
tar -zxf /usr/src/zulu*.tar.gz -C /usr/local/jdk --strip-components 1
tee /etc/profile.d/java.sh <<-'EOF'
# set java environment
JAVA_HOME=/usr/local/jdk
CLASSPATH=$CLASSPATH:$JAVA_HOME/lib
PATH=$JAVA_HOME/bin:$PATH
export PATH JAVA_HOME CLASSPATH
EOF
source /etc/profile
java -version
Easysearch 部署
部署及明码配置
# 在线装置
curl -sSL http://get.infini.sh | bash -s -- -p easysearch -d /data/easysearch
#初始化证书 (若不采纳默认证书,如须要调整证书可批改证书生成文件)
cd /data/easysearch
bin/initialize.sh
ll /data/easysearch/config/{*.crt,*.key,*.pem}
#调整默认明码及服务配置文件
export ES_HOME=/data/easysearch
pass=`tr -cd 'a-zA-Z0-9!@#$%' </dev/urandom | head -c20`
#记录明码后,删除该文件
echo $pass > /usr/src/pass
hash=`$ES_HOME/bin/hash_password.sh -p $pass`
echo $hash
#更新明码字段
cat <<EOF > $ES_HOME/config/security/user.yml
meta:
type: "user"
config_version: 2
# Define your internal users here
## Admin users
admin:
hash: "$hash"
reserved: true
external_roles:
- "admin"
description: "Admin user"
EOF
配置文件及 JVM 调整
cat <<EOF > /data/easysearch/config/easysearch.yml
cluster.name: infinilabs
node.name: node-1
network.host: 0.0.0.0
http.port: 9200
transport.port: 9300
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
cluster.initial_master_nodes: ["node-1"]
path.home: /data/easysearch
path.data: /data/easysearch/data
path.logs: /data/easysearch/logs
http.compression: true
security.enabled: true
security.audit.type: noop
security.ssl.transport.cert_file: instance.crt
security.ssl.transport.key_file: instance.key
security.ssl.transport.ca_file: ca.crt
security.ssl.transport.skip_domain_verify: true
security.ssl.http.enabled: true
security.ssl.http.cert_file: instance.crt
security.ssl.http.key_file: instance.key
security.ssl.http.ca_file: ca.crt
security.allow_default_init_securityindex: true
security.nodes_dn:
- 'CN=infini.cloud,OU=UNIT,O=ORG,L=NI,ST=FI,C=IN'
security.restapi.roles_enabled: ["superuser", "security_rest_api_access"]
security.system_indices.enabled: true
security.ssl.http.clientauth_mode: OPTIONAL
security.system_indices.indices: [".infini-*"]
#for admin dn
## specify admin certs to operate against system indices, basic_auth is not required
## curl -k --cert config/admin.crt --key config/admin.key -XDELETE 'https://localhost:9200/.infini-*/'
security.authcz.admin_dn:
- 'CN=admin.infini.cloud,OU=UNIT,O=ORG,L=NI,ST=FI,C=IN'
EOF
#依据理论机器内存的大小进行配置,举荐配置为机器内存一半,且不超过 31G
sed -i "s/1g/4g/g" $ES_HOME/config/jvm.options
备份目录及权限调整
# 创立备份目录
mkdir -p /data/easysearch/backup
#更新目录权限
chown -R es.es /data/easysearch
环境变量及启动服务
su - es
grep -wq easysearch ~/.bashrc || cat<<EOF >> ~/.bashrc
export ES_HOME=/data/easysearch
EOF
source ~/.bashrc
#当前台形式启动服务
$ES_HOME/bin/easysearch -d
Easysearch 验证
curl -ku "admin:$pass" https://127.0.0.1:9200
curl -ku "admin:$pass" https://127.0.0.1:9200/_cluster/health?pretty
curl -ku "admin:$pass" https://127.0.0.1:9200/_cat/nodes?v
部署 Console
curl -sSL http://get.infini.sh | bash -s -- -p console
#装置服务并启动
cd /opt/console
./console-linux-arm64 -service install
./console-linux-arm64 -service start
#验证
systemctl status console
部署 Agent
curl -sSL http://get.infini.sh | bash -s -- -p agent
#批改 Agent 配置文件
cd /opt/agent
sed -i "/ES_ENDPOINT:/ s|\(.*\: \).*|\1$https://localhost:9200|" agent.yml
sed -i "/ES_USER:/ s|\(.*\: \).*|\1admin|" agent.yml
sed -i "/ES_PASS:/ s|\(.*\: \).*|\1$pass|" gateway.yml
sed -i "/API_BINDING:/ s|\(.*\: \).*|\1\"0.0.0.0:8080\"|" agent.yml
head -n 5 agent.yml
#装置服务并启动
./agent-linux-arm64 -service install
./agent-linux-arm64 -service start
#验证
systemctl status agent
部署 Gateway
curl -sSL http://get.infini.sh | bash -s -- -p gateway
cd /opt/gateway
#批改 Gateway 配置文件
sed -i "/ES_PASS:/ s|\(.*\: \).*|\1$pass|" gateway.yml
head -n 10 gateway.yml
#装置服务并启动
./gateway-linux-arm64 -service install
./gateway-linux-arm64 -service start
#查看服务
systemctl status gateway
curl -u "admin:$pass" http://127.0.0.1:8000
部署 Loadgen
curl -sSL http://get.infini.sh | bash -s -- -p loadgen
#写入数据测试
cd /opt/loadgen
mkdir -p mock
cat <<EOF > mock/nginx.log
175.10.75.216 - - [28/Jul/2020:21:20:26 +0800] "GET / HTTP/1.1" 200 8676 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"
175.10.75.216 - - [28/Jul/2020:21:20:26 +0800] "GET /vendor/bootstrap/css/bootstrap.css HTTP/1.1" 200 17235 "http://dl-console.elasticsearch.cn/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"
175.10.75.216 - - [28/Jul/2020:21:20:26 +0800] "GET /vendor/daterangepicker/daterangepicker.css HTTP/1.1" 200 1700 "http://dl-console.elasticsearch.cn/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"
175.10.75.216 - - [28/Jul/2020:21:20:26 +0800] "GET /vendor/fork-awesome/css/v5-compat.css HTTP/1.1" 200 2091 "http://dl-console.elasticsearch.cn/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"
175.10.75.216 - - [28/Jul/2020:21:20:26 +0800] "GET /assets/font/raleway.css HTTP/1.1" 200 145 "http://dl-console.elasticsearch.cn/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"
175.10.75.216 - - [28/Jul/2020:21:20:26 +0800] "GET /vendor/fork-awesome/css/fork-awesome.css HTTP/1.1" 200 8401 "http://dl-console.elasticsearch.cn/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"
175.10.75.216 - - [28/Jul/2020:21:20:26 +0800] "GET /assets/css/overrides.css HTTP/1.1" 200 2524 "http://dl-console.elasticsearch.cn/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"
175.10.75.216 - - [28/Jul/2020:21:20:26 +0800] "GET /assets/css/theme.css HTTP/1.1" 200 306 "http://dl-console.elasticsearch.cn/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"
175.10.75.216 - - [28/Jul/2020:21:20:26 +0800] "GET /vendor/fancytree/css/ui.fancytree.css HTTP/1.1" 200 3456 "http://dl-console.elasticsearch.cn/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"
175.10.75.216 - - [28/Jul/2020:21:20:26 +0800] "GET /syncthing/development/logbar.js HTTP/1.1" 200 486 "http://dl-console.elasticsearch.cn/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"
EOF
cat <<EOF > loadgen.yml
env:
ES_USERNAME: admin
ES_PASSWORD: $pass
ES_ENDPOINT: http://localhost:8000
runner:
# total_rounds: 1
no_warm: false
# Whether to log all requests
log_requests: false
# Whether to log all requests with the specified response status
log_status_codes:
- 0
- 500
assert_invalid: false
assert_error: false
variables:
- name: ip
type: file
path: dict/ip.txt
- name: message
type: file
path: mock/nginx.log
replace: # replace special characters in the value
'"':'\"''\': '\\'
- name: user
type: file
path: dict/user.txt
- name: id
type: sequence
- name: uuid
type: uuid
- name: now_local
type: now_local
- name: now_utc
type: now_utc
- name: now_unix
type: now_unix
- name: suffix
type: range
from: 10
to: 13
requests:
- request:
method: POST
runtime_variables:
batch_no: uuid
runtime_body_line_variables:
routing_no: uuid
basic_auth:
username: $[[env.ES_USERNAME]]
password: $[[env.ES_PASSWORD]]
url: $[[env.ES_ENDPOINT]]/_bulk
body_repeat_times: 5000
body: |
{"index" : { "_index" : "test-$[[suffix]]", "_id" : "$[[uuid]]" } }
{"id" : "$[[uuid]]","routing_no" : "$[[routing_no]]","batch_number" : "$[[batch_no]]","message" : "$[[message]]","random_no" : "$[[suffix]]","ip" : "$[[ip]]","now_local" : "$[[now_local]]","now_unix" : "$[[now_unix]]" }
EOF
#执行测试
./loadgen-linux-arm64 -c 6 -d 6 --compress
#查看测试索引文档
curl -u "admin:$pass" http://127.0.0.1:8000/_cat/indices/test*?v
至此,实现在 Kylin V10 (Lance)-aarch64 上装置单机版 Easysearch/Console/Agent/Gateway/Loadgen。通过浏览器 http:// 装置机器 IP:9000/ 即可拜访 Console,对 Easysearch 进行配置管理。