前言

前面介绍了es7相关的一些用法。这一节我们来实践下集群高可用搭建，以及账号权限的配置。

之前看了很多博主介绍的都是从主模式，主节点挂了集群也就不能对外服务了。
目前使用的最新版本7.6.0。账号配置需要破解x-pack包。（如果不需要设置密码可以忽略）

配置

集群间证书认证

不需要用户权限配置可以忽略。

## 在 $ES_HOME 目录下执行
bin/elasticsearch-certutil ca

## 直接回车默认是生成文件 elastic-stack-ca.p12
Please enter the desired output file [elastic-stack-ca.p12]: 
...

# 生成 elastic-stack-ca.p12后，执行命令elasticsearch-certutil

bin/elasticsearch-certutil cert --ca $ES_HOME/elastic-stack-ca.p12
...

# 直接回车生成elastic-certificates.p12文件
# 然后将生成的文件拷贝到各个节点的config下

elasticsearch.yml

主节点：
# 集群名称
cluster.name: "es_cluster"
# 节点名称 master1
node.name: master1
# 是否可以成为master节点
node.master: true
# 是否允许该节点存储数据,默认开启
node.data: true
# 网络绑定,这里我绑定 0.0.0.0,支持外网访问
network.host: ["0.0.0.0"]
# 设置对外服务的http端口，默认为9200
http.port: 9200
# 支持跨域访问
http.cors.enabled: true
http.cors.allow-origin: "*"
# 设置节点间交互的tcp端口,默认是9300
transport.tcp.port: 9300
# 集群发现的节点ip
discovery.seed_hosts: ["dc_es1","dc_es2","dc_es3"]
# 手动指定可以成为 mater 的所有节点的 name 或者 ip，这些配置将会在第一次选举中进行计算
cluster.initial_master_nodes: ["dc_es1","dc_es2","dc_es3"]
# 数据仓储位置
path.data: /data/es/data
path.logs: /data/es/logs
# 备份数据存储路径
path.repo: ["/data/es/backup"]
# 用户权限配置，不止的用户的可以忽略，
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
# es 应用是不锁住jvm内存
bootstrap.memory_lock: false
bootstrap.system_call_filter: false

如果你的集群是三个节点，需要高可用配置。那么其他两个节点的配置只需要修改下node.name，另外cluster.initial_master_nodes 允许为主节点的ip需要设置为单数，如果集群3个节点只配置了两个个initial_master_nodes，cluster.initial_master_nodes: ["dc_es1","dc_es2"]，当主节点挂了就有用以下异常：

[2020-02-25T13:56:16,123][WARN ][o.e.c.c.ClusterFormationFailureHelper] [master2] master not discovered yet: have discovered [{master2
}{2GvgG6GvStmPR2Z68wkQeg}{9jC8kh0gQuidUAMOoegSGA}{dc_es3}{dc_es3:9300}{dil}{ml.machine_memory=33520295936, xpack.installed=tru
e, ml.max_open_jobs=20}]; discovery will continue using [dc_es1:9300, 10.10.141.79:9300] from hosts providers and [{master}{0
OkhhL3LQGejjq5WNnGIdA}{1t0Pahd1SGmEH-M6G5WwNA}{dc_es1}{dc_es1:9300}{dilm}{ml.machine_memory=33520295936, ml.max_open_jobs=20,
 xpack.installed=true}] from last-known cluster state; node term 8, last-accepted version 88 in term 8
[2020-02-25T13:56:24,610][WARN ][o.e.t.TcpTransport       ] [master2] exception caught on transport layer [Netty4TcpChannel{localAddr
ess=/dc_es3:9300, remoteAddress=/dc_es:47282}], closing connection
io.netty.handler.codec.DecoderException: java.io.StreamCorruptedException: SSL/TLS request received but SSL/TLS is not enabled on th
is node, got (16,3,3,1)

密码设置

任意节点下执行：bin/elasticsearch-setup-passwords interactive
会提示是否要设置6个账号密码[y/n]，我们执行y，然后配置每个账号的密码就可以了。

验证

配置好后，我们可以通过Elasticsearch-head查看集群状态。

当然也可用命令随机查询一台节点。查看集群状态，主节点ip。如果没有用户–user可用省略

curl -XGET --user elastic:sZEXdEQr2I5iW6KxGxM2 'http://dc_es2:9200/_cat/nodes?v' 

master下带*号标记的就为主节点，可用看到目前是节点名为master1

此时关闭master1节点对应的es进程，如果配置正常集群仍然是可用的。同样发送curl命令。发现master2做为主节点了，集群能响应请求说明是高可用的。

然后我们再查看下具体的日志

[2020-02-25T18:32:03,942][INFO ][o.e.c.s.MasterService    ] [master2] node-left[{master1}{0OkhhL3LQGejjq5WNnGIdA}{Y0-fG9YVSIS7yh_yTwPpvg}{dc_es1}{dc_es1:9300}{dilm}{ml.machine_memory=33520295936, ml.max_open_jobs=20, xpack.installed=true} reason: disconnected], term: 15, version: 217, delta: removed {{master1}{0OkhhL3LQGejjq5WNnGIdA}{Y0-fG9YVSIS7yh_yTwPpvg}{dc_es1}{dc_es1:9300}{dilm}{ml.machine_memory=33520295936, ml.max_open_jobs=20, xpack.installed=true}}
[2020-02-25T18:32:03,976][INFO ][o.e.c.s.ClusterApplierService] [master2] removed {{master1}{0OkhhL3LQGejjq5WNnGIdA}{Y0-fG9YVSIS7yh_yTwPpvg}{dc_es1}{dc_es1:9300}{dilm}{ml.machine_memory=33520295936, ml.max_open_jobs=20, xpack.installed=true}}, term: 15, version: 217, reason: Publication{term=15, version=217}
[2020-02-25T18:32:03,990][INFO ][o.e.c.r.DelayedAllocationService] [master2] scheduling reroute for delayed shards in [59.9s] (5 delayed shards)
[2020-02-25T18:32:03,999][INFO ][o.e.i.s.IndexShard       ] [master2] [app_reg_idfa][0] primary-replica resync completed with 0 operations
[2020-02-25T18:32:04,000][INFO ][o.e.i.s.IndexShard       ] [master2] [.security-7][0] primary-replica resync completed with 0 operations
[2020-02-25T18:32:04,000][INFO ][o.e.i.s.IndexShard       ] [master2] [app_active_idfa][0] primary-replica resync completed with 0 operations
[2020-02-25T18:33:03,458][INFO ][o.e.c.s.MasterService    ] [master2] node-join[{master1}{0OkhhL3LQGejjq5WNnGIdA}{yJjSDIXPTZGsgK8XlH9vOg}{dc_es1}{dc_es1:9300}{dilm}{ml.machine_memory=33520295936, ml.max_open_jobs=20, xpack.installed=true} join existing leader], term: 15, version: 218, delta: added {{master1}{0OkhhL3LQGejjq5WNnGIdA}{yJjSDIXPTZGsgK8XlH9vOg}{dc_es1}{dc_es1:9300}{dilm}{ml.machine_memory=33520295936, ml.max_open_jobs=20, xpack.installed=true}}
[2020-02-25T18:33:03,805][INFO ][o.e.c.s.ClusterApplierService] [master2] added {{master1}{0OkhhL3LQGejjq5WNnGIdA}{yJjSDIXPTZGsgK8XlH9vOg}{dc_es1}{dc_es1:9300}{dilm}{ml.machine_memory=33520295936, ml.max_open_jobs=20, xpack.installed=true}}, term: 15, version: 218, reason: Publication{term=15, version=218}
[2020-02-25T18:33:04,676][INFO ][o.e.c.r.a.AllocationService] [master2] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[app_reg_idfa][0]]])

可以看到master节点离开，原因是disconnected，master2将master1移除，然后同步副本小于预值的索引。
现在我们重新启动dc_es1上的master1，在执行curl命令。此时master1节点回来了，但是主节点仍然是替换后的master2。

客户端集群配置

restHighLevelClient

spring.elasticsearch.rest.uris=${ip1}:9200,${ip2}:${port}
spring.elasticsearch.rest.username=
spring.elasticsearch.rest.password=

jdbc

7.6.0版本，目前EsDataSource还没有多个url配置，需要的话可以考虑lvs。

参考

集群密码配置参考博客