Я хотел бы автоматизировать создание кластера Elasticsearch из 5 узлов + 1 узел Kibana для целей разработки (невозможно использовать docker на сервере, который у меня есть в настоящее время). Я открою Elasticsearch для inte rnet, поэтому я хотел бы изменить пароль по умолчанию из соображений безопасности. Я надеялся, что кто-то знает, как автоматизировать установку пароля в скрипте или vagrantfile?
vagrantfile
# Vagrantfile for setting up a 5 node Elasticsearch v7.6.2
# 5 nodes, all have the master and data roles
# 1 Kibana node
Vagrant.configure("2") do |config|
config.vm.define "elastic1" do |elastic1|
elastic1.vm.box = "centos/7"
elastic1.vm.hostname = "elastic1"
elastic1.vm.network :private_network, ip: "192.168.56.111"
elastic1.vm.provider "virtualbox" do |vb|
vb.gui = false
vb.memory = "2048"
vb.name = "elastic1"
end
elastic1.vm.provision :shell, path: "scripts/elastic_node_provision.sh"
end
config.vm.define "elastic2" do |elastic2|
elastic2.vm.box = "centos/7"
elastic2.vm.hostname = "elastic2"
elastic2.vm.network :private_network, ip: "192.168.56.112"
elastic2.vm.provider "virtualbox" do |vb|
vb.gui = false
vb.memory = "2048"
vb.name = "elastic2"
end
elastic2.vm.provision :shell, path: "scripts/elastic_node_provision.sh"
end
config.vm.define "elastic3" do |elastic3|
elastic3.vm.box = "centos/7"
elastic3.vm.hostname = "elastic3"
elastic3.vm.network :private_network, ip: "192.168.56.113"
elastic3.vm.provider "virtualbox" do |vb|
vb.gui = false
vb.memory = "2048"
vb.name = "elastic3"
end
elastic3.vm.provision :shell, path: "scripts/elastic_node_provision.sh"
end
config.vm.define "elastic4" do |elastic4|
elastic4.vm.box = "centos/7"
elastic4.vm.hostname = "elastic4"
elastic4.vm.network :private_network, ip: "192.168.56.114"
elastic4.vm.provider "virtualbox" do |vb|
vb.gui = false
vb.memory = "2048"
vb.name = "elastic4"
end
elastic4.vm.provision :shell, path: "scripts/elastic_node_provision.sh"
end
config.vm.define "elastic5" do |elastic5|
elastic5.vm.box = "centos/7"
elastic5.vm.hostname = "elastic5"
elastic5.vm.network :private_network, ip: "192.168.56.115"
elastic5.vm.provider "virtualbox" do |vb|
vb.gui = false
vb.memory = "2048"
vb.name = "elastic5"
end
elastic5.vm.provision :shell, path: "scripts/elastic_node_provision.sh"
end
config.vm.define "kibana" do |kibana|
kibana.vm.box = "centos/7"
kibana.vm.hostname = "kibana"
kibana.vm.network :private_network, ip: "192.168.56.116"
kibana.vm.provider "virtualbox" do |vb|
vb.gui = false
vb.memory = "2048"
vb.name = "kibana"
end
kibana.vm.provision :shell, path: "scripts/kibana_node_provision.sh"
end
end
Elasticsearch script
#!/bin/bash
# Colorize bash shell. Makes sysadmin life easier.
cat > /etc/profile.d/colorbashshell.sh <<'EOF'
RED="\[\033[0;31m\]"
GREEN="\[\033[0;32m\]"
YELLOW="\[\033[1;33m\]"
BLUE="\[\033[0;34m\]"
PURPLE="\[\033[0;35m\]"
CYAN="\[\033[0;36m\]"
WHITE="\[\033[1;37m\]"
RESET="\[\033[0m\]"
if [ $(id -u) -eq 0 ];
then # you are root, set red colour prompt
PS1="[$RED\u$RESET$CYAN@\h$RESET$PURPLE \W$RESET]\$ "
else # normal
PS1="[$GREEN\u$RESET$CYAN@\h$RESET$PURPLE \W$RESET]\$ "
fi
EOF
# Add hosts in project to local hosts file (for DNS resolution)
sudo echo '192.168.56.111 elastic1 elastic1' >> /etc/hosts
sudo echo '192.168.56.112 elastic2 elastic2' >> /etc/hosts
sudo echo '192.168.56.113 elastic3 elastic3' >> /etc/hosts
sudo echo '192.168.56.114 elastic3 elastic4' >> /etc/hosts
sudo echo '192.168.56.115 elastic3 elastic5' >> /etc/hosts
sudo echo '192.168.56.116 kibana kibana' >> /etc/hosts
# Install OpenJRE 11 and wget
sudo yum -y install java-11-openjdk wget
# Download and install Elasticsearch, clean up downloaded file
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.6.2-x86_64.rpm
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.6.2-x86_64.rpm.sha512
shasum -a 512 -c elasticsearch-7.6.2-x86_64.rpm.sha512
sudo rpm --install elasticsearch-7.6.2-x86_64.rpm
sudo rm -rf elasticsearch-7.6.2-x86_64.rpm
# Configure Elasticsearch
sudo rm -rf /etc/elasticsearch/elasticsearch.yml
sudo cat > /etc/elasticsearch/elasticsearch.yml <<'EOF'
cluster.name: vagrant-dev
cluster.initial_master_nodes:
- elastic1
node.name: ${HOSTNAME}
bootstrap.memory_lock: true
node.master: true
node.data: true
node.ingest: true
node.ml: false
network.host: [ "_eth1_" ]
http.port: 9200
discovery.seed_hosts: [ "elastic1", "elastic2", "elastic3", "elastic4", "elastic5" ]
node.max_local_storage_nodes: 2
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.collection.enabled: true
xpack.monitoring.collection.enabled: true
EOF
# Disable swap and resolve bootstrap checks
sudo swapoff -a
sudo sysctl -w vm.max_map_count=262144
sudo echo 'vm.max_map_count = 262144' >> /etc/sysctl.conf
sudo echo 'elasticsearch - nofile 65536' >> /etc/security/limits.conf
sudo echo 'elasticsearch - nproc 2048' >> /etc/security/limits.conf
sudo echo 'elasticsearch soft memlock unlimited' >> /etc/security/limits.conf
sudo echo 'elasticsearch hard memlock unlimited' >> /etc/security/limits.conf
sudo echo 'MAX_OPEN_FILES=65535' >> /etc/sysconfig/elasticsearch
sudo echo 'MAX_LOCKED_MEMORY=unlimited' >> /etc/sysconfig/elasticsearch
sudo echo 'MAX_MAP_COUNT=262144' >> /etc/sysconfig/elasticsearch
mkdir /etc/systemd/system/elasticsearch.service.d
sudo cat > /etc/systemd/system/elasticsearch.service.d/override.conf<<'EOF'
[Service]
LimitMEMLOCK=infinity
EOF
# Edit JVM config for Elasticsearch
sudo mv /etc/elasticsearch/jvm.options /etc/elasticsearch/jvm.options.original
sudo cat > /etc/elasticsearch/jvm.options <<'EOF'
-Xms1g
-Xmx1g
## GC configuration
-XX:+UseConcMarkSweepGC
-XX:CMSInitiatingOccupancyFraction=75
-XX:+UseCMSInitiatingOccupancyOnly
## JVM temporary directory
-Djava.io.tmpdir=${ES_TMPDIR}
## heap dumps
# generate a heap dump when an allocation from the Java heap fails
# heap dumps are created in the working directory of the JVM
-XX:+HeapDumpOnOutOfMemoryError
# specify an alternative path for heap dumps; ensure the directory exists and
# has sufficient space
-XX:HeapDumpPath=/var/lib/elasticsearch
# specify an alternative path for JVM fatal error logs
-XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log
## JDK 8 GC logging
8:-XX:+PrintGCDetails
8:-XX:+PrintGCDateStamps
8:-XX:+PrintTenuringDistribution
8:-XX:+PrintGCApplicationStoppedTime
8:-Xloggc:/var/log/elasticsearch/gc.log
8:-XX:+UseGCLogFileRotation
8:-XX:NumberOfGCLogFiles=32
8:-XX:GCLogFileSize=64m
# JDK 9+ GC logging
9-:-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m
EOF
# Ensure the elasticsearch user has full ownership of the config directory
sudo chown -R elasticsearch:elasticsearch /etc/elasticsearch
# Reload system units
sudo systemctl daemon-reload
# Start Elasticsearch
sudo systemctl start elasticsearch.service
exit
Kibana script
#!/bin/bash
# Colorize bash shell. Makes sysadmin life easier.
cat > /etc/profile.d/colorbashshell.sh <<'EOF'
RED="\[\033[0;31m\]"
GREEN="\[\033[0;32m\]"
YELLOW="\[\033[1;33m\]"
BLUE="\[\033[0;34m\]"
PURPLE="\[\033[0;35m\]"
CYAN="\[\033[0;36m\]"
WHITE="\[\033[1;37m\]"
RESET="\[\033[0m\]"
if [ $(id -u) -eq 0 ];
then # you are root, set red colour prompt
PS1="[$RED\u$RESET$CYAN@\h$RESET$PURPLE \W$RESET]\$ "
else # normal
PS1="[$GREEN\u$RESET$CYAN@\h$RESET$PURPLE \W$RESET]\$ "
fi
EOF
# Add hosts in project to local hosts file (for DNS resolution)
sudo echo '192.168.56.111 elastic1 elastic1' >> /etc/hosts
sudo echo '192.168.56.112 elastic2 elastic2' >> /etc/hosts
sudo echo '192.168.56.113 elastic3 elastic3' >> /etc/hosts
sudo echo '192.168.56.114 elastic3 elastic4' >> /etc/hosts
sudo echo '192.168.56.115 elastic3 elastic5' >> /etc/hosts
sudo echo '192.168.56.116 kibana kibana' >> /etc/hosts
# Install wget
sudo yum -y install wget
# Download and install Kibana
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.6.2-x86_64.rpm
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.6.2-x86_64.rpm.sha512
shasum -a 512 -c kibana-7.6.2-x86_64.rpm.sha512
sudo rpm --install kibana-7.6.2-x86_64.rpm
sudo rm -rf kibana-7.6.2-x86_64.rpm
# Configure the kibana.yml
sudo rm -rf /etc/kibana/kibana.yml
sudo cat > /etc/kibana/kibana.yml <<'EOF'
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: [ "http://elastic1:9200" ]
logging.dest: /var/log/kibana/kibana.log
logging.quiet: false
logging.verbose: true
EOF
# Make log directory
mkdir /var/log/kibana
# Fix permissions
chown -R kibana:kibana /var/log/kibana
# Enable Kibana at startup and start Kibana
sudo systemctl daemon-reload
sudo systemctl start kibana.service
exit