SkyWalking的学习之三
持续优化
SkyWalking 默认可以使用h2,但是感觉容量和性能都可能不太好
所以我想使用一下elasticSearch进行替换.
自己其实一直想心想去学习, 但是一直没有深入.
最近发生的事情坚定了自己学习的想法.
所以这次先进行elasticSearch的搭建与使用.
elasticsearch的二进制安装
第一步: 下载二进制文件:
https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.7.0-linux-x86_64.tar.gz
第二步: 解压缩并且添加用户等
useradd es
tar -zxvf elasticsearch-8.7.0-linux-x86_64.tar.gz
chown es elasticsearch-8.7.0 -R
第三步设置需要密码
修改配置文件
vim elasticsearch-8.7.0/config/elasticsearch.yml
新增一行:
xpack.security.enabled: true
第四步 启动服务
cd elasticsearch-8.7.0/bin
./elasticsearch -d
第五步修改密码
./elasticsearch-setup-passwords interactive
******************************************************************************
Note: The 'elasticsearch-setup-passwords' tool has been deprecated. This command will be removed in a future release.
******************************************************************************
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
修改一些密码就可以了.
设置允许外网登录
设置ca 等
cd elasticsearch-8.7.0/bin
执行命令
./elasticsearch-certutil ca
./elasticsearch-certutil cert --ca ../elastic-stack-ca.p12
注意需要直接点回车, 可以不设置密码
需要注意默认违建位置在 elasticsearch-8.7.0
可以将两个文件复制到 elasticsearch-8.7.0/config/certs/
elastic-certificates.p12
elastic-stack-ca.p12
在配置文件的最后面增加:
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
修改配置文件
将 config/elasticsearch.yml 里面的network 和port 打开.
ip地址修改为 0.0.0.0
本次是一个单节点的, 所以可以修改一下配置文件 增加 部分seed
discovery.seed_hosts: ["10.110.80.xxx"]
cluster.initial_master_nodes: ["master"]
设置启动就可以了.
部署kibana
cd elasticsearch
bin/elasticsearch-certutil csr -name kibana -dns es1 #此时会生成一个csr-bundle.zip文件
#解压csr-bundle.zip,证书文件会解压到/elasticsearch/kibana目录
unzip csr-bundle.zip
# 创建kibana证书
cd kibana/config
mkdir certs
cp /elasticsearch/kibana/elastic-stack-ca.p12 certs/
mv //elasticsearch/kibana/kibana.* certs/
cd certs/
openssl x509 -req -in kibana.csr -signkey kibana.key -out kibana.crt
# 修改配置文件
elasticsearch.hosts: ["http://10.110.80.xxx:9200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "Password"
elasticsearch.ssl.verificationMode: none
elasticsearch.ssl.certificateAuthorities: certs/elastic-stack-ca.p12
server.ssl.enabled: true
server.ssl.certificate: certs/kibana.crt
server.ssl.key: certs/kibana.key
启动服务:
cd bin
nohup ./kibana serve &
使用
https://10.110.xx.xxx:5601
注意是https 就可以了.
配置SkyWalking连接ElasticSearch
vim config/application.yml
注意将用户密码进行修改 以及 修改 从h2 到elasticsearch
与下面配置节一直起来.
然后设置 地址还有用户密码就可以了.
storage:
selector: ${SW_STORAGE:elasticsearch}
elasticsearch:
namespace: ${SW_NAMESPACE:"elasticsearch"}
clusterNodes: ${SW_STORAGE_ES_CLUSTER_NODES:10.110.80.xxx:9200}
protocol: ${SW_STORAGE_ES_HTTP_PROTOCOL:"http"}
connectTimeout: ${SW_STORAGE_ES_CONNECT_TIMEOUT:3000}
socketTimeout: ${SW_STORAGE_ES_SOCKET_TIMEOUT:30000}
responseTimeout: ${SW_STORAGE_ES_RESPONSE_TIMEOUT:15000}
numHttpClientThread: ${SW_STORAGE_ES_NUM_HTTP_CLIENT_THREAD:0}
user: ${SW_ES_USER:"elastic"}
password: ${SW_ES_PASSWORD:"xxxxxx"}