opensearch3.0.0 三節(jié)點搭建集群
極光
發(fā)布于 云南 2025-07-31 · 2720瀏覽 1贊

OpenSearch 3.0.0 三節(jié)點高可用集群搭建方案

一、集群架構設計

1. 節(jié)點角色分配

采用混合節(jié)點模式(三節(jié)點均同時具備 master/data/ingest 角色),確保高可用性:

• 節(jié)點 1:192.168.1.101

• 節(jié)點 2:192.168.1.102

• 節(jié)點 3:192.168.1.103

2. 邏輯架構圖 圖片 代碼 負載均衡 數(shù)據(jù)同步 數(shù)據(jù)同步 數(shù)據(jù)同步 客戶端請求 HAProxy 節(jié)點1 節(jié)點2 節(jié)點3 負載均衡 數(shù)據(jù)同步 數(shù)據(jù)同步 數(shù)據(jù)同步 客戶端請求 HAProxy 節(jié)點1 節(jié)點2 節(jié)點3 豆包 你的 AI 助手,助力每日工作學習 二、硬件配置建議 組件 配置要求 說明 CPU 16 核 + AMD/Intel Xeon 多線程處理搜索和聚合操作 內(nèi)存 64GB+ DDR4 ECC JVM 分配 8-16GB,剩余用于系統(tǒng)緩存 系統(tǒng)盤 200GB SSD 安裝操作系統(tǒng)和 OpenSearch 數(shù)據(jù)盤 3×2TB NVMe SSD(RAID 0) 高 IOPS 滿足數(shù)據(jù)讀寫需求 網(wǎng)絡 雙萬兆網(wǎng)卡 集群內(nèi)部通信和客戶端訪問 電源 冗余電源 + UPS 避免斷電導致數(shù)據(jù)丟失 三、軟件安裝與配置 1. 操作系統(tǒng)準備(CentOS 8 示例) bash # 禁用SELINUX

setenforce 0

sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

禁用交換空間

swapoff -a

sed -i '/swap/d' /etc/fstab

優(yōu)化系統(tǒng)參數(shù)

cat > /etc/sysctl.conf

vm.max_map_count=262144

fs.file-max=655350

net.ipv4.tcp_fin_timeout=30

net.ipv4.tcp_keepalive_time=600

net.ipv4.tcp_max_syn_backlog=1024

net.ipv4.tcp_max_tw_buckets=5000

EOF

sysctl -p

創(chuàng)建opensearch用戶

useradd -m opensearch

chown -R opensearch:opensearch /opt/opensearch

2. 安裝 OpenSearch 3.0.0 bash # 下載安裝包

wget https://artifacts.opensearch.org/releases/bundle/opensearch/3.0.0/opensearch-3.0.0-linux-x64.tar.gz

解壓并配置權限

tar -zxvf opensearch-3.0.0-linux-x64.tar.gz -C /opt

chown -R opensearch:opensearch /opt/opensearch-3.0.0

配置環(huán)境變量

echo "export OPENSEARCH_HOME=/opt/opensearch-3.0.0" >> /etc/profile

echo "export PATH=$OPENSEARCH_HOME/bin:$PATH" >> /etc/profile

source /etc/profile

四、集群配置文件 1. 節(jié)點 1 配置(opensearch.yml) yaml # 基本集群配置

cluster.name: ops-cluster

node.name: node-1

node.master: true

node.data: true

node.ingest: true

node.id: node-1-id

網(wǎng)絡配置

network.host: 192.168.1.101

http.port: 9200

transport.port: 9300

集群發(fā)現(xiàn)配置

discovery.seed_hosts: ["192.168.1.101", "192.168.1.102", "192.168.1.103"]

cluster.initial_master_nodes: ["node-1", "node-2", "node-3"]

cluster.fault_detection.leader_check.interval: 500ms

cluster.fault_detection.leader_check.timeout: 2s

分片與副本配置

cluster.routing.allocation.awareness.attributes: rack_id

cluster.routing.allocation.awareness.force.rack_id.values: "rack1,rack2,rack3"

性能優(yōu)化配置

thread_pool.search.size: 4

thread_pool.search.queue_size: 1000

thread_pool.write.size: 4

thread_pool.write.queue_size: 1000

內(nèi)存配置

bootstrap.memory_lock: true

2. 節(jié)點 2 和節(jié)點 3 配置 僅需修改以下參數(shù),其余與節(jié)點 1 相同: yaml node.name: node-2 # 節(jié)點3改為node-3

node.id: node-2-id # 節(jié)點3改為node-3-id

network.host: 192.168.1.102 # 節(jié)點3改為192.168.1.103

五、安全配置 1. 啟用安全插件 bash # 生成證書

su - opensearch

cd $OPENSEARCH_HOME

bin/opensearch-certutil ca -out config/ca.pem -pass ""

bin/opensearch-certutil cert -ca config/ca.pem -out config/node.pem -pass "" -name node-1 -dns 192.168.1.101,localhost

節(jié)點2和節(jié)點3重復此步驟,修改-name和-dns參數(shù)

2. 配置安全插件 yaml # opensearch.yml中添加安全配置

plugins.security.disabled: false

plugins.security.ssl.http.enabled: true

plugins.security.ssl.http.pemcert_filepath: config/node.pem

plugins.security.ssl.http.pemkey_filepath: config/node-key.pem

plugins.security.ssl.http.pemtrustedcas_filepath: config/ca.pem

plugins.security.ssl.http.enforce_hostname_verification: false

配置基本認證

bin/opensearch-passwords auto -b

記錄生成的用戶名和密碼,如admin:jEmr49LHv8

3. 配置角色和權限 bash # 加載默認角色

su - opensearch

cd $OPENSEARCH_HOME

bin/opensearch-securityadmin -cd config/security -nhnv -cacert config/ca.pem -cert config/node.pem -key config/node-key.pem

六、高性能優(yōu)化 1. JVM 配置優(yōu)化 yaml # jvm.options配置

-Xms16g

-Xmx16g

-XX:MaxDirectMemorySize=32g

-XX:+UseG1GC

-XX:G1HeapRegionSize=4m

-XX:InitiatingHeapOccupancyPercent=30

-XX:G1ReservePercent=25

-XX:G1HeapWastePercent=5

-XX:+ExplicitGCInvokesConcurrent

-XX:+ParallelRefProcEnabled

-XX:MaxTenuringThreshold=1

2. 磁盤與文件系統(tǒng)優(yōu)化 bash # 格式化數(shù)據(jù)盤

mkfs.xfs -i size=2048 /dev/nvme0n1

mkfs.xfs -i size=2048 /dev/nvme1n1

mkfs.xfs -i size=2048 /dev/nvme2n1

掛載數(shù)據(jù)盤

mkdir -p /data/{node1,node2,node3}

echo "/dev/nvme0n1 /data/node1 xfs noatime,data=writeback 0 0" >> /etc/fstab

echo "/dev/nvme1n1 /data/node2 xfs noatime,data=writeback 0 0" >> /etc/fstab

echo "/dev/nvme2n1 /data/node3 xfs noatime,data=writeback 0 0" >> /etc/fstab

mount -a

優(yōu)化磁盤調度

for disk in /dev/nvmen1; doecho "deadline" > /sys/block/$disk/queue/schedulerecho 128 > /sys/block/$disk/queue/nr_requestsdone3. 索引模板優(yōu)化 json # 創(chuàng)建高性能索引模板PUT _index_template/high_performance{"index_patterns": [""],

"priority": 100,

"template": {

"settings": {

"index.number_of_shards": 6,

"index.number_of_replicas": 1,

"index.refresh_interval": "30s",

"index.translog.durability": "async",

"index.translog.sync_interval": "5s",

"index.query.default_field": "_all",

"index.codec": "best_compression"

}

}

}

七、監(jiān)控與告警配置 1. 安裝 Opensearch-Dashboards bash # 下載Dashboards

wget https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/3.0.0/opensearch-dashboards-3.0.0-linux-x64.tar.gz

解壓并配置

tar -zxvf opensearch-dashboards-3.0.0-linux-x64.tar.gz -C /opt

chown -R opensearch:opensearch /opt/opensearch-dashboards-3.0.0

配置Dashboards連接

cat > /opt/opensearch-dashboards-3.0.0/config/opensearch_dashboards.yml

server.host: "0.0.0.0"

opensearch.hosts: ["https://192.168.1.101:9200", "https://192.168.1.102:9200", "https://192.168.1.103:9200"]

opensearch.ssl.verificationMode: none

opensearch.username: "admin"

opensearch.password: "jEmr49LHv8"

EOF

2. 配置監(jiān)控指標 bash # 啟用監(jiān)控

PUT _cluster/settings

{

"persistent": {

"monitoring.collection.enabled": true

}

}

創(chuàng)建告警規(guī)則

POST _plugins/_alerting/rules

{

"name": "Cluster Health Alert",

"interval": "5m",

"enabled": true,

"severity": 2,

"condition": {

"script": {

"source": "ctx.payload.status != 'green'"

}

},

"actions": {

"email_admin": {

"throttle": "1h",

"email": {

"to": "admin@example.com",

"subject": "OpenSearch Cluster Health Alert",

"body": "Cluster status is {{ctx.payload.status}}"

}

}

}

}

八、部署與驗證 1. 啟動集群 bash # 啟動所有節(jié)點

su - opensearch

cd $OPENSEARCH_HOME

bin/opensearch -d

檢查節(jié)點狀態(tài)

curl -k -u "admin:jEmr49LHv8" https://localhost:9200/_cat/nodes?v

2. 驗證集群健康 bash # 檢查集群健康狀態(tài)

curl -k -u "admin:jEmr49LHv8" https://localhost:9200/_cluster/health?pretty

預期輸出

{

"cluster_name" : "ops-cluster",

"status" : "green",

"timed_out" : false,

"number_of_nodes" : 3,

"number_of_data_nodes" : 3,

"active_primary_shards" : 6,

"active_shards" : 12,

"relocating_shards" : 0,

"initializing_shards" : 0,

"unassigned_shards" : 0,

"delayed_unassigned_shards" : 0,

"number_of_pending_tasks" : 0,

"number_of_in_flight_fetch" : 0,

"task_max_waiting_in_queue_millis" : 0,

"active_shards_percent_as_number" : 100.0

}

3. 性能測試 bash # 使用opensearch-benchmark進行壓測

opensearch-benchmark execute-test --target-hosts https://localhost:9200 --pipeline=benchmark-only --test-procedure=append-no-conflicts --client-options="use_ssl:true,verify_certs:false,basic_auth_user:'admin',basic_auth_password:'jEmr49LHv8'"

九、災備與恢復策略 1. 配置快照倉庫 bash # 創(chuàng)建共享存儲快照倉庫

curl -k -u "admin:jEmr49LHv8" -XPUT "https://localhost:9200/_snapshot/nfs_repo" -H 'Content-Type: application/json' -d'

{

"type": "fs",

"settings": {

"location": "/mnt/nfs/opensearch_snapshots",

"compress": true,

"max_snapshot_bytes_per_sec": "50mb",

"max_restore_bytes_per_sec": "50mb"

}

}

'

2. 定時備份策略 bash # 創(chuàng)建定時備份任務

PUT _plugins/alerting/rules/snapshot_rule{"name": "Daily Snapshot","interval": "24h","enabled": true,"actions": {"create_snapshot": {"snapshot": {"repository": "nfs_repo","name": "snapshot{{now}}",

"indices": "*",

"include_global_state": false

}

}

}

}

通過以上方案,您將搭建一個具備高可用性、高安全性和高性能的 OpenSearch 3.0.0 三節(jié)點集群,滿足企業(yè)級應用需求。在生產(chǎn)環(huán)境部署前,建議先在測試環(huán)境驗證整個方案,并根據(jù)實際業(yè)務負載調整相關參數(shù)。

?著作權歸作者所有,轉載或內(nèi)容合作請聯(lián)系作者
極光
瀏覽 2720
1
相關推薦
最新評論
贊過的人 1
評論加載中...

暫無評論,快來評論吧!