好的想法是十分钱一打,真正无价的是能够实现这些想法的人。

让 Easysearch 运行在 Kylin V10 (Lance)-aarch64 上

Hardy 发表了文章 • 0 个评论 • 18 次浏览 • 1 小时前 • 来自相关话题

简介


本文主要介绍在国产操作系统 Kylin V10 (Lance)-aarch64 上安装单机版 Easysearch/Console/Agent/Gateway/Loadgen

系统配置


在安装之前,需要先进行系统参数调整并创建操作用户,以下命令均需要使用 root 用户操作。

```bash

配置nofile和memlock

tee /etc/security/limits.d/21-infini.conf <<-'EOF'

  • soft nofile 1048576
  • hard nofile 1048576
  • soft memlock unlimited
  • hard memlock unlimited
    root soft nofile 1048576
    root hard nofile 1048576
    root soft memlock unlimited
    root hard memlock unlimited
    EOF

    关闭THP

    echo never > /sys/kernel/mm/transparent_hugepage/enabled
    echo never > /sys/kernel/mm/transparent_hugepage/defrag
    grep -i HugePages_Total /proc/meminfo

    grep -wq transparent_hugepage /etc/rc.local || cat <<-'EOF' >> /etc/rc.local

    if test -f /sys/kernel/mm/transparent_hugepage/enabled; then
    echo never > /sys/kernel/mm/transparent_hugepage/enabled
    fi
    if test -f /sys/kernel/mm/transparent_hugepage/defrag; then
    echo never > /sys/kernel/mm/transparent_hugepage/defrag
    fi
    EOF
    chmod 755 /etc/rc.local

    内核调优

    tee /etc/sysctl.d/70-infini.conf <<-'EOF'
    vm.max_map_count = 262145
    net.core.somaxconn = 65535
    net.core.netdev_max_backlog = 65535
    net.ipv4.tcp_max_syn_backlog = 65535
    net.ipv4.tcp_syncookies = 1
    net.ipv4.tcp_tw_reuse = 1
    net.ipv4.tcp_timestamps=1
    net.ipv4.tcp_fin_timeout = 10
    net.ipv4.tcp_keepalive_time = 900
    net.ipv4.tcp_max_tw_buckets = 2000000
    net.ipv4.ip_local_port_range = 1024 65535
    EOF
    sysctl -p /etc/sysctl.d/70-infini.conf
    ```

    用户配置


    ```bash

    创建Easysearch操作用户

    groupadd -g 602 es
    useradd -u 602 -g es -m -d /home/es -c 'easysearch' -s /bin/bash es
    ```

    配置 JDK


    ```bash

    在各个节点上分别操作

    wget -N https://release.infinilabs.com ... ar.gz -P /usr/src

    mkdir -p /usr/local/jdk
    tar -zxf /usr/src/zulu*.tar.gz -C /usr/local/jdk --strip-components 1

    tee /etc/profile.d/java.sh <<-'EOF'

    set java environment

    JAVA_HOME=/usr/local/jdk
    CLASSPATH=$CLASSPATH:$JAVA_HOME/lib
    PATH=$JAVA_HOME/bin:$PATH
    export PATH JAVA_HOME CLASSPATH
    EOF
    source /etc/profile
    java -version
    ```

    Easysearch 部署


    部署及密码配置


    ```bash

    在线安装

    curl -sSL http://get.infini.sh | bash -s -- -p easysearch -d /data/easysearch

    初始化证书(若不采用默认证书,如需要调整证书可修改证书生成文件)

    cd /data/easysearch
    bin/initialize.sh
    ll /data/easysearch/config/{.crt,.key,*.pem}

    调整默认密码及服务配置文件

    export ES_HOME=/data/easysearch
    pass=tr -cd 'a-zA-Z0-9!@#$%' </dev/urandom | head -c20

    记录密码后,删除该文件

    echo $pass > /tmp/pass
    hash=$ES_HOME/bin/hash_password.sh -p $pass
    echo $hash

    更新密码字段

    cat < $ES_HOME/config/security/user.yml
    meta:
    type: "user"
    config_version: 2

    Define your internal users here


    Admin users

    admin:
    hash: "$hash"
    reserved: true
    external_roles:

    • "admin"
      description: "Admin user"
      EOF
      ```

      配置文件及 JVM 调整


      ```bash
      cat < /data/easysearch/config/easysearch.yml
      cluster.name: infinilabs
      node.name: node-1
      network.host: 0.0.0.0
      http.port: 9200
      transport.port: 9300
      bootstrap.memory_lock: false
      bootstrap.system_call_filter: false

      cluster.initial_master_nodes: ["node-1"]

      path.home: /data/easysearch
      path.data: /data/easysearch/data
      path.logs: /data/easysearch/logs

      http.compression: true

      security.enabled: true
      security.audit.type: noop
      security.ssl.transport.cert_file: instance.crt
      security.ssl.transport.key_file: instance.key
      security.ssl.transport.ca_file: ca.crt
      security.ssl.transport.skip_domain_verify: true
      security.ssl.http.enabled: true
      security.ssl.http.cert_file: instance.crt
      security.ssl.http.key_file: instance.key
      security.ssl.http.ca_file: ca.crt

      security.allow_default_init_securityindex: true

      security.nodes_dn:

    • 'CN=infini.cloud,OU=UNIT,O=ORG,L=NI,ST=FI,C=IN'

      security.restapi.roles_enabled: [ "superuser", "security_rest_api_access" ]

      security.system_indices.enabled: true
      security.ssl.http.clientauth_mode: OPTIONAL
      security.system_indices.indices: [".infini-*"]

      for admin dn

      specify admin certs to operate against system indices, basic_auth is not required

      curl -k --cert config/admin.crt --key config/admin.key -XDELETE 'https://localhost:9200/.infini-*/'

      security.authcz.admin_dn:

    • 'CN=admin.infini.cloud,OU=UNIT,O=ORG,L=NI,ST=FI,C=IN'
      EOF

      根据实际机器内存的大小进行配置,推荐配置为机器内存一半,且不超过31G

      sed -i "s/1g/4g/g" $ES_HOME/config/jvm.options
      ```

      备份目录及权限调整


      ```bash

      创建备份目录

      mkdir -p /data/easysearch/backup

      更新目录权限

      chown -R es.es /data/easysearch
      ```

      环境变量及启动服务


      ```bash
      su - es
      grep -wq easysearch ~/.bashrc || cat<> ~/.bashrc
      export ES_HOME=/data/easysearch
      EOF
      source ~/.bashrc

      以后台方式启动服务

      $ES_HOME/bin/easysearch -d
      ```

      Easysearch 验证


      bash<br /> curl -ku "admin:$pass" <a href="https://127.0.0.1:9200" rel="nofollow" target="_blank">https://127.0.0.1:9200</a><br /> curl -ku "admin:$pass" <a href="https://127.0.0.1:9200/_cluster/health?pretty" rel="nofollow" target="_blank">https://127.0.0.1:9200/_cluster/health?pretty</a><br /> curl -ku "admin:$pass" <a href="https://127.0.0.1:9200/_cat/nodes?v" rel="nofollow" target="_blank">https://127.0.0.1:9200/_cat/nodes?v</a><br />

      部署 Console


      ```bash
      curl -sSL http://get.infini.sh | bash -s -- -p console

      安装服务并启动

      cd /opt/console
      ./console-linux-arm64 -service install
      ./console-linux-arm64 -service start

      验证

      systemctl status console
      ```

      部署 Agent


      ```bash
      curl -sSL http://get.infini.sh | bash -s -- -p agent

      修改Agent配置文件

      cd /opt/agent
      sed -i "/ES_ENDPOINT:/ s|(.\: ).|\1$https://localhost:9200|" agent.yml
      sed -i "/ES_USER:/ s|(.\: ).|\1admin|" agent.yml
      sed -i "/ES_PASS:/ s|(.\: ).|\1$pass|" gateway.yml
      sed -i "/API_BINDING:/ s|(.\: ).|\1\"0.0.0.0:8080\"|" agent.yml
      head -n 5 agent.yml

      安装服务并启动

      ./agent-linux-arm64 -service install
      ./agent-linux-arm64 -service start

      验证

      systemctl status agent
      ```

      部署 Gateway


      ```bash
      curl -sSL http://get.infini.sh | bash -s -- -p gateway
      cd /opt/gateway

      修改Gateway配置文件

      sed -i "/ES_PASS:/ s|(.\: ).|\1$pass|" gateway.yml
      head -n 10 gateway.yml

      安装服务并启动

      ./gateway-linux-arm64 -service install
      ./gateway-linux-arm64 -service start

      检查服务

      systemctl status gateway
      curl -u "admin:$pass" http://127.0.0.1:8000
      ```

      部署 Loadgen


      ```bash
      curl -sSL http://get.infini.sh | bash -s -- -p loadgen

      写入数据测试

      cd /opt/loadgen
      mkdir -p mock
      cat < mock/nginx.log
      175.10.75.216 - - [28/Jul/2020:21:20:26 +0800] "GET / HTTP/1.1" 200 8676 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"
      175.10.75.216 - - [28/Jul/2020:21:20:26 +0800] "GET /vendor/bootstrap/css/bootstrap.css HTTP/1.1" 200 17235 "<a href="http://dl-console.elasticsearch.cn/"" rel="nofollow" target="_blank">http://dl-console.elasticsearch.cn/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"
      175.10.75.216 - - [28/Jul/2020:21:20:26 +0800] "GET /vendor/daterangepicker/daterangepicker.css HTTP/1.1" 200 1700 "<a href="http://dl-console.elasticsearch.cn/"" rel="nofollow" target="_blank">http://dl-console.elasticsearch.cn/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"
      175.10.75.216 - - [28/Jul/2020:21:20:26 +0800] "GET /vendor/fork-awesome/css/v5-compat.css HTTP/1.1" 200 2091 "<a href="http://dl-console.elasticsearch.cn/"" rel="nofollow" target="_blank">http://dl-console.elasticsearch.cn/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"
      175.10.75.216 - - [28/Jul/2020:21:20:26 +0800] "GET /assets/font/raleway.css HTTP/1.1" 200 145 "<a href="http://dl-console.elasticsearch.cn/"" rel="nofollow" target="_blank">http://dl-console.elasticsearch.cn/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"
      175.10.75.216 - - [28/Jul/2020:21:20:26 +0800] "GET /vendor/fork-awesome/css/fork-awesome.css HTTP/1.1" 200 8401 "<a href="http://dl-console.elasticsearch.cn/"" rel="nofollow" target="_blank">http://dl-console.elasticsearch.cn/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"
      175.10.75.216 - - [28/Jul/2020:21:20:26 +0800] "GET /assets/css/overrides.css HTTP/1.1" 200 2524 "<a href="http://dl-console.elasticsearch.cn/"" rel="nofollow" target="_blank">http://dl-console.elasticsearch.cn/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"
      175.10.75.216 - - [28/Jul/2020:21:20:26 +0800] "GET /assets/css/theme.css HTTP/1.1" 200 306 "<a href="http://dl-console.elasticsearch.cn/"" rel="nofollow" target="_blank">http://dl-console.elasticsearch.cn/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"
      175.10.75.216 - - [28/Jul/2020:21:20:26 +0800] "GET /vendor/fancytree/css/ui.fancytree.css HTTP/1.1" 200 3456 "<a href="http://dl-console.elasticsearch.cn/"" rel="nofollow" target="_blank">http://dl-console.elasticsearch.cn/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"
      175.10.75.216 - - [28/Jul/2020:21:20:26 +0800] "GET /syncthing/development/logbar.js HTTP/1.1" 200 486 "<a href="http://dl-console.elasticsearch.cn/"" rel="nofollow" target="_blank">http://dl-console.elasticsearch.cn/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"
      EOF

      cat < loadgen.yml
      env:
      ES_USERNAME: admin
      ES_PASSWORD: $pass
      ES_ENDPOINT: http://localhost:8000
      runner:

      total_rounds: 1

      no_warm: false

      Whether to log all requests

      log_requests: false

      Whether to log all requests with the specified response status

      log_status_codes:

    • 0
    • 500
      assert_invalid: false
      assert_error: false
      variables:
    • name: ip
      type: file
      path: dict/ip.txt
    • name: message
      type: file
      path: mock/nginx.log
      replace: # replace special characters in the value
      '"': '\"'
      '\': '\'
    • name: user
      type: file
      path: dict/user.txt
    • name: id
      type: sequence
    • name: uuid
      type: uuid
    • name: now_local
      type: now_local
    • name: now_utc
      type: now_utc
    • name: now_unix
      type: now_unix
    • name: suffix
      type: range
      from: 10
      to: 13
      requests:
    • request:
      method: POST
      runtime_variables:
      batch_no: uuid
      runtime_body_line_variables:
      routing_no: uuid
      basic_auth:
      username: $[[env.ES_USERNAME]]
      password: $[[env.ES_PASSWORD]]
      url: $[[env.ES_ENDPOINT]]/_bulk
      body_repeat_times: 5000
      body: |
      { "index" : { "_index" : "test-$[[suffix]]", "_id" : "$[[uuid]]" } }
      { "id" : "$[[uuid]]","routing_no" : "$[[routing_no]]","batch_number" : "$[[batch_no]]","message" : "$[[message]]","random_no" : "$[[suffix]]","ip" : "$[[ip]]","now_local" : "$[[now_local]]","now_unix" : "$[[now_unix]]" }
      EOF

      执行测试

      ./loadgen-linux-arm64 -c 6 -d 6 --compress

      检查测试索引文档

      curl -u "admin:$pass" http://127.0.0.1:8000/_cat/indices/test*?v
      ```

      至此,完成在 Kylin V10 (Lance)-aarch64 上安装单机版 Easysearch/Console/Agent/Gateway/Loadgen。通过浏览器 http://安装机器 IP:9000/ 即可访问 Console,对 Easysearch 进行配置管理。