Configuring clusters of Elasticsearch servers
After installing multiple Elasticsearch servers, you can configure them so they share data. Typically, you configure a cluster of Elasticsearch servers to replicate information so if one fails, other members of the cluster have access to the same information. You can install Elasticsearch on multiple servers before or after installing the application.
This topic includes the following sections:
Before you begin
Ensure that you have downloaded the Stack Manager tool (TSVM<versionNo>-SM-LIN64.zip) from the BMC Electronic Product Distribution (EPD) on the application server and Elasticsearch computers.
To configure multiple Elasticsearch servers
- Install multiple Elasticsearch servers if you have not installed before installing the application.
If you want to install multiple Elasticsearch servers, you must repeat the process for each instance. - Determine which instance of the Elasticsearch server functions as the master. Note the host name and IP address of the master server.
This information is needed for the Elasticsearch servers to replicate their information between themselves. Any Elasticsearch server can function as the master. - On each Elasticsearch server, repeat the following steps:
- Open elasticsearch.yml for editing.
Typically, this file resides at <ES_INSTALL_DIR>/elasticsearch/infra-ext/es/DCAIndexService/config. Insert the following entries anywhere in the file:
network.bind_host: <IP address of the local host> discovery.zen.ping.unicast.hosts: ["<IP address of master instance>"]
Note that for the master Elasticsearch server, these two entries would specify the same IP address.
Save elasticsearch.yml.
From the command prompt, navigate to the TSVM<versionNo>-SM-LIN64/truesight-sm directory and restart the Elasticsearch service (DCA Index Service) on each Elasticsearch server:
python truesight-sm.py start --deployment elasticsearch
- Open elasticsearch.yml for editing.
- If you have installed Elasticsearch on multiple servers after installing the application, perform the following steps. Otherwise, skip to step 5.
- On the application server, modify the bmc-config.json file to specify the hosts that function as a cluster of Elasticsearch servers.
- Open the bmc-config.json file for editing.
Typically, this file resides at <TSVM_INSTALL_DIR>/application/app/vulnerability-management-portal/data/configuration. - In the file, find the following tag:
"elasticssearch.hosts":
- Modify the line so it now reads:
"elasticssearch.hosts
":"<Comma-separated list of hosts with HTTP port numbers>"
where the comma-separated list identifies the hosts that function as Elasticsearch servers. The list does not have to include every host in the cluster. Instead, it can list only the Elasticsearch server hosts that route requests to other Elasticsearch servers. For example, 127.0.0.1:9300, 127.0.0.2:9301. Save bmc-config.json.
On the application server machine, from the command prompt, navigate to the TSVM<versionNo>-SM-LIN64/truesight-sm directory and stop the application server by running the following command:
python truesight-sm.py stop --deployment application
Start the application server by running the following command:
python truesight-sm.py start --deployment application
- Create a PUT request:
Target this location: <hostName_any_ElasticsearchServer>:<httpPort>/settings
For example, enter:indexserver1.mycompany.com:9200/settings
Note
To manage a cluster of Elasticsearch servers, you must use the underlying Elasticsearch search engine. Elasticsearch requires you to open the http port (default 9200) on the node where management is being performed.
In the body of the PUT request, enter the following:
{ "index":{ "number_of_replicas":1 } }
The
number of replicas
should equal the total number of Elasticsearch servers minus one. For example, if there are two Elasticsearch servers, enter a value of1
. If there are six Elasticsearch servers, enter a value of5
. Entering a value like this for number of replicas ensures that information is replicated between all Elasticsearch servers.
- Send the PUT request.
After sending this request to any node used as an Elasticsearch server, the cluster of Elasticsearch servers begins to replicate all data between themselves. - Confirm that replication was successful using the web-based front end for the Elasticsearch server.
- Check the front end to confirm that the correct number of Elasticsearch servers have been replicated.
Where to go next
If you have not installed the application earlier, install the TrueSight Vulnerability Management application.
To disable an unwanted Elasticsearch server, use the following command: python truesight-sm.py stop --deployment elasticsearch
Comments
Log in or register to comment.