使用elasticsearch优化服务器操作:解决磁盘空间不足和认证失败的问题
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了使用elasticsearch优化服务器操作:解决磁盘空间不足和认证失败的问题相关的知识,希望对你有一定的参考价值。
问题:我注意到elasticsearch经常失败,需要手动重新启动服务器。
此问题可能与:High disk watermark exceeded even when there is not much data in my index
但是我想更好地了解如果磁盘大小失败,elasticsearch将执行的操作,如何优化配置,并且只有在系统失败时才最终自动重新启动。
我也不确定弹性搜索是否仅由于磁盘水印不足或其他问题而失败:我在日志上看到身份验证失败。
您能否帮助您了解如何阅读elasticsearch期刊并做出相应的选择来解决问题,并建议最佳实践来调整小型服务器上的服务器操作?
我的首要任务是避免系统崩溃;可以降低性能,没有预算增加服务器大小。
硬件
我在单个小型服务器(2GB)上运行elasticsearch,具有3个索引(存储大小分别为500mb,20mb和65mb)和几个GB的可用磁盘空间(固态):我想允许使用虚拟内存VS消耗RAM 。
在我所做的事情之下:
期刊怎么说?
[journalctl -xe
显示与未知ips的断开连接。
May 09 14:11:13 ubuntu sshd[23003]: Received disconnect from 122.166.237.117 port 51343:11: Bye Bye [preauth]
May 09 14:11:13 ubuntu sshd[23003]: Disconnected from 122.166.237.117 port 51343 [preauth]
May 09 14:11:14 ubuntu sshd[23006]: Invalid user pi from 59.27.31.96
May 09 14:11:14 ubuntu sshd[23006]: input_userauth_request: invalid user pi [preauth]
May 09 14:11:14 ubuntu sshd[23007]: Invalid user pi from 59.27.31.96
May 09 14:11:14 ubuntu sshd[23007]: input_userauth_request: invalid user pi [preauth]
May 09 14:11:14 ubuntu sshd[23006]: pam_unix(sshd:auth): check pass; user unknown
May 09 14:11:14 ubuntu sshd[23006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= r
May 09 14:11:14 ubuntu sshd[23007]: pam_unix(sshd:auth): check pass; user unknown
May 09 14:11:14 ubuntu sshd[23007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= r
May 09 14:11:16 ubuntu sshd[23006]: Failed password for invalid user pi from 59.27.31.96 port 48222 ssh2
May 09 14:11:16 ubuntu sshd[23007]: Failed password for invalid user pi from 59.27.31.96 port 48226 ssh2
May 09 14:11:16 ubuntu sshd[23006]: Connection closed by 59.27.31.96 port 48222 [preauth]
May 09 14:11:16 ubuntu sshd[23007]: Connection closed by 59.27.31.96 port 48226 [preauth]
May 09 14:11:22 ubuntu sshd[23010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= r
May 09 14:11:24 ubuntu sshd[23010]: Failed password for root from 52.130.74.186 port 46882 ssh2
May 09 14:11:24 ubuntu sshd[23010]: Received disconnect from 52.130.74.186 port 46882:11: Bye Bye [preauth]
May 09 14:11:24 ubuntu sshd[23010]: Disconnected from 52.130.74.186 port 46882 [preauth]
May 09 14:11:39 ubuntu sshd[23005]: Connection closed by 222.222.31.70 port 48248 [preauth]
May 09 14:12:18 ubuntu sshd[23018]: Invalid user docker from 88.132.66.26
May 09 14:12:18 ubuntu sshd[23018]: input_userauth_request: invalid user docker [preauth]
May 09 14:12:18 ubuntu sshd[23018]: pam_unix(sshd:auth): check pass; user unknown
May 09 14:12:18 ubuntu sshd[23018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= r
May 09 14:12:20 ubuntu sshd[23020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= r
May 09 14:12:20 ubuntu sshd[23018]: Failed password for invalid user docker from 88.132.66.26 port 39672 ssh2
May 09 14:12:20 ubuntu sshd[23018]: Received disconnect from 88.132.66.26 port 39672:11: Bye Bye [preauth]
May 09 14:12:20 ubuntu sshd[23018]: Disconnected from 88.132.66.26 port 39672 [preauth]
May 09 14:12:22 ubuntu sshd[23020]: Failed password for root from 35.195.238.142 port 39174 ssh2
May 09 14:12:22 ubuntu sshd[23020]: Received disconnect from 35.195.238.142 port 39174:11: Bye Bye [preauth]
May 09 14:12:22 ubuntu sshd[23020]: Disconnected from 35.195.238.142 port 39174 [preauth]
May 09 14:12:27 ubuntu sshd[23022]: Invalid user victor from 106.13.134.19
May 09 14:12:27 ubuntu sshd[23022]: input_userauth_request: invalid user victor [preauth]
May 09 14:12:27 ubuntu sshd[23022]: pam_unix(sshd:auth): check pass; user unknown
May 09 14:12:27 ubuntu sshd[23022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= r
May 09 14:12:29 ubuntu sshd[23022]: Failed password for invalid user victor from 106.13.134.19 port 56870 ssh2
May 09 14:12:29 ubuntu sshd[23022]: Received disconnect from 106.13.134.19 port 56870:11: Bye Bye [preauth]
May 09 14:12:29 ubuntu sshd[23022]: Disconnected from 106.13.134.19 port 56870 [preauth]
我正在使用Fail2Ban,并在Fail2Ban日志中看到相同的IP:
grep '59.27.31.96' /var/log/fail2ban.log
2020-05-09 14:16:02,855 fail2ban.actions [1070]: ERROR Failed to execute ban jail 'sshd' action 'sendmail-whois-lines' info 'CallingMap({'failures': 5, 'ipfailures': <function Actions.__checkBan.<locals>.<lambda> at 0x7fa5d92f07b8>, 'ip': '88.132.66.26', 'ipjailfailures': <function Actions.__checkBan.<locals>.<lambda> at 0x7fa5d92f0268>, 'matches': 'May 9 14:12:18 ubuntu sshd[23018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.132.66.26
May 9 14:12:20 ubuntu sshd[23018]: Failed password for invalid user docker from 88.132.66.26 port 39672 ssh2
May 9 14:15:59 ubuntu sshd[23047]: Invalid user bcb from 88.132.66.26
May 9 14:15:59 ubuntu sshd[23047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.132.66.26
May 9 14:16:00 ubuntu sshd[23047]: Failed password for invalid user bcb from 88.132.66.26 port 48488 ssh2', 'ipmatches': <function Actions.__checkBan.<locals>.<lambda> at 0x7fa5e3f072f0>, 'ipjailmatches': <function Actions.__checkBan.<locals>.<lambda> at 0x7fa5d92f0950>, 'time': 1589033761.0176165})': local variable 'retcode' referenced before assignment
所以我认为它们是攻击。
尽管fail2ban处于活动状态,它们是否对降低弹性搜索有效吗?
我该怎么做以检查和解决有关Elasticsearch的问题?
日志说什么?
[2020-05-09T14:17:48,766][WARN ][o.e.c.r.a.DiskThresholdMonitor] [my_clustername-master] high disk watermark [90%] exceeded on [Ynm6YG-MQyevaDqT2n9OeA][awesome3-master][/var/lib/elasticsearch/nodes/0] free: 1.7gb[7.6%], shards will be relocated away from this node
[2020-05-09T14:17:48,766][INFO ][o.e.c.r.a.DiskThresholdMonitor] [my_clustername-master] rerouting shards: [high disk watermark exceeded on one or more nodes]
如果我只有一台服务器和一个实例在工作,那么“分片将被移离该节点什么?”>
service elasticsearch status Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: enabled) Active: active (running) since Sat 2020-05-09 13:47:02 UTC; 32min ago Docs: http://www.elastic.co Process: 22691 ExecStartPre=/usr/share/elasticsearch/bin/elasticsearch-systemd-pre-exec (code=exited, status=0/SUCCES Main PID: 22694 (java) CGroup: /system.slice/elasticsearch.service └─22694 /usr/bin/java -Xms512m -Xmx512m -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+U
我的配置怎么说?
我正在使用`/etc/elasticsearch/elasticsearch.yml´的默认配置
并且没有为水印配置任何选项,例如https://stackoverflow.com/a/52006486/305883中的>
我应该包括他们吗?他们会怎么做?
[请注意,我没有评论#bootstrap.memory_lock: true
因为我只有2GB的内存。
即使在交换内存时,elasticsearch的性能也会很差,我的首要任务是它不会失败,并且站点可以正常运行。
问题:我注意到elasticsearch经常失败,需要手动重新启动服务器。这个问题可能与以下内容有关:即使我的数据不足,也超出了磁盘的高水位标记。
您的问题的解释:
以上是关于使用elasticsearch优化服务器操作:解决磁盘空间不足和认证失败的问题的主要内容,如果未能解决你的问题,请参考以下文章