使用elasticsearch优化服务器操作:解决磁盘空间不足和认证失败的问题

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了使用elasticsearch优化服务器操作:解决磁盘空间不足和认证失败的问题相关的知识,希望对你有一定的参考价值。

问题:我注意到elasticsearch经常失败,需要手动重新启动服务器。

此问题可能与:High disk watermark exceeded even when there is not much data in my index

但是我想更好地了解如果磁盘大小失败,elasticsearch将执行的操作,如何优化配置,并且只有在系统失败时才最终自动重新启动。

我也不确定弹性搜索是否仅由于磁盘水印不足或其他问题而失败:我在日志上看到身份验证失败。

您能否帮助您了解如何阅读elasticsearch期刊并做出相应的选择来解决问题,并建议最佳实践来调整小型服务器上的服务器操作?

我的首要任务是避免系统崩溃;可以降低性能,没有预算增加服务器大小。

硬件

我在单个小型服务器(2GB)上运行elasticsearch,具有3个索引(存储大小分别为500mb,20mb和65mb)和几个GB的可用磁盘空间(固态):我想允许使用虚拟内存VS消耗RAM 。

在我所做的事情之下:


期刊怎么说?

[journalctl -xe显示与未知ips的断开连接。

May 09 14:11:13 ubuntu sshd[23003]: Received disconnect from 122.166.237.117 port 51343:11: Bye Bye [preauth]
May 09 14:11:13 ubuntu sshd[23003]: Disconnected from 122.166.237.117 port 51343 [preauth]
May 09 14:11:14 ubuntu sshd[23006]: Invalid user pi from 59.27.31.96
May 09 14:11:14 ubuntu sshd[23006]: input_userauth_request: invalid user pi [preauth]
May 09 14:11:14 ubuntu sshd[23007]: Invalid user pi from 59.27.31.96
May 09 14:11:14 ubuntu sshd[23007]: input_userauth_request: invalid user pi [preauth]
May 09 14:11:14 ubuntu sshd[23006]: pam_unix(sshd:auth): check pass; user unknown
May 09 14:11:14 ubuntu sshd[23006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= r
May 09 14:11:14 ubuntu sshd[23007]: pam_unix(sshd:auth): check pass; user unknown
May 09 14:11:14 ubuntu sshd[23007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= r
May 09 14:11:16 ubuntu sshd[23006]: Failed password for invalid user pi from 59.27.31.96 port 48222 ssh2
May 09 14:11:16 ubuntu sshd[23007]: Failed password for invalid user pi from 59.27.31.96 port 48226 ssh2
May 09 14:11:16 ubuntu sshd[23006]: Connection closed by 59.27.31.96 port 48222 [preauth]
May 09 14:11:16 ubuntu sshd[23007]: Connection closed by 59.27.31.96 port 48226 [preauth]
May 09 14:11:22 ubuntu sshd[23010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= r
May 09 14:11:24 ubuntu sshd[23010]: Failed password for root from 52.130.74.186 port 46882 ssh2
May 09 14:11:24 ubuntu sshd[23010]: Received disconnect from 52.130.74.186 port 46882:11: Bye Bye [preauth]
May 09 14:11:24 ubuntu sshd[23010]: Disconnected from 52.130.74.186 port 46882 [preauth]
May 09 14:11:39 ubuntu sshd[23005]: Connection closed by 222.222.31.70 port 48248 [preauth]
May 09 14:12:18 ubuntu sshd[23018]: Invalid user docker from 88.132.66.26
May 09 14:12:18 ubuntu sshd[23018]: input_userauth_request: invalid user docker [preauth]
May 09 14:12:18 ubuntu sshd[23018]: pam_unix(sshd:auth): check pass; user unknown
May 09 14:12:18 ubuntu sshd[23018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= r
May 09 14:12:20 ubuntu sshd[23020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= r
May 09 14:12:20 ubuntu sshd[23018]: Failed password for invalid user docker from 88.132.66.26 port 39672 ssh2
May 09 14:12:20 ubuntu sshd[23018]: Received disconnect from 88.132.66.26 port 39672:11: Bye Bye [preauth]
May 09 14:12:20 ubuntu sshd[23018]: Disconnected from 88.132.66.26 port 39672 [preauth]
May 09 14:12:22 ubuntu sshd[23020]: Failed password for root from 35.195.238.142 port 39174 ssh2
May 09 14:12:22 ubuntu sshd[23020]: Received disconnect from 35.195.238.142 port 39174:11: Bye Bye [preauth]
May 09 14:12:22 ubuntu sshd[23020]: Disconnected from 35.195.238.142 port 39174 [preauth]
May 09 14:12:27 ubuntu sshd[23022]: Invalid user victor from 106.13.134.19
May 09 14:12:27 ubuntu sshd[23022]: input_userauth_request: invalid user victor [preauth]
May 09 14:12:27 ubuntu sshd[23022]: pam_unix(sshd:auth): check pass; user unknown
May 09 14:12:27 ubuntu sshd[23022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= r
May 09 14:12:29 ubuntu sshd[23022]: Failed password for invalid user victor from 106.13.134.19 port 56870 ssh2
May 09 14:12:29 ubuntu sshd[23022]: Received disconnect from 106.13.134.19 port 56870:11: Bye Bye [preauth]
May 09 14:12:29 ubuntu sshd[23022]: Disconnected from 106.13.134.19 port 56870 [preauth]

我正在使用Fail2Ban,并在Fail2Ban日志中看到相同的IP:

grep '59.27.31.96' /var/log/fail2ban.log

2020-05-09 14:16:02,855 fail2ban.actions        [1070]: ERROR   Failed to execute ban jail 'sshd' action 'sendmail-whois-lines' info 'CallingMap({'failures': 5, 'ipfailures': <function Actions.__checkBan.<locals>.<lambda> at 0x7fa5d92f07b8>, 'ip': '88.132.66.26', 'ipjailfailures': <function Actions.__checkBan.<locals>.<lambda> at 0x7fa5d92f0268>, 'matches': 'May  9 14:12:18 ubuntu sshd[23018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.132.66.26
May  9 14:12:20 ubuntu sshd[23018]: Failed password for invalid user docker from 88.132.66.26 port 39672 ssh2
May  9 14:15:59 ubuntu sshd[23047]: Invalid user bcb from 88.132.66.26
May  9 14:15:59 ubuntu sshd[23047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.132.66.26
May  9 14:16:00 ubuntu sshd[23047]: Failed password for invalid user bcb from 88.132.66.26 port 48488 ssh2', 'ipmatches': <function Actions.__checkBan.<locals>.<lambda> at 0x7fa5e3f072f0>, 'ipjailmatches': <function Actions.__checkBan.<locals>.<lambda> at 0x7fa5d92f0950>, 'time': 1589033761.0176165})': local variable 'retcode' referenced before assignment

所以我认为它们是攻击。

尽管fail2ban处于活动状态,它们是否对降低弹性搜索有效吗?

我该怎么做以检查和解决有关Elasticsearch的问题?

日志说什么?

[2020-05-09T14:17:48,766][WARN ][o.e.c.r.a.DiskThresholdMonitor] [my_clustername-master] high disk watermark [90%] exceeded on [Ynm6YG-MQyevaDqT2n9OeA][awesome3-master][/var/lib/elasticsearch/nodes/0] free: 1.7gb[7.6%], shards will be relocated away from this node
[2020-05-09T14:17:48,766][INFO ][o.e.c.r.a.DiskThresholdMonitor] [my_clustername-master] rerouting shards: [high disk watermark exceeded on one or more nodes]

如果我只有一台服务器和一个实例在工作,那么“分片将被移离该节点什么?”>

service elasticsearch status

 Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2020-05-09 13:47:02 UTC; 32min ago
     Docs: http://www.elastic.co
  Process: 22691 ExecStartPre=/usr/share/elasticsearch/bin/elasticsearch-systemd-pre-exec (code=exited, status=0/SUCCES
 Main PID: 22694 (java)
   CGroup: /system.slice/elasticsearch.service
           └─22694 /usr/bin/java -Xms512m -Xmx512m -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+U

我的配置怎么说?

我正在使用`/etc/elasticsearch/elasticsearch.yml´的默认配置

并且没有为水印配置任何选项,例如https://stackoverflow.com/a/52006486/305883中的>

我应该包括他们吗?他们会怎么做?

[请注意,我没有评论#bootstrap.memory_lock: true因为我只有2GB的内存。

即使在交换内存时,elasticsearch的性能也会很差,我的首要任务是它不会失败,并且站点可以正常运行。

问题:我注意到elasticsearch经常失败,需要手动重新启动服务器。这个问题可能与以下内容有关:即使我的数据不足,也超出了磁盘的高水位标记。

答案

您的问题的解释:

以上是关于使用elasticsearch优化服务器操作:解决磁盘空间不足和认证失败的问题的主要内容,如果未能解决你的问题,请参考以下文章

elasticsearch集群优化

Elasticsearch性能优化

优化 Elasticsearch 索引

亿级 Elasticsearch 性能优化

Elasticsearch 数据的读写流程,掌握到这个程度就够用了

ElasticSearch性能优化实践(JVM调优+ES调优)