All geek questions in one place

Elastic search on an elastic beanstalk

I am trying to run ElasticSearch in an Elastic Beanstalk environment. Using a Docker image, it’s pretty simple to get one instance running in a load-balanced environment. However, when I try to add more instances to the cluster, they cannot find each other, and each new one becomes a new master.

My Dockerfile as follows

 FROM dockerfile/java:oracle-java8 RUN ... # Downloading and installing ElasticSearch RUN /elasticsearch/bin/plugin install elasticsearch/elasticsearch-cloud-aws/2.5.0 VOLUME ["/data"] ADD config/elasticsearch.yml /elasticsearch/config/elasticsearch.yml WORKDIR /data CMD ["/elasticsearch/bin/elasticsearch"] EXPOSE 9200

And the config/elasticsearch.yml configuration looks like this:

 cluster: name: elastic-env-dev cloud: aws: region: ap-southeast-2 discovery: type: ec2 ec2: tag: Name: elastic-env-dev ping_timeout: 120s

The EB environment name is elastic-env-dev .

+6
source share
2 answers

You can install ES on EBT, here's how

http://vladmiller.com/elasticsearch/aws/2015/12/08/deploy-elasticsearch-on-aws-elasticbeanstalk.html

At this stage (November 14, 2015), after spending a certain amount of time, I will say that it is not possible to make an ES cluster for EB.

Problem number 1 is that you need to map the docker port to the host machine, as if you were doing

 docker run -p 9300:9300 ...

This can be very easily resolved by adding post appdeploy hook via . ebextensions that will configure iptables port forwarding

 files: "/opt/elasticbeanstalk/hooks/appdeploy/post/99_setup_iptables.sh": mode: "0755" owner: root group: root content: | #!/bin/sh iptables-save | grep -v added_by_ebextension | iptables-restore DOCKER_IP=$(docker inspect `cat /etc/elasticbeanstalk/.aws_beanstalk.current-container-id` | jq -r .[0].NetworkSettings.IPAddress) iptables -t nat -A DOCKER -p tcp --dport 9300:9400 -j DNAT --to-destination ${DOCKER_IP} -m comment --comment added_by_ebextension service iptables save

Problem number 2 you need to configure a security group, make sure that you allow TCP 9300-9400 and ICMP traffic between nodes in SG.

Problem # 3 uses aws-ec2 discovery plugin and restricts it to SG, so no other machines are detected

 // elasticsearch.yml cloud.aws: access_key: YYYYYYYYY secret_key: XXXXXXXXX region: us-east-1 discovery.type: ec2 discovery.ec2.ping_timeout: 30s discovery.ec2.tag.Name: [ENVIRONMENT_NAME] discovery.ec2.host_type: private_dns discovery.zen.ping.multicast.enabled: false

Problem No. 4, unsolved, is that every ES node will communicate with the internal docker IP address, something like 172.17.0.3 , however your IP address of your host is different. Therefore, when the nodes discover each other and begin to communicate, they report the wrong IP address to others.

 [2015-11-13 21:50:58,542][TRACE][discovery.zen.ping.unicast] [86ac0ad55d5b] [2] received response from {#zen_unicast_21_#cloud-i-8c317a3b-0#}{10.165.71.177}{ip-10-165-71-177.ec2.internal/10.165.71.177:9300}: [ping_response{node [{86ac0ad55d5b}{U3PF5qOaQCucpK3JfZ3ARA}{172.17.0.3}{172.17.0.3:9300}], id[5], master [null], hasJoinedOnce [false], cluster_name[es-staging]}, ping_response{node [{86ac0ad55d5b}{U3PF5qOaQCucpK3JfZ3ARA}{172.17.0.3}{172.17.0.3:9300}], id[7], master [null], hasJoinedOnce [false], cluster_name[es-staging]}, ping_response{node [{86ac0ad55d5b}{U3PF5qOaQCucpK3JfZ3ARA}{172.17.0.3}{172.17.0.3:9300}], id[9], master [null], hasJoinedOnce [false], cluster_name[es-staging]}, ping_response{node [{86ac0ad55d5b}{U3PF5qOaQCucpK3JfZ3ARA}{172.17.0.3}{172.17.0.3:9300}], id[11], master [null], hasJoinedOnce [false], cluster_name[es-staging]}, ping_response{node [{89764d1bb185}{yVRC-HmIQoayIuWfi6a09g}{172.17.0.3}{172.17.0.3:9300}], id[30], master [{89764d1bb185}{yVRC-HmIQoayIuWfi6a09g}{172.17.0.3}{172.17.0.3:9300}], hasJoinedOnce [true], cluster_name[es-staging]}]

You can see that the node is detected on ip-10-165-71-177.ec2.internal / 10.165.71.177: 9300 , however the node answered that the IP address is 172.17.0.3 , so first, instead of connecting to the private IP address, node EC2 will try to connect to the Docker internal IP

 [2015-11-13 21:51:00,037][TRACE][discovery.ec2 ] [86ac0ad55d5b] full ping responses: --> ping_response{node [{89764d1bb185}{yVRC-HmIQoayIuWfi6a09g}{172.17.0.3}{172.17.0.3:9300}], id[30], master [{89764d1bb185}{yVRC-HmIQoayIuWfi6a09g}{172.17.0.3}{172.17.0.3:9300}], hasJoinedOnce [true], cluster_name[es-staging]} [2015-11-13 21:51:00,041][DEBUG][discovery.ec2 ] [86ac0ad55d5b] filtered ping responses: (filter_client[true], filter_data[false]) --> ping_response{node [{89764d1bb185}{yVRC-HmIQoayIuWfi6a09g}{172.17.0.3}{172.17.0.3:9300}], id[30], master [{89764d1bb185}{yVRC-HmIQoayIuWfi6a09g}{172.17.0.3}{172.17.0.3:9300}], hasJoinedOnce [true], cluster_name[es-staging]}

We need to somehow force the ES to bind to the host IP address or ignore these docker IPs and continue the discovered IP address.

UPDATE 1 I suspect you can deploy ES to EB without Docker, however I have not tried this option yet.

UPDATE 2 I was able to make nodes, open each other and try to communicate, however now it has a different problem

UPDATE 3 Here is a story and code example on how to achieve the desired effect http://vladmiller.com/elasticsearch/aws/2015/12/08/deploy-elasticsearch-on-aws-elasticbeanstalk.html

+3
source

1) Check your instance security groups so that ES instances can talk to each other, they must use port 9300

2) AWS does not allow multicast. you must disable multicast in elasticsearch configuration

add this line to the configuration in each ES configuration

 discovery.zen.ping.multicast.enabled: false

if this does not work, try adding a unicast configuration

 discovery.zen.ping.unicast.hosts: loadbalancer.address

3) remember that instance security groups must allow 9300 from the ELB

 Custom TCP Rule TCP 9300 amazon-elb/sg-123456ed (amazon-elb-sg)

4) use telnet to verify communication between ES instances using

 telnet ip_address 9300
+4
source

Source: https://habr.com/ru/post/984415/

More articles:


All Articles