一、在物理机上分别创建要挂载的目录
//elasticsearch.yml
mkdir -p /usr/elasticsearch/es01/config
mkdir -p /usr/elasticsearch/es02/config
mkdir -p /usr/elasticsearch/es03/config
//data目录
mkdir -p /usr/elasticsearch/es01/data
mkdir -p /usr/elasticsearch/es02/data
mkdir -p /usr/elasticsearch/es03/data
//插件目录
mkdir -p /usr/elasticsearch/es01/plugins/ik
mkdir -p /usr/elasticsearch/es02/plugins/ik
mkdir -p /usr/elasticsearch/es03/plugins/ik
//授权所有es目录下文件
chmod -R 777 /usr/elasticsearch/*
//kibana.yml
mkdir -p /usr/kibana/config
二、拷贝elasticsearch.yml到3个config目录下,修改对应的端口
cd /usr/elasticsearch
vi es01/config/elasticsearch.yml
network.host: 0.0.0.0 # 同时设置bind_host和publish_host
http.port: 8201 # rest客户端连接端口
transport.tcp.port: 8400 # 集群中节点互相通信端口
node.master: true # 设置master角色
node.data: true # 设置data角色
node.ingest: true # 设置ingest角色 在索引之前,对文档进行预处理,支持pipeline管道,相当于过滤器
node.max_local_storage_nodes: 1
http.cors.enabled: true # 跨域配置
http.cors.allow-origin: "*" # 跨域配置
ingest.geoip.downloader.enabled: false
vi es02/config/elasticsearch.yml
network.host: 0.0.0.0 # 同时设置bind_host和publish_host
http.port: 8202 # rest客户端连接端口
transport.tcp.port: 8500 # 集群中节点互相通信端口
node.master: true # 设置master角色
node.data: true # 设置data角色
node.ingest: true # 设置ingest角色 在索引之前,对文档进行预处理,支持pipeline管道,相当于过滤器
node.max_local_storage_nodes: 1
http.cors.enabled: true # 跨域配置
http.cors.allow-origin: "*" # 跨域配置
ingest.geoip.downloader.enabled: false
vi es03/config/elasticsearch.yml
network.host: 0.0.0.0 # 同时设置bind_host和publish_host
http.port: 8203 # rest客户端连接端口
transport.tcp.port: 8600 # 集群中节点互相通信端口
node.master: true # 设置master角色
node.data: true # 设置data角色
node.ingest: true # 设置ingest角色 在索引之前,对文档进行预处理,支持pipeline管道,相当于过滤器
node.max_local_storage_nodes: 1
http.cors.enabled: true # 跨域配置
http.cors.allow-origin: "*" # 跨域配置
ingest.geoip.downloader.enabled: false
vi /usr/kibana/config/kibana.yml
server.port: 8601
server.host: "0.0.0.0"
i18n.locale: "zh-CN"
#elasticsearch.username: "elastic"
#elasticsearch.password: "Baidu@123"
三、安装docker、docker-compose、上传es、kibnan、ik
tar -zxvf docker-20.10.9.tgz
cp docker-20.10.9/* /usr/local/bin
docker -v
mv docker-compose.txt docker-compose
chmod +x docker-compose
cp docker-compose /usr/local/bin
docker-compose -v
docker load -i elasticsearch.tar
docker tag [imageId] elasticsearch:7.16.3
kibnan包太大没法上传知识库,可以本地拉,再上传tar包
docker pull kibnan:7.16.3
docker save -o kibnan.tar [imageId]
docker load -i kibnan.tar
docker tag [imageId] kibnan:7.16.3
cd /usr/elasticsearch/es01/plugins/ik/
上传解压ik压缩包
四、 编写docker-compose.yml并拷贝至/usr/elasticsearch下
version: '3'
services:
es01:
image: elasticsearch:7.16.3
container_name: es01
restart: always
environment:
- node.name=es01
- cluster.name=es-docker-cluster
- discovery.seed_hosts=es02:8500,es03:8600
- cluster.initial_master_nodes=es01,es02,es03
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- /usr/elasticsearch/es01/data:/usr/share/elasticsearch/data
- /usr/elasticsearch/es01/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- /usr/elasticsearch/es01/plugins:/usr/share/elasticsearch/plugins
ports:
- 8201:8201
networks:
- es
es02:
image: elasticsearch:7.16.3
container_name: es02
restart: always
environment:
- node.name=es02
- cluster.name=es-docker-cluster
- discovery.seed_hosts=es01:8400,es03:8600
- cluster.initial_master_nodes=es01,es02,es03
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- /usr/elasticsearch/es02/data:/usr/share/elasticsearch/data
- /usr/elasticsearch/es02/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- /usr/elasticsearch/es02/plugins:/usr/share/elasticsearch/plugins
ports:
- 8202:8202
networks:
- es
es03:
image: elasticsearch:7.16.3
container_name: es03
restart: always
environment:
- node.name=es03
- cluster.name=es-docker-cluster
- discovery.seed_hosts=es01:8400,es02:8500
- cluster.initial_master_nodes=es01,es02,es03
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- /usr/elasticsearch/es03/data:/usr/share/elasticsearch/data
- /usr/elasticsearch/es03/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- /usr/elasticsearch/es03/plugins:/usr/share/elasticsearch/plugins
ports:
- 8203:8203
networks:
- es
kibana:
image: kibana:7.16.3
container_name: kibana
restart: always
depends_on:
- es01
environment:
ELASTICSEARCH_URL: http://es01:8201
ELASTICSEARCH_HOSTS: http://es01:8201
volumes:
- /usr/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml
networks:
- es
ports:
- 8601:8601
networks:
es:
driver: bridge
五、修改物理机参数
vi /etc/sysctl.conf
vm.max_map_count=655360
vim /etc/security/limits.conf
* soft nofile 100001
* hard nofile 100002
* soft memlock unlimited
* hard memlock unlimited
* soft nproc 65535
* hard nproc 65535
sysctl -p
docker network create --subnet=10.153.108.17/16 elasticsearch_es
docker-compose up -d
六、查看集群状态
查看集群状态:http://10.153.108.17:8201/_cluster/health?pretty
查看主节点:http://10.153.108.17:8201/_cat/master
查看所有节点:http://10.153.108.17:8201/_cat/nodes
kibnan:http://10.153.108.17:8601/
es01: http://10.153.108.17:8201/
es02: http://10.153.108.17:8202/
es03: http://10.153.108.17:8203/
七、开启身份认证
docker exec -it es01 bash
bin/elasticsearch-certutil ca
bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
期间输入密码,一直enter就行
exit
docker cp es01:/usr/share/elasticsearch/elastic-certificates.p12 /usr/elasticsearch/
mkdir -p /usr/share/elasticsearch/data/cert/
cp elastic-certificates.p12 /usr/share/elasticsearch/data/cert/
在每个elasticsearch.yml后加上
# 开启 xpack 身份验证
xpack.security.enabled: true
# 开启 ssl 认证
xpack.security.transport.ssl.enabled: true
# ssl 证书模式
xpack.security.transport.ssl.verification_mode: certificate
# 证书路径
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/data/cert/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/data/cert/elastic-certificates.p12
docker-compose down
docker network create --subnet=10.153.108.17/16 elasticsearch_es
docker-compose up -d
八、设置密码
docker exec -it es01 bash
bin/elasticsearch-setup-passwords interactive
输入密码
九、修改kibnan
vi /usr/kibana/config/kibana.yml
elasticsearch.username: "elastic"
elasticsearch.password: "Baidu@123"
docker-compose down
docker network create --subnet=10.153.108.17/16 elasticsearch_es
docker-compose up -d
十、查看集群状态
查看的时候会弹窗输入密码
查看集群状态:http://10.153.108.17:8201/_cluster/health?pretty
查看主节点:http://10.153.108.17:8201/_cat/master
查看所有节点:http://10.153.108.17:8201/_cat/nodes
kibnan:http://10.153.108.17:8601/
es01: http://10.153.108.17:8201/
es02: http://10.153.108.17:8202/
es03: http://10.153.108.17:8203/