案例使用的是单机部署,多机部署修改一下IP即可
docker network创建
docker network create -d bridge --subnet 192.168.0.0/24 --gateway 192.168.0.1 ok
查看vm.max_map_count大小
sudo vim /etc/sysctl.conf
# 新增vm.max_map_count=262144或修改vm.max_map_count
vm.max_map_count=262144
# 生效
sudo sysctl -p
创建目录
cd /data/soft/
mkdir elasticsearch-8.14.3
mkdir config
mkdir data01
mkdir data02
mkdir data03
mkdir log01
mkdir log02
mkdir log03
mkdir config
docker-compose.yml配置
cd /data/soft/elasticsearch-8.14.3
touch docker-compose.yml
vim docker-compose.yml
docker-compose内容如下
services:
cluster_1:
image: elasticsearch:8.14.3
container_name: cluster_1
environment:
- "ES_JAVA_OPTS=-Xms1024m -Xmx1024m"
- "ELASTIC_PASSWORD=123456789a"
volumes:
- /data/soft/elasticsearch-8.14.3/config/cluster_1.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- /data/soft/elasticsearch-8.14.3/log01:/usr/share/elasticsearch/logs
- /data/soft/elasticsearch-8.14.3/data01:/usr/share/elasticsearch/data
- /data/soft/elasticsearch-8.14.3/plugin:/usr/share/elasticsearch/plugins
- /data/soft/elasticsearch-8.14.3/config/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
privileged: true
ports:
- 9200:9200
- 9300:9300
networks:
defalut:
ipv4_address: 192.168.0.2
cluster_2:
image: elasticsearch:8.14.3
container_name: cluster_2
environment:
- "ES_JAVA_OPTS=-Xms1024m -Xmx1024m"
- "ELASTIC_PASSWORD=123456789a"
volumes:
- /data/soft/elasticsearch-8.14.3/config/cluster_2.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- /data/soft/elasticsearch-8.14.3/log02:/usr/share/elasticsearch/logs
- /data/soft/elasticsearch-8.14.3/data02:/usr/share/elasticsearch/data
- /data/soft/elasticsearch-8.14.3/plugin:/usr/share/elasticsearch/plugins
- /data/soft/elasticsearch-8.14.3/config/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
privileged: true
ports:
- 9201:9200
- 9301:9300
networks:
defalut:
ipv4_address: 192.168.0.3
cluster_3:
image: elasticsearch:8.14.3
container_name: cluster_3
environment:
- "ES_JAVA_OPTS=-Xms1024m -Xmx1024m"
- "ELASTIC_PASSWORD=123456789a"
volumes:
- /data/soft/elasticsearch-8.14.3/config/cluster_3.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- /data/soft/elasticsearch-8.14.3/log03:/usr/share/elasticsearch/logs
- /data/soft/elasticsearch-8.14.3/data03:/usr/share/elasticsearch/data
- /data/soft/elasticsearch-8.14.3/plugin:/usr/share/elasticsearch/plugins
- /data/soft/elasticsearch-8.14.3/config/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
privileged: true
ports:
- 9202:9200
- 9302:9300
networks:
defalut:
ipv4_address: 192.168.0.4
kibana:
image: kibana:8.14.3
container_name: kibana
ports:
- 5601:5601
volumes:
- /data/soft/elasticsearch-8.14.3/config/kibana.yml:/usr/share/kibana/config/kibana.yml
depends_on:
- cluster_1
- cluster_2
- cluster_3
networks:
defalut:
ipv4_address: 192.168.0.5
networks:
defalut:
external: true
name: ok
集群配置
cd /data/soft/elasticsearch-8.14.3/config
touch cluster_1.yml
touch cluster_2.yml
touch cluster_3.yml
touch kibana.yml
cluster_1.yml
cluster.name: elasticsearch-cluster
node.name: es-node-1
network.host: 0.0.0.0
network.publish_host: 192.168.0.2
http.port: 9200
http.cors.enabled: true
http.cors.allow-origin: "*"
cluster.initial_master_nodes: es-node-1
discovery.seed_hosts: ["192.168.0.2:9300", "192.168.0.3:9300", "192.168.0.4:9300"]
transport.profiles.default.port: 9300
http.cors.allow-headers: Authorization
xpack.security.enabled: false
cluster_2.yml
cluster.name: elasticsearch-cluster
node.name: es-node-2
network.host: 0.0.0.0
network.publish_host: 192.168.0.3
http.port: 9200
http.cors.enabled: true
http.cors.allow-origin: "*"
cluster.initial_master_nodes: es-node-1
discovery.seed_hosts: ["192.168.0.2:9300", "192.168.0.3:9300", "192.168.0.4:9300"]
transport.profiles.default.port: 9300
http.cors.allow-headers: Authorization
xpack.security.enabled: false
cluster_3.yml
cluster.name: elasticsearch-cluster
node.name: es-node-3
network.host: 0.0.0.0
network.publish_host: 192.168.0.4
http.port: 9200
http.cors.enabled: true
http.cors.allow-origin: "*"
cluster.initial_master_nodes: es-node-1
discovery.seed_hosts: ["192.168.0.2:9300", "192.168.0.3:9300", "192.168.0.4:9300"]
transport.profiles.default.port: 9300
http.cors.allow-headers: Authorization
xpack.security.enabled: false
kibana.yml
elasticsearch.hosts: ["http://192.168.0.2:9200","http://192.168.0.3:9200","http://192.168.0.4:9200"]
server.host: 0.0.0.0
server.port: 5601
i18n.locale: "zh-CN"
elasticsearch.username: "kibana_system"
elasticsearch.password: "123456789a"
启动容器
cd /data/soft/elasticsearch-8.14.3
docker-compose up -d
证书生成
# 进入容器
docker exec -it cluster_1 /bin/bash
# 执行如下命令,中间提示设置密码,可以直接回车不用填写
/usr/share/elasticsearch/bin/elasticsearch-certutil ca
# 继续执行如下命令,中间提示设置密码,可以直接回车不用填写
/usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
# 复制生成的 elastic-stack-ca.p12 elastic-certificates.p12 两个文件到/usr/share/elasticsearch/data目录
cp elastic-stack-ca.p12 /usr/share/elasticsearch/data
cp elastic-certificates.p12 /usr/share/elasticsearch/data
# 退出容器
exit
开启认证
cd /data/soft/elasticsearch-8.14.3/data01
# 复制证书文件到config目录
cp /data/soft/elasticsearch-8.14.3/data01/elastic-certificates.p12 /data/soft/elasticsearch-8.14.3/config
cp /data/soft/elasticsearch-8.14.3/data01/eelastic-stack-ca.p12 /data/soft/elasticsearch-8.14.3/config
# 进入config目录
cd /data/soft/elasticsearch-8.14.3/config
# 设置权限,这里根据情况,777为举例
chmod -R 777 elastic-certificates.p12
chmod -R 777 elastic-stack-ca.p12
# 在config目录中的cluster_1.yml cluster_2.yml cluster_3.yml 分别修改这三个配置文件, 并追加如下配置
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
# 注意原配置中的xpack.security.enabled: false改为xpack.security.enabled: true
# 重启容器
cd /data/soft/elasticsearch-8.14.3
docker-compose restart
# 进入容器
docker exec -it cluster_1 /bin/bash
# 设置密码,完成
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
# 重新修改/data/soft/elasticsearch-8.14.3/kibana.yml 中elasticsearch.password值,已实际设置为准即可
# 重启容器
docker-compose restart
# 登录kibana使用账号elastic, 密码为elastic设置的对应密码
如果发现主节点无法发现子节点,本例中es-node-1为主节点,所以你可能需要通过删除
/data/soft/elasticsearch-8.14.3/data02
/data/soft/elasticsearch-8.14.3/data03
这两个目录,然后重启生效