centos7.7环境下使用docker-compose部署elasticsearch7.4集群并设置密码

最新推荐文章于 2024-03-24 21:38:39 发布
最新推荐文章于 2024-03-24 21:38:39 发布
阅读量1.5k 收藏 6
点赞数 2
文章标签: docker elasticsearch kubernetes es 大数据
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/reblue520/article/details/109666858
版权

centos7.7环境下使用docker-compose部署elasticsearch7.4集群并设置密码
Elasticsearch从6.8开始,允许免费用户使用X-Pack的安全功能,设置密码了会让系统安全很多
因为es是有状态的系统,生产环境中最好直接部署在宿主机中,此次部署是测试开发环境,直接使用docker进行部署,方便快速创建集群
环境:centos7.7_x86_64
宿主机IP:http://10.10.17.64/
安装环境和卷均挂载到 /data/elasticsearch 目录中
1.es需要修改linux宿主机的一些参数
设置vm.max_map_count=262144
sudo vim /etc/sysctl.conf
vm.max_map_count=262144
不重启, 直接生效当前的命令
sysctl -w vm.max_map_count=262144
2.创建对应的数据存储文件

mkdir /data/elasticsearch
cd /data/elasticsearch

mkdir -p elastic01/data
mkdir -p elastic01/logs
mkdir -p elastic02/data
mkdir -p elastic02/logs
mkdir -p elastic03/data
mkdir -p elastic03/logs


## 为简单起见,这里暂且授权给所有人好了
sudo chmod 777 elastic* -R

3.获取基础镜像
# docker pull docker.elastic.co/elasticsearch/elasticsearch:7.4.0
4.创建docker-compose.yml
# elasticsearch集群暴露在宿主机中使用的端口分别9201/9202/9203(将集群内部elasticsearch的9200端口分布映射出来)

# cat /data/elasticsearch/docker-compose.yml

version: '2.2'
services:
  elastic01:
    image: elasticsearch:7.4.0
    container_name: elastic01
    environment:
      - node.name=elastic01
      - cluster.name=es-docker-cluster
      - discovery.seed_hosts=elastic02,elastic03
      - cluster.initial_master_nodes=elastic01,elastic02,elastic03
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ./elastic01/data:/usr/share/elasticsearch/data
      - ./elastic01/logs:/usr/share/elasticsearch/logs
      - ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
      - ./elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
    ports:
      - 9201:9200
    networks:
      - elastic

  elastic02:
    image: elasticsearch:7.4.0
    container_name: elastic02
    environment:
      - node.name=elastic02
      - cluster.name=es-docker-cluster
      - discovery.seed_hosts=elastic01,elastic03
      - cluster.initial_master_nodes=elastic01,elastic02,elastic03
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ./elastic02/data:/usr/share/elasticsearch/data
      - ./elastic02/logs:/usr/share/elasticsearch/logs
      - ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
      - ./elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
    ports:
      - 9202:9200
    networks:
      - elastic

  elastic03:
    image: elasticsearch:7.4.0
    container_name: elastic03
    environment:
      - node.name=elastic03
      - cluster.name=es-docker-cluster
      - discovery.seed_hosts=elastic01,elastic02
      - cluster.initial_master_nodes=elastic01,elastic02,elastic03
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ./elastic03/data:/usr/share/elasticsearch/data
      - ./elastic03/logs:/usr/share/elasticsearch/logs
      - ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
      - ./elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
    ports:
      - 9203:9200
    networks:
      - elastic

  kib01:
    depends_on: 
      - elastic01
    image: kibana:7.4.0
    container_name: kib01
    ports:
      - 5601:5601
    environment:
      ELASTICSEARCH_URL: http://elastic01:9200
      ELASTICSEARCH_HOSTS: http://elastic01:9200
    volumes:
      - ./kibana.yml:/usr/share/kibana/config/kibana.yml
    networks:
      - elastic

networks:
  elastic:
    driver: bridge

5.配置elasticsearch
# cat /data/elasticsearch/elasticsearch.yml 

network.host: 0.0.0.0
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/elastic-certificates.p12

network.host 设置允许其他ip访问,解除ip绑定
xpack.security 则是安全相关配置,其中ssl的证书需要自己生成

6.生成证书elastic-certificates.p12
# 临时运行一个容器,在其中生成证书

docker run -dit --name=es elasticsearch:7.4.0 /bin/bash

es提供了生成证书的工具elasticsearch-certutil,我们可以在docker实例中生成它,然后拷贝出来,然后给集群使用
首先运行一个叫做 es 的docker实例

docker run -dit --name=es elasticsearch:7.4.0 /bin/bash

进入实例内部,生成证书

docker exec -it es /bin/bash

生成ca: elastic-stack-ca.p12

[root@36g848ff62 elasticsearch]# ./bin/elasticsearch-certutil ca
This tool assists you in the generation of X.509 certificates and certificate
signing requests for use with SSL/TLS in the Elastic stack.

The 'ca' mode generates a new 'certificate authority'
This will create a new X.509 certificate and private key that can be used
to sign certificate when running in 'cert' mode.

Use the 'ca-dn' option if you wish to configure the 'distinguished name'
of the certificate authority

By default the 'ca' mode produces a single PKCS#12 output file which holds:
    * The CA certificate
    * The CA's private key

If you elect to generate PEM format certificates (the -pem option), then the output will
be a zip file containing individual files for the CA certificate and private key

Please enter the desired output file [elastic-stack-ca.p12]: 
Enter password for elastic-stack-ca.p12 : 


再生成cert: elastic-certificates.p12

[root@36g848ff62 elasticsearch]# ./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
This tool assists you in the generation of X.509 certificates and certificate
signing requests for use with SSL/TLS in the Elastic stack.

The 'cert' mode generates X.509 certificate and private keys.

这个生成elastic-certificates.p12 就是我们需要使用的。
复制出证书, ctrl+d退出容器内部

docker cp es:/usr/share/elasticsearch/elastic-certificates.p12 /data/elasticsearch/

至此,生成证书完毕
7.生成密码
我们首先要启动es集群,去里面生成密码。

在启动容器前需要配置kibana.yml,否则启动会失败,记得后面密码生成完成后需要修改密码部分

# cat /data/elasticsearch/kibana.yml 
server.host: "0.0.0.0"
elasticsearch.username: "kibana"
elasticsearch.password: "pass"

启动集群

docker-compose up

然后进入其中一台

docker exec -it elastic01 /bin/bash

生成密码用auto, 自己设置用 interactive

[root@5760a2da8831 elasticsearch]# ./bin/elasticsearch-setup-passwords -h
Sets the passwords for reserved users

Commands
--------
auto - Uses randomly generated passwords
interactive - Uses passwords entered by a user

Non-option arguments:
command              

Option         Description        
------         -----------        
-h, --help     show help          
-s, --silent   show minimal output
-v, --verbose  show verbose output

# 自动生成密码

[root@5760a2da8831 elasticsearch]# ./bin/elasticsearch-setup-passwords auto
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
The passwords will be randomly generated and printed to the console.
Please confirm that you would like to continue [y/N]y


Changed password for user apm_system
PASSWORD apm_system = O49pTKFDnKLohMZniEod

Changed password for user kibana
PASSWORD kibana = bsrRfRjpmFi8YEKZ9VKa

Changed password for user logstash_system
PASSWORD logstash_system = bLdyzqjFtVVcCH0nj9vu

Changed password for user beats_system
PASSWORD beats_system = O9J9C0JeO9spv9mWCdIH

Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = jEZc6IPOyWXE9I7Qj9F7

Changed password for user elastic
PASSWORD elastic = B6NoHgkYRdQiuwTP8r32

8.验证集群状态
# 进入集群内部测试验证集群的状态

[root@sz_cxzx_n004dev03_17_64 elasticsearch]# docker exec -it elastic03 bash
[root@bf67589ab0f3 elasticsearch]# curl -u elastic:B6NoHgkYRdQiuwTP8r32 elastic01:9200/_cluster/health?pretty
{
  "cluster_name" : "es-docker-cluster",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 3,
  "number_of_data_nodes" : 3,
  "active_primary_shards" : 1,
  "active_shards" : 2,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}
[root@bf67589ab0f3 elasticsearch]# curl -u elastic:B6NoHgkYRdQiuwTP8r32 elastic02:9200/_cluster/health?pretty
{
  "cluster_name" : "es-docker-cluster",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 3,
  "number_of_data_nodes" : 3,
  "active_primary_shards" : 1,
  "active_shards" : 2,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}
[root@bf67589ab0f3 elasticsearch]# curl -u elastic:B6NoHgkYRdQiuwTP8r32 elastic03:9200/_cluster/health?pretty
{
  "cluster_name" : "es-docker-cluster",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 3,
  "number_of_data_nodes" : 3,
  "active_primary_shards" : 1,
  "active_shards" : 2,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}

通过浏览器访问

kibana配置

# 如果中途 docker-compose.yml 有变更
需要先清理环境
docker-compose stop
docker-compose rm
更新文件后重新启动集群
docker-compose up -d

重新启动后的集群,密码信息还继续保留

忘记密码
如果生成后忘记密码了可以进入机器去修改
进入es的机器
docker exec -it elastic03 /bin/bash
创建一个临时的超级用户 jack
./bin/elasticsearch-users useradd jack -r superuser
Enter new password:
ERROR: Invalid password...passwords must be at least [6] characters long
./bin/elasticsearch-users useradd jack -r superuser
Enter new password:
Retype new password:
用这个用户去修改elastic的密码:
curl -XPUT -u jack:jack123 http://localhost:9200/_xpack/security/user/elastic/_password -H "Content-Type: application/json" -d '
{
  "password": "B6NoHgkYRdQiuwTP8r32"
}'

reblue520
关注
  • 2
    点赞
  • 6
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
Docker安装Elasticsearch7.14.0集群设置密码
你就是唯一づ
03-12 5505
docker按照es集群 环境:CentOS 8.5 Elasticsearch版本:7.14.0 用户:root 本次执行全部使用root 用户执行,如果使用的是普通用户,记得前面加 sudo 一、基础配置 修改 Linux 的 vm.max_map_count 参数。 设置vm.max_map_count=262144 vim /etc/sysctl.conf vm
基于docker-compose构建filebeat + Logstash +Elasticsearch+ kibana日志系统
04-30
基于docker-compose构建filebeat + Logstash +Elasticsearch+ kibana日志系统 对nginx日志进行正则切割字段。 https://www.jianshu.com/p/f7927591d530
docker-compose部署elasticsearch
修理男爵的博客
09-13 6630
参考的官方文档链接:https://www.elastic.co/guide/en/elasticsearch/reference/7.5/docker.html 下载镜像 docker pullelasticsearch:7.14.1 编写docker-compose.yml version: '3' services: es01: image: elasticsearch:7.14.1 environment: - node.name=es01 -.
快速上手 ElasticsearchDocker Compose 部署详解
修己xj的博客
03-24 878
Elasticsearch为各种类型的数据提供几乎实时的搜索和分析。无论您拥有结构化还是非结构化文本、数值数据还是地理空间数据,Elasticsearch都可以高效地存储和索引它,以支持快速搜索。您可以远不止简单地检索数据,还可以聚合信息以发现数据中的趋势和模式。随着数据和查询量的增长,Elasticsearch的分布式特性使得您的部署可以与之无缝增长。为应用程序或网站添加搜索框存储和分析日志、指标和安全事件数据使用机器学习实时自动建模数据行为。
docker elastic search 设置密码,修改密码
qq_35425070的博客
05-13 7010
设置密码 进入 elastic search 容器 docker exec -it elasticsearch /bin/bash 随机生成密码用auto, 自己设置用 interactive [root@njfdkb4bmk3b elasticsearch]# ./bin/elasticsearch-setup-passwords -h Sets the passwords for reserved users Commands -------- auto - Uses randomly genera
Docker安装ElasticSearch7.7.0+ElasticSearch-Head+ik分词器并设置密码保姆级教程小白看了都会
weixin_44016938的博客
03-30 1453
docker安装我就不废话了,不知道可以看我的其它文章,现在就开门见山安装ElasticSearch然后再安装ik分词器最后安装ElasticSearch-Head客户端工具。
elasticsearch 7.4.0 docker-compose文件
11-13
快速部署elasticsearch 7.4.0版本 单机三节点docker 容器,方便在本地开发环境部署
docker-compose部署ElasticSearch集群
zhangyuanshuai的博客
06-22 821
Elasticsearch Compose 配置文件 创建一个 docker-compose.yml 内容如下: version: '2.2' services: es01: image: docker.elastic.co/elasticsearch/elasticsearch:7.10.1 container_name: es01 environment: - node.name=es01 - cluster.name=es-docker-cluste
使用DockerCompose搭建部署ElasticSearch
keketrtr的专栏
02-04 2085
说明 由于我本机配置较低,无法开启多台虚拟机,ES集群需要用到不同的ip,故而只搭建单机,不做集群。 一、目录准备 mkdir /docker/es mkdir /docker/es/data mkdir /docker/es/config mkdir /docker/es/plugins 二、es配置准备 cd /docker/es vi elasticsearch.yml 使用以下配置: # 集群名称 cluster.name: elasticsearch-cluster #
Dockerdocker-compose一键部署 Elasticsearch Logstash Kibana
oschina_41731918的博客
02-24 2878
docker结合docker-compose一键部署elk
CentOS 7 部署 Elasticsearch7.4 集群并进行安全认证.docx
08-10
CentOS 7 部署 Elasticsearch7.4 集群并进行安全认证.docx
docker安装Elasticsearch7.6集群设置密码
01-09
Elasticsearch从6.8开始, 允许免费用户使用X-Pack的安全功能, 以前安装es都是裸奔。接下来记录配置安全认证的方法。 为了简化物理安装过程,我们将使用docker安装我们的服务。 一些基础配置 es需要修改linux的一些参数。 设置vm.max_map_count=262144 sudo vim /etc/sysctl.conf vm.max_map_count=262144 不重启, 直接生效当前的命令 sysctl -w vm.max_map_count=262144 es的data和logs目录需要给1000的用户授权, 我们假设安装3个实力的es集群,先创建对
Elasticsearch6.7.0 3nodes 集群+Kibana docker环境
04-11
docker-compose.yml 的Elasticsearch6.7.0 3节点的集群环境,包括analysis-ik。 使用方法: 启动: cd Elasticsearch/compose docker-compose up -d 停止: docker-compose down
centos7使用docker-compose安装es(包括IK分词器扩展)+kibana
04-13
环境centos7.7_x86_64 1、虚拟机内存要稍大些至少2G 2、es需要修改linux宿主机的一些参数 设置vm.max_map_count=262144 vim /etc/sysctl.conf vm.max_map_count=262144 不重启, 直接生效当前的命令 ...
Docker-compose部署ELK的示例代码
01-20
环境 主机IP 192.168.0.9 Docker version 19.03.2 docker-compose version 1.24.0-rc1 elasticsearch version 6.6.1 kibana version 6.6.1 logstash version 6.6.1 一、ELK-dockerfile文件编写及配置文件 ● ...
PIP安装docker-compose超时问题解决方案
01-09
pip install docker-compose 异常信息 socket.timeout: The read operation timed out During handling of the above exception, another exception occurred: Traceback (most recent call last): File “/usr/...
通过es.sh脚本+docker-compos一键部署7.9.3版本的elk日志监控系统
最新发布
04-30
部署系统:centos,已部署dockerdocker-compose服务 其他常用命令: docker-compose stop:停止所有服务。 docker-compose start:启动所有服务。 docker-compose restart:重启所有服务。 docker-compose down:...
分布式链路追踪工具SkyWalking集成Elasticsearch(基于Docker)
01-20
前言 目前主要的一些 APM 工具有: Cat、...1、基于 Docker 安装 ElasticSearch DockerDocker-Compose安装 Centos7(Ubuntu18.04)安装Docker 创建目录 mkdir -p /usr/local/docker/skywalking docker-compose.yml v
centos安装部署dockerdocker-compose
05-05
安装 Docker: 1. 首先卸载旧版本的 Docker(如果已经安装了旧版本): ``` sudo yum remove docker \ docker-client \ docker-client-latest \ docker-common \ docker-latest \ docker-latest-logrotate \ docker-logrotate \ docker-engine ``` 2. 安装 Docker 的依赖包: ``` sudo yum install -y yum-utils device-mapper-persistent-data lvm2 ``` 3. 添加 Docker 的官方 GPG 密钥: ``` sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo sudo rpm --import https://download.docker.com/linux/centos/gpg ``` 4. 安装 Docker CE: ``` sudo yum install docker-ce docker-ce-cli containerd.io ``` 5. 启动 Docker: ``` sudo systemctl start docker ``` 6. 验证 Docker 是否安装成功: ``` sudo docker run hello-world ``` 安装 Docker Compose: 1. 下载 Docker Compose 的二进制文件: ``` sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose ``` 这里下载的是版本号为 1.29.2 的 Docker Compose,你可以根据需要修改版本号。 2. 添加执行权限: ``` sudo chmod +x /usr/local/bin/docker-compose ``` 3. 验证 Docker Compose 是否安装成功: ``` docker-compose --version ``` 如果安装成功,会输出 Docker Compose 的版本号。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值