es版本:8.5.0
kibana版本:8.5.0
docker:新版就可以(必须支持docker compose)
背景:在学习es 的时候使用docker在linux服务器上部署es(本来想要把es和kibana都部署在服务器上,但是由于服务器性能限制,所以只能将kibana放在了自己电脑上,土豪可以忽略)
分几步
1.首先创建一个docker的网络,我这里创建的是“cloud”
- docker network create cloud
2.创建文件夹
在默认目录创建一个docker文件夹,进去
- mkdir docker
- cd docker
3.创建docker compose文件
- touch docker-compose.yml
先把docker compose文件贴一下
注!!!:如果是土豪,服务器够牛逼,直接把下面的粘过去运行就行了,最后把setup的容器删掉。
es:
version: "2"
services:
setup:
image: elasticsearch:8.5.0
volumes:
- $PWD/elasticsearch/certs:/usr/share/elasticsearch/config/certs
user: "0"
command: >
bash -c '
if [ xqwerasdf == x ]; then
echo "Set the ELASTIC_PASSWORD environment variable in the .env file";
exit 1;
elif [ xqwerasdf == x ]; then
echo "Set the KIBANA_PASSWORD environment variable in the .env file";
exit 1;
fi;
if [ ! -f config/certs/ca.zip ]; then
echo "Creating CA";
bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
unzip config/certs/ca.zip -d config/certs;
fi;
if [ ! -f config/certs/certs.zip ]; then
echo "Creating certs";
echo -ne \
"instances:\n"\
" - name: elasticsearch\n"\
" dns:\n"\
" - elasticsearch\n"\
" - localhost\n"\
" ip:\n"\
" - "es的部署地址"\n"\
> config/certs/instances.yml;
bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
unzip config/certs/certs.zip -d config/certs;
fi;
echo "Setting file permissions"
chown -R root:root config/certs;
find . -type d -exec chmod 750 \{\} \;;
find . -type f -exec chmod 640 \{\} \;;
echo "Waiting for Elasticsearch availability";
until curl -s --cacert config/certs/ca/ca.crt https://elasticsearch:9200 | grep -q "missing authentication credentials"; do sleep 5; done;
echo "Setting kibana_system password";
until curl -s -X POST --cacert config/certs/ca/ca.crt -u elastic:qwerasdf -H "Content-Type: application/json" https://elasticsearch:9200/_security/user/kibana_system/_password -d "{\"password\":\"qwerasdf\"}" | grep -q "^{}"; do sleep 10; done;
echo "All done!";
'
healthcheck:
test: ["CMD-SHELL", "[ -f config/certs/elasticsearch/elasticsearch.crt ]"]
interval: 1s
timeout: 5s
retries: 120
networks:
- cloud
elasticsearch:
image: elasticsearch:8.5.0
container_name: elasticsearch
environment:
- node.name=elasticsearch
- discovery.type=single-node
- ELASTIC_PASSWORD=qwerasdf
- bootstrap.memory_lock=true
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=certs/elasticsearch/elasticsearch.key
- xpack.security.http.ssl.certificate=certs/elasticsearch/elasticsearch.crt
- xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.http.ssl.verification_mode=certificate
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.key=certs/elasticsearch/elasticsearch.key
- xpack.security.transport.ssl.certificate=certs/elasticsearch/elasticsearch.crt
- xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.license.self_generated.type=basic
ports:
- "9200:9200"
- "9300:9300"
volumes:
- $PWD/elasticsearch/data:/usr/share/elasticsearch/data
- $PWD/elasticsearch/certs:/usr/share/elasticsearch/config/certs
mem_limit: 1g
healthcheck:
test:
[
"CMD-SHELL",
"curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
]
interval: 10s
timeout: 10s
retries: 120
networks:
- cloud
kibana:
depends_on:
elasticsearch:
condition: service_healthy
image: kibana:8.5.0
container_name: kibana
environment:
- SERVERNAME=kibana
- ELASTICSEARCH_HOSTS=https://elasticsearch:9200
- ELASTICSEARCH_USERNAME=kibana_system
- ELASTICSEARCH_PASSWORD=qwerasdf
- ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
ports:
- "5601:5601"
volumes:
- $PWD/elasticsearch/certs:/usr/share/kibana/config/certs
- $PWD/elasticsearch/kibanadata:/usr/share/kibana/data
mem_limit: 512m
healthcheck:
test:
[
"CMD-SHELL",
"curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
]
interval: 10s
timeout: 10s
retries: 120
networks:
- cloud
networks:
cloud:
external: true
4.将文件粘贴好,直接运行
- docker compose uo -d
注:这里可能会遇到一些文件权限问题,需要手动将自动生成的文件夹授权然后重新启动(土豪玩家现在应该已经可以开始跑了)
结束之后可以把kinaba和setup两个容器删掉,没啥用了
5 等全部运行结束我们会发现一共有三个容器,一个es,一个kinaba,一个setup,setup的作用实际上只是用来生成http证书,并且修改es的账户密码等等的,等一会之后有几个目录自动生成
elasticsearch:
这时候直接把certs粘贴到本地,路径的话和服务器上差不多,文件路径和服务器上差不多,这个文件夹里面存储的都是一些证书的文件
6 本地启动kinaba
同样新建一个docker文件夹然后写docker-compose.yml文件。
本地docker-compose.yml文件:
version: "2" #docker compose的版本与自己电脑保持一致
services:
kibana:
image: kibana:8.5.0
privileged: true
container_name: kibana
environment:
- SERVERNAME=kibana
- ELASTICSEARCH_HOSTS=https://es的ip地址:9200
- ELASTICSEARCH_USERNAME=kibana_system
- ELASTICSEARCH_PASSWORD=qwerasdf
- ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
ports:
- "5601:5601"
volumes:
- $PWD/elasticsearch/certs:/usr/share/kibana/config/certs
- $PWD/elasticsearch/kibanadata:/usr/share/kibana/data
networks:
- cloud
networks:
cloud:
external: true
然后直接运行就ok