Docker部署Elasticsearch8集群

2024-08-07  本文已影响0人  轻轻敲醒沉睡的心灵

这里我在虚拟机里面安装的,Ubuntu22.04,4核8G内存,要安装Elasticsearch集群+Kibana可视化工具。Elasticsearch的部署官网都是给了教程的。我们可以直接参考。

1. 修改系统内核文件

# 1. 修改
vim /etc/sysctl.conf
# 在最后添加如下内容
vm.max_map_count=262144
# 2. 使改动生效
sysctl -p

2. 配置文件

官网给了 2个。注意这2个配置文件要在同一目录下。
.envdocker-compose.yml

2.1 env
# Password for the 'elastic' user (at least 6 characters)
ELASTIC_PASSWORD=123456

# Password for the 'kibana_system' user (at least 6 characters)
KIBANA_PASSWORD=123abc

# Version of Elastic products
STACK_VERSION=8.14.3

# Set the cluster name
CLUSTER_NAME=docker-cluster

# Set to 'basic' or 'trial' to automatically start the 30-day trial
LICENSE=basic
#LICENSE=trial

# Port to expose Elasticsearch HTTP API to the host
ES_PORT=9200
#ES_PORT=127.0.0.1:9200

# Port to expose Kibana to the host
KIBANA_PORT=5601
#KIBANA_PORT=80

# Increase or decrease based on the available host memory (in bytes)
MEM_LIMIT=1073741824

# Project namespace (defaults to the current folder name if not set)
#COMPOSE_PROJECT_NAME=myproject
2.2 docker-compose.yml

这个文件建了5个service,因为elasticsearch要求要证书什么的,第一个是为了生成统一证书,好像还在修改了es01中kibana_system账号的密码,以后就没用了;2、3、4都是elasticsearch服务,都是用的同一个证书;最后是kibana服务。
映射目录稍作了改动,加了网络和ip(注意它生成证书的时候指定了ip,那里也要改成指定的IP),其他基本和官网一样。

#version: '3.8'
services:
  es-certs:
    env_file:
      - .env
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    container_name: es-certs
    privileged: true
    volumes:
      - /opt/soft/elasticsearch/config/certs:/usr/share/elasticsearch/config/certs
    user: "0"
    command: >
      bash -c '
        if [ x${ELASTIC_PASSWORD} == x ]; then
          echo "Set the ELASTIC_PASSWORD environment variable in the .env file";
          exit 1;
        elif [ x${KIBANA_PASSWORD} == x ]; then
          echo "Set the KIBANA_PASSWORD environment variable in the .env file";
          exit 1;
        fi;
        if [ ! -f config/certs/ca.zip ]; then
          echo "Creating CA";
          bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
          unzip config/certs/ca.zip -d config/certs;
        fi;
        if [ ! -f config/certs/certs.zip ]; then
          echo "Creating certs";
          echo -ne \
          "instances:\n"\
          "  - name: es01\n"\
          "    dns:\n"\
          "      - es01\n"\
          "      - localhost\n"\
          "    ip:\n"\
          "      - 172.18.0.11\n"\
          "  - name: es02\n"\
          "    dns:\n"\
          "      - es02\n"\
          "      - localhost\n"\
          "    ip:\n"\
          "      - 172.18.0.12\n"\
          "  - name: es03\n"\
          "    dns:\n"\
          "      - es03\n"\
          "      - localhost\n"\
          "    ip:\n"\
          "      - 172.18.0.13\n"\
          > config/certs/instances.yml;
          bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
          unzip config/certs/certs.zip -d config/certs;
        fi;
        echo "Setting file permissions"
        chown -R root:root config/certs;
        find . -type d -exec chmod 750 \{\} \;;
        find . -type f -exec chmod 640 \{\} \;;
        echo "Waiting for Elasticsearch availability";
        until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
        echo "Setting kibana_system password";
        until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;
        echo "All done!";
      '
    healthcheck:
      test: [ "CMD-SHELL", "[ -f config/certs/es01/es01.crt ]" ]
      interval: 1s
      timeout: 5s
      retries: 120
    networks:
      elastic:
        ipv4_address: 172.18.0.10
    
  es01:
    env_file:
      - .env
    depends_on:
      es-certs:
        condition: service_healthy
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    container_name: es01
    hostname: es01
    restart: always
    privileged: true
    volumes:
      - /opt/soft/elasticsearch/config/certs:/usr/share/elasticsearch/config/certs
      - '/opt/soft/elasticsearch/es01/plugins:/usr/share/elasticsearch/plugins'
      - '/opt/soft/elasticsearch/es01/data:/usr/share/elasticsearch/data'
      - '/opt/soft/elasticsearch/es01/logs:/usr/share/elasticsearch/logs'
    ports:
      - ${ES_PORT}:9200
    environment:
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - "TZ=Asia/Shanghai"
      - "http.host=0.0.0.0"
      - node.name=es01
      - cluster.name=${CLUSTER_NAME}
      # 选举主节点master资格的节点
      - cluster.initial_master_nodes=es01,es02,es03
      - discovery.seed_hosts=es02,es03
      - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
      - bootstrap.memory_lock=true
      # 默认为true,表示启用 Elasticsearch 安全功能
      - xpack.security.enabled=true
      # 用于在 Elasticsearch 用于与其他客户端通信的 HTTP 网络层上启用或禁用 TLS/SSL。默认值为false:
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=certs/es01/es01.key
      - xpack.security.http.ssl.certificate=certs/es01/es01.crt
      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      # 用于在传输网络层上启用或禁用 TLS/SSL,节点间相互通信。默认值为false
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.key=certs/es01/es01.key
      - xpack.security.transport.ssl.certificate=certs/es01/es01.crt
      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
    deploy:
      resources:
        limits:
          memory: ${MEM_LIMIT}
    # 句柄数配置
    ulimits:
      memlock:
        soft: -1
        hard: -1
      #nofile:
       # soft: 65536
        #hard: 65536
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120
    networks:
      elastic:
        ipv4_address: 172.18.0.11

  es02:
    env_file:
      - .env
    depends_on:
      - es01
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    privileged: true
    container_name: es02
    hostname: es02
    restart: always
    volumes:
      - /opt/soft/elasticsearch/config/certs:/usr/share/elasticsearch/config/certs
      - '/opt/soft/elasticsearch/es02/plugins:/usr/share/elasticsearch/plugins'
      - '/opt/soft/elasticsearch/es02/data:/usr/share/elasticsearch/data'
      - '/opt/soft/elasticsearch/es02/logs:/usr/share/elasticsearch/logs'
    environment:
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - "TZ=Asia/Shanghai"
      - node.name=es02
      - cluster.name=${CLUSTER_NAME}
      - cluster.initial_master_nodes=es01,es02,es03
      - discovery.seed_hosts=es01,es03
      - bootstrap.memory_lock=true
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=certs/es02/es02.key
      - xpack.security.http.ssl.certificate=certs/es02/es02.crt
      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.key=certs/es02/es02.key
      - xpack.security.transport.ssl.certificate=certs/es02/es02.crt
      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
    deploy:
      resources:
        limits:
          memory: ${MEM_LIMIT}
    # 句柄数配置
    ulimits:
      memlock:
        soft: -1
        hard: -1
     # nofile:
      #  soft: 65536
       # hard: 65536
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120
    networks:
      elastic:
        ipv4_address: 172.18.0.12
  
  es03:
    env_file:
      - .env
    depends_on:
      - es02
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    container_name: es03
    hostname: es03
    restart: always
    privileged: true
    volumes:
      - /opt/soft/elasticsearch/config/certs:/usr/share/elasticsearch/config/certs
      - '/opt/soft/elasticsearch/es03/plugins:/usr/share/elasticsearch/plugins'
      - '/opt/soft/elasticsearch/es03/data:/usr/share/elasticsearch/data'
      - '/opt/soft/elasticsearch/es03/logs:/usr/share/elasticsearch/logs'
    environment:
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - "TZ=Asia/Shanghai"
      - node.name=es03
      - cluster.name=${CLUSTER_NAME}
      - cluster.initial_master_nodes=es01,es02,es03
      - discovery.seed_hosts=es01,es02
      - bootstrap.memory_lock=true
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=certs/es03/es03.key
      - xpack.security.http.ssl.certificate=certs/es03/es03.crt
      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.key=certs/es03/es03.key
      - xpack.security.transport.ssl.certificate=certs/es03/es03.crt
      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
    deploy:
      resources:
        limits:
          memory: ${MEM_LIMIT}
    # 句柄数配置
    ulimits:
      memlock:
        soft: -1
        hard: -1
      #nofile:
       # soft: 65536
       # hard: 65536
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120
    networks:
      elastic:
        ipv4_address: 172.18.0.13
      
  kibana:
    env_file:
      - .env
    depends_on:
      es01:
        condition: service_healthy
      es02:
        condition: service_healthy
      es03:
        condition: service_healthy
    image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
    container_name: kibana
    hostname: kibana
    restart: always
    privileged: true
    volumes:
      - /opt/soft/elasticsearch/config/certs:/usr/share/kibana/config/certs
      - /opt/soft/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml
      - '/opt/soft/kibana/data:/usr/share/kibana/data'
    ports:
      - ${KIBANA_PORT}:5601
    environment:
      - SERVERNAME=kibana
      - ELASTICSEARCH_HOSTS=https://es01:9200
      - ELASTICSEARCH_USERNAME=kibana_system
      - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
      - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
    deploy:
      resources:
        limits:
          memory: ${MEM_LIMIT}
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120
    networks:
      elastic:
        ipv4_address: 172.18.0.14

# 自定义网络 elastic
networks:
  elastic:
    # 启动时不自动创建,需要提前手动创建 docker network create -d bridge elastic
    external: true
    driver: bridge

# https://www.w3cschool.cn/doc_docker_1_11/docker_1_11-engine-reference-commandline-volume_create-index.html
# 创建的 volume 将存储到 /var/lib/docker/volumes/ 路径下
#volumes:
  # CA 证书 挂载
#  certs:
#    driver: local

3. 运行compose文件

注意:

  1. 由于在国内,用到的镜像自己提前想办法下载下来,不然构建不成功的
  2. 文件中映射的目录和文件要提前创建好,并给予读写权限
  3. 上面用到了kibana.yml配置文件,主要来设置中文的,原来写在 environment底下了,但是没生效。

kibana.yml

server.host: "0.0.0.0"
server.shutdownTimeout: "5s"
# 连接es集群配置多个地址,单机一个地址
elasticsearch.hosts: ["http://10.10.1.31:9200"]
#elasticsearch.username: "test"
#elasticsearch.password: "zrb123"
# 设置kibana中文
i18n.locale: "zh-CN"
3.1 运行命令
# 1. 检查文件格式有没有问题
docker compose -f docker-compose-elastic.yml config -q
# 2. 运行
docker compose -f docker-compose-elastic.yml up -d
elastic.png 容器

可以看出es还是挺占内存的。

3.2 查看

先看看elasticsearch:https://10.10.1.31:9200,账号 elastic,密码就是配置文件中设置的。

elasticsearch
再看看kibana:http://10.10.1.31:5601,账号密码 都用 上面elasticsearch的。
kibana

4. 补充

其实,如果只是一主2从节点的话,官网的这个后期并不一定好维护,好多东西都写在了compose文件中,不好找了。

我们先来看一下它自带的账号有哪些:

自带账号
可以看到有好几个,连接kibana和logstash的都有。其中elastic应该是管理员账号,密码是自己写在配置文件中的。上面第一个服务中 也给了通过接口修改其他账号密码的命令,可以参考。

添加账号:

# 添加test用户
./elasticsearch-users useradd test
# 授予超级管理员角色
./elasticsearch-users roles -a superuser test 
# 授予kibana的用户角色
./elasticsearch-users roles -a kibana_system test
添加账号
上一篇下一篇

猜你喜欢

热点阅读