es集群搭建 docker方式
参考连接:
matser 搭建脚本
映射数据目录需要给外边文件夹777权限 docker内容数据文件地址:/usr/share/elasticsearch/data/
matser.sh
docker run -d --name es-master \ -p 11200:11200 \ -p 11300:11300 \ -v /root/build_es/master.yml:/usr/share/elasticsearch/config/elasticsearch.yml \ -v /etc/localtime:/etc/localtime \ elasticsearch:7.5.2
/root/build_es/master.yml 文件内容
cluster.name: guangda-elasticsearch1 network.host: 0.0.0.0 node.name: es-node-1 network.bind_host: 0.0.0.0 network.publish_host: 192.168.48.38 http.port: 11200 transport.tcp.port: 11300 http.cors.enabled: true http.cors.allow-origin: "*" # master 节点配置 node.master: true node.data: true # 设置master节点,用户认证需要配置识别master cluster.initial_master_nodes: ["es-node-1"] discovery.zen.ping.unicast.hosts: ["192.168.48.38:11300","192.168.48.38:12300","192.168.48.38:13300"] discovery.zen.minimum_master_nodes: 1 indices.query.bool.max_clause_count: 10240 #开启安全认证 #xpack.security.enabled: true #xpack.security.transport.ssl.enabled: true ##节点数分片最大数限制 #cluster.max_shards_per_node: 100000 ##集群证书配置 #xpack.license.self_generated.type: basic #xpack.security.transport.ssl.verification_mode: certificate #xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 #xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
slave1
slave1.sh
docker run -d --name es-slave1 \ -p 12200:12200 \ -p 12300:12300 \ -v /root/build_es/slave1.yml:/usr/share/elasticsearch/config/elasticsearch.yml \ -v /etc/localtime:/etc/localtime \ elasticsearch:7.5.2
/root/build_es/slave1.yml 文件内容
cluster.name: guangda-elasticsearch1 network.host: 0.0.0.0 node.name: es-node-2 network.bind_host: 0.0.0.0 network.publish_host: 192.168.48.38 http.port: 12200 transport.tcp.port: 12300 http.cors.enabled: true http.cors.allow-origin: "*" #master 节点配置 node.master: false node.data: true discovery.zen.ping.unicast.hosts: ["192.168.48.38:11300","192.168.48.38:12300","192.168.48.38:13300"] discovery.zen.minimum_master_nodes: 1 indices.query.bool.max_clause_count: 10240 #开启安全认证 #xpack.security.enabled: true #xpack.security.transport.ssl.enabled: true ##节点数分片最大数限制 #cluster.max_shards_per_node: 100000 ##集群证书配置 #xpack.license.self_generated.type: basic #xpack.security.transport.ssl.verification_mode: certificate #xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 #xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
slave2
slave2.sh
docker run -d --name es-slave2 \ -p 13200:13200 \ -p 13300:13300 \ -v /root/build_es/slave2.yml:/usr/share/elasticsearch/config/elasticsearch.yml \ -v /etc/localtime:/etc/localtime \ elasticsearch:7.5.2
/root/build_es/slave2.yml 文件内容
cluster.name: guangda-elasticsearch1 network.host: 0.0.0.0 node.name: es-node-3 network.bind_host: 0.0.0.0 network.publish_host: 192.168.48.38 http.port: 13200 transport.tcp.port: 13300 http.cors.enabled: true http.cors.allow-origin: "*" #master 节点配置 node.master: false node.data: true discovery.zen.ping.unicast.hosts: ["192.168.48.38:11300","192.168.48.38:12300","192.168.48.38:13300"] discovery.zen.minimum_master_nodes: 1 indices.query.bool.max_clause_count: 10240 #开启安全认证 #xpack.security.enabled: true #xpack.security.transport.ssl.enabled: true ##节点数分片最大数限制 #cluster.max_shards_per_node: 100000 ##集群证书配置 #xpack.license.self_generated.type: basic #xpack.security.transport.ssl.verification_mode: certificate #xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 #xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
开启认证
/root/build_es/elastic-certificates.p12 文件是证书文件可以在容器中生成
一般在master中生成,其他节点复制过去使用
在容器的es目录中执行
bin/elasticsearch-certutil ca -out config/elastic-certificates.p12 -pass ""
会在config 中生成文件elastic-certificates.p12
将elastic-certificates.p12 copy到容器外。
然后将该证书分分发到其他节点
修改配置文件开启认证
#开启安全认证 xpack.security.enabled: true xpack.security.transport.ssl.enabled: true ##节点数分片最大数限制 #cluster.max_shards_per_node: 100000 ##集群证书配置 xpack.license.self_generated.type: basic xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
设置账号密码
进入容器
在es目录执行命令
bin/elasticsearch-setup-passwords interactive
执行设置用户名和密码的命令,这里需要为4个用户分别设置密码,elastic, kibana, logstash_system,beats_system
直接启动脚本添加如下-v文件映射,启动脚本后修改该证书的归属用户,在es的config文件夹下执行命令:chown -R elasticsearch elastic-certificates.p12
-v /root/build_es/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12 \
然后在修改配置文件,开启认证。重启容器,然后设置密码即可开启认证。
docker-compose方式搭建
version: 3 services: es01: image: docker.elastic.co/elasticsearch/elasticsearch:7.10.1 container_name: es01 environment: # 节点名称 - node.name=es01 # 集群名称 - cluster.name=my-application #指定主机名称 - discovery.seed_hosts=es02,es03 # 从哪里选举主节点 - cluster.initial_master_nodes=es01,es02,es03 # 是否锁住内存,避免交换(swapped)带来的性能损失 - bootstrap.memory_lock=true - "ES_JAVA_OPTS=-Xms512m -Xmx512m" ulimits: memlock: soft: -1 hard: -1 volumes: - ./es01/data:/usr/share/elasticsearch/data ports: - 9200:9200 - 9300:9300 networks: - elastic es02: image: docker.elastic.co/elasticsearch/elasticsearch:7.10.1 container_name: es02 environment: - node.name=es02 - cluster.name=my-application - discovery.seed_hosts=es01,es03 - cluster.initial_master_nodes=es01,es02,es03 - bootstrap.memory_lock=true - "ES_JAVA_OPTS=-Xms512m -Xmx512m" ulimits: memlock: soft: -1 hard: -1 volumes: - ./es02/data:/usr/share/elasticsearch/data networks: - elastic es03: image: docker.elastic.co/elasticsearch/elasticsearch:7.10.1 container_name: es03 environment: - node.name=es03 - cluster.name=my-application - discovery.seed_hosts=es01,es02 - cluster.initial_master_nodes=es01,es02,es03 - bootstrap.memory_lock=true - "ES_JAVA_OPTS=-Xms512m -Xmx512m" ulimits: memlock: soft: -1 hard: -1 volumes: - ./es03/data:/usr/share/elasticsearch/data networks: - elastic kib01: image: docker.elastic.co/kibana/kibana:7.10.1 container_name: kib01 ports: - 5601:5601 environment: ELASTICSEARCH_URL: http://es01:9200 ELASTICSEARCH_HOSTS: '["http://es01:9200","http://es02:9200","http://es03:9200"]' networks: - elastic volumes: data01: driver: local data02: driver: local data03: driver: local networks: elastic: driver: bridge
修改密码
curl -H "Content-Type:application/json" -XPOST -u elastic 'http://127.0.0.1:9200/_xpack/security/user/elastic/_password' -d '{ "password" : "123456" }'