当前位置:首页 > 数据库 > es > 正文内容

es集群搭建 docker方式

root2个月前 (07-26)es101

参考连接:

开启认证

集群搭建并开启认证

docker-compose方式搭建集群

遇见问题的并解决




matser 搭建脚本

映射数据目录需要给外边文件夹777权限 docker内容数据文件地址:/usr/share/elasticsearch/data/

matser.sh

docker run -d --name es-master \
-p 11200:11200 \
-p 11300:11300 \
-v /root/build_es/master.yml:/usr/share/elasticsearch/config/elasticsearch.yml  \
-v /etc/localtime:/etc/localtime \
elasticsearch:7.5.2

/root/build_es/master.yml 文件内容

cluster.name: guangda-elasticsearch1
network.host: 0.0.0.0
node.name: es-node-1
network.bind_host: 0.0.0.0
network.publish_host: 192.168.48.38
http.port: 11200
transport.tcp.port: 11300
http.cors.enabled: true
http.cors.allow-origin: "*"
# master 节点配置
node.master: true
node.data: true
# 设置master节点,用户认证需要配置识别master
cluster.initial_master_nodes: ["es-node-1"]
discovery.zen.ping.unicast.hosts: ["192.168.48.38:11300","192.168.48.38:12300","192.168.48.38:13300"]
discovery.zen.minimum_master_nodes: 1
indices.query.bool.max_clause_count: 10240
#开启安全认证
#xpack.security.enabled: true
#xpack.security.transport.ssl.enabled: true
##节点数分片最大数限制
#cluster.max_shards_per_node: 100000
##集群证书配置
#xpack.license.self_generated.type: basic
#xpack.security.transport.ssl.verification_mode: certificate
#xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
#xpack.security.transport.ssl.truststore.path: elastic-certificates.p12


slave1

slave1.sh

docker run -d --name es-slave1 \
-p 12200:12200 \
-p 12300:12300 \
-v /root/build_es/slave1.yml:/usr/share/elasticsearch/config/elasticsearch.yml  \
-v /etc/localtime:/etc/localtime \
elasticsearch:7.5.2

/root/build_es/slave1.yml 文件内容

cluster.name: guangda-elasticsearch1
network.host: 0.0.0.0
node.name: es-node-2
network.bind_host: 0.0.0.0
network.publish_host: 192.168.48.38
http.port: 12200
transport.tcp.port: 12300
http.cors.enabled: true
http.cors.allow-origin: "*"
#master 节点配置
node.master: false
node.data: true
discovery.zen.ping.unicast.hosts: ["192.168.48.38:11300","192.168.48.38:12300","192.168.48.38:13300"]
discovery.zen.minimum_master_nodes: 1
indices.query.bool.max_clause_count: 10240
#开启安全认证
#xpack.security.enabled: true
#xpack.security.transport.ssl.enabled: true
##节点数分片最大数限制
#cluster.max_shards_per_node: 100000
##集群证书配置
#xpack.license.self_generated.type: basic
#xpack.security.transport.ssl.verification_mode: certificate
#xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
#xpack.security.transport.ssl.truststore.path: elastic-certificates.p12


slave2

slave2.sh

docker run -d --name es-slave2 \
-p 13200:13200 \
-p 13300:13300 \
-v /root/build_es/slave2.yml:/usr/share/elasticsearch/config/elasticsearch.yml  \
-v /etc/localtime:/etc/localtime \
elasticsearch:7.5.2

/root/build_es/slave2.yml 文件内容

cluster.name: guangda-elasticsearch1
network.host: 0.0.0.0
node.name: es-node-3
network.bind_host: 0.0.0.0
network.publish_host: 192.168.48.38
http.port: 13200
transport.tcp.port: 13300
http.cors.enabled: true
http.cors.allow-origin: "*"
#master 节点配置
node.master: false
node.data: true
discovery.zen.ping.unicast.hosts: ["192.168.48.38:11300","192.168.48.38:12300","192.168.48.38:13300"]
discovery.zen.minimum_master_nodes: 1
indices.query.bool.max_clause_count: 10240
#开启安全认证
#xpack.security.enabled: true
#xpack.security.transport.ssl.enabled: true
##节点数分片最大数限制
#cluster.max_shards_per_node: 100000
##集群证书配置
#xpack.license.self_generated.type: basic
#xpack.security.transport.ssl.verification_mode: certificate
#xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
#xpack.security.transport.ssl.truststore.path: elastic-certificates.p12


开启认证

/root/build_es/elastic-certificates.p12 文件是证书文件可以在容器中生成

一般在master中生成,其他节点复制过去使用

在容器的es目录中执行

bin/elasticsearch-certutil ca -out config/elastic-certificates.p12 -pass ""

会在config 中生成文件elastic-certificates.p12

将elastic-certificates.p12 copy到容器外。

然后将该证书分分发到其他节点

修改配置文件开启认证

#开启安全认证
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
##节点数分片最大数限制
#cluster.max_shards_per_node: 100000
##集群证书配置
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

设置账号密码

进入容器

在es目录执行命令

bin/elasticsearch-setup-passwords interactive

执行设置用户名和密码的命令,这里需要为4个用户分别设置密码,elastic, kibana, logstash_system,beats_system



直接启动脚本添加如下-v文件映射,启动脚本后修改该证书的归属用户,在es的config文件夹下执行命令:chown -R elasticsearch elastic-certificates.p12

-v /root/build_es/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12 \

然后在修改配置文件,开启认证。重启容器,然后设置密码即可开启认证。


docker-compose方式搭建

version: 3
services:
  es01:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.10.1
    container_name: es01
    environment:
      # 节点名称
      - node.name=es01
      # 集群名称
      - cluster.name=my-application
      #指定主机名称
      - discovery.seed_hosts=es02,es03
      # 从哪里选举主节点
      - cluster.initial_master_nodes=es01,es02,es03
      # 是否锁住内存,避免交换(swapped)带来的性能损失
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ./es01/data:/usr/share/elasticsearch/data
    ports:
      - 9200:9200
      - 9300:9300
    networks:
      - elastic
 
  es02:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.10.1
    container_name: es02
    environment:
      - node.name=es02
      - cluster.name=my-application
      - discovery.seed_hosts=es01,es03
      - cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ./es02/data:/usr/share/elasticsearch/data
    networks:
      - elastic
 
  es03:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.10.1
    container_name: es03
    environment:
      - node.name=es03
      - cluster.name=my-application
      - discovery.seed_hosts=es01,es02
      - cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ./es03/data:/usr/share/elasticsearch/data
    networks:
      - elastic
 
  kib01:
    image: docker.elastic.co/kibana/kibana:7.10.1
    container_name: kib01
    ports:
      - 5601:5601
    environment:
      ELASTICSEARCH_URL: http://es01:9200
      ELASTICSEARCH_HOSTS: '["http://es01:9200","http://es02:9200","http://es03:9200"]'
    networks:
      - elastic
 
volumes:
  data01:
    driver: local
  data02:
    driver: local
  data03:
    driver: local
 
networks:
  elastic:
    driver: bridge



修改密码

curl -H "Content-Type:application/json" -XPOST -u elastic 'http://127.0.0.1:9200/_xpack/security/user/elastic/_password' -d '{ "password" : "123456" }'

扫描二维码推送至手机访问。

版权声明:本文由一叶知秋发布,如需转载请注明出处。

本文链接:https://zhiqiu.top/?id=239

分享给朋友:
返回列表

上一篇:python 操作es

没有最新的文章了...

相关文章

python 操作es

pip install elasticsearch连接建立from elasticsearch import Elasticsearch es = Elastics...