可乐去冰
文章 标签 分类 关于
可乐去冰

目录

docker应用-容器化部署elasticsearch7.x集群

 收录于 杂谈
   约 947 字   预计阅读 2 分钟 

Docker composer 容器化部署 elasticsearch 7.x 集群.

动机

网上找的 es 部署方式大多数都是复制粘贴的,而且都是单节点部署,就算有多节点也是很傻屌,都是部署到同一个机器上的,没有意义,查了一些资料后整理了一下,方便后续部署用。关于 ssl 认证那一块,理论上 8.x 版本也可以这样用。

部署步骤

所有节点上创建目录

mkdir -p /data/servers/elasticsearch/{certs,data,config,logs,plugins}

注意:第一次启动的时候,xpack.security 这一块内容不要配置,因为我们还没配置证书,所以应该是会报错的,等我们启动完,集群组建完了再生成证书,生成后再配置上去。

es01

es01 docker-compose.yml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

name: 'elasticsearch'
services:
  elasticsearch:
    deploy:
      resources:
        limits:
          memory: 6144M
    restart: always
    image: elasticsearch:7.17.24
    network_mode: "host"
    container_name: es01
    ulimits:
      nproc: 65535
      nofile:
        soft: 65535
        hard: 65535
      memlock:
        soft: -1
        hard: -1
    environment:
      - TZ=Asia/Shanghai
      - ES_JAVA_OPTS=-Xms4096m -Xmx4096m
    volumes:
      - ./data:/usr/share/elasticsearch/data
      - ./plugins:/usr/share/elasticsearch/plugins
      - ./logs:/usr/share/elasticsearch/logs
      - ./config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
      - ./certs:/usr/share/elasticsearch/config/certs

es01 elasticsearch.yml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

cluster.name: logs-es
node.name: es01
node.master: true
node.data: true
#path.data: /usr/share/elasticsearch/data
#path.logs: /usr/share/elasticsearch/logs
bootstrap.memory_lock: true
network.host: 192.168.2.238
http.port: 9200
transport.tcp.port: 9300
discovery.zen.minimum_master_nodes: 1
discovery.seed_hosts: ["192.168.2.238:9300", "192.168.2.239:9300","192.168.2.240:9300"]
discovery.zen.fd.ping_timeout: 1m
discovery.zen.fd.ping_retries: 5
cluster.initial_master_nodes: ["192.168.2.238:9300", "192.168.2.239:9300","192.168.2.240:9300"]
http.cors.enabled: true
http.cors.allow-origin: "*"

xpack.security.transport.ssl.enabled: true
xpack.security.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12

es02

es02 docker-compose.yml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

name: 'elasticsearch'
services:
  elasticsearch:
    deploy:
      resources:
        limits:
          memory: 6144M
    restart: always
    image: elasticsearch:7.17.24
    network_mode: "host"
    container_name: es02
    ulimits:
      nproc: 65535
      nofile:
        soft: 65535
        hard: 65535
      memlock:
        soft: -1
        hard: -1
    environment:
      - TZ=Asia/Shanghai
      - ES_JAVA_OPTS=-Xms4096m -Xmx4096m
    volumes:
      - ./data:/usr/share/elasticsearch/data
      - ./plugins:/usr/share/elasticsearch/plugins
      - ./logs:/usr/share/elasticsearch/logs
      - ./config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
      - ./certs:/usr/share/elasticsearch/config/certs

es02 elasticsearch.yml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

cluster.name: logs-es
node.name: es02
node.master: true
node.data: true
#path.data: /usr/share/elasticsearch/data
#path.logs: /usr/share/elasticsearch/logs
bootstrap.memory_lock: true
network.host: 192.168.2.239
http.port: 9200
transport.tcp.port: 9300
discovery.zen.minimum_master_nodes: 1
discovery.seed_hosts: ["192.168.2.238:9300", "192.168.2.239:9300","192.168.2.240:9300"]
discovery.zen.fd.ping_timeout: 1m
discovery.zen.fd.ping_retries: 5
cluster.initial_master_nodes: ["192.168.2.238:9300", "192.168.2.239:9300","192.168.2.240:9300"]
http.cors.enabled: true
http.cors.allow-origin: "*"

xpack.security.transport.ssl.enabled: true
xpack.security.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12

es03

es03 docker-compose.yml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

name: 'elasticsearch'
services:
  elasticsearch:
    deploy:
      resources:
        limits:
          memory: 6144M
    restart: always
    image: elasticsearch:7.17.24
    network_mode: "host"
    container_name: es03
    ulimits:
      nproc: 65535
      nofile:
        soft: 65535
        hard: 65535
      memlock:
        soft: -1
        hard: -1
    environment:
      - TZ=Asia/Shanghai
      - ES_JAVA_OPTS=-Xms4096m -Xmx4096m
    volumes:
      - ./data:/usr/share/elasticsearch/data
      - ./plugins:/usr/share/elasticsearch/plugins
      - ./logs:/usr/share/elasticsearch/logs
      - ./config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
      - ./certs:/usr/share/elasticsearch/config/certs

es03 elasticsearch.yml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

cluster.name: logs-es
node.name: es03
node.master: true
node.data: true
#path.data: /usr/share/elasticsearch/data
#path.logs: /usr/share/elasticsearch/logs
bootstrap.memory_lock: true
network.host: 192.168.2.240
http.port: 9200
transport.tcp.port: 9300
discovery.zen.minimum_master_nodes: 1
discovery.seed_hosts: ["192.168.2.238:9300", "192.168.2.239:9300","192.168.2.240:9300"]
discovery.zen.fd.ping_timeout: 1m
discovery.zen.fd.ping_retries: 5
cluster.initial_master_nodes: ["192.168.2.238:9300", "192.168.2.239:9300","192.168.2.240:9300"]
http.cors.enabled: true
http.cors.allow-origin: "*"

xpack.security.transport.ssl.enabled: true
xpack.security.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12

kibana

docker-compose.yml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

services:
  kibana:
    network_mode: "host"
    restart: always
    image: kibana:7.17.24
    container_name: kibana
    environment:
      - TZ=Asia/Shanghai
    volumes:
      - ./config:/usr/share/kibana/config

kibana.yml

1
2
3
4
5
6
7

server.publicBaseUrl: "http://192.168.2.238:5601"
server.port: 5601
server.host: "192.168.2.238"
elasticsearch.hosts: ["http://192.168.2.238:9200","http://192.168.2.239:9200","http://192.168.2.240:9200"]
i18n.locale: "zh-CN"
elasticsearch.username: "kibana_system"
elasticsearch.password: "xxxxxxx"

证书配置

进入到 es01 ,你要进入其他机器也可以。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

# 生成 ca 证书,一直按回车即可,提示输入密码可以直接回车留空
bin/elasticsearch-certutil ca

# 生成证书和私钥,提示输入密码可以直接回车留空,证书拷贝到其他节点
bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
mv elastic-certificates.p12 config/certs

# 为每个节点开启认证及配置证书位置
xpack.security.transport.ssl.enabled: true
xpack.security.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12

然后进入到容器里面重置一下密码,我选的自动生成,懒得一个个配置。

1

./bin/elasticsearch-setup-passwords auto

结束

es 8.x 这一块应该是可以这样配置的,晚点找个我验证一下,不然 es 8.x 官方 github 给的是同一个宿主机跑3个节点的脚本,不太好用。

参考文档:

https://blog.csdn.net/taoge512/article/details/106145917

https://blog.csdn.net/qq_43700739/article/details/132709935

更新于 2024-10-17
阅读原始文档
 DockerContainerDocker应用
返回 | 主页