ElasticSearch----基于docker-compose方式部署三节点8.1.3版本的ElasticSearch集群 Kibana看板
作者:redrose2100   类别:数据库    日期:2022-06-07 08:24:29    阅读:1577 次   消耗积分:0 分

1 准备好环境变量

内容如下,保存在.env文件中,存放在一个空的目录中,这里注意密码需要给ELASTIC_PASSWORD 和 KIBANA_PASSWORD 配置一个比较强的,不能使用过于简单的密码,
此外,这里暴露端口是通过ES_PORT设置的,默认暴露9200端口,如果是其他端口需要修改下面变量文件中的ES_PORT值
kibana端口通过KIBANA_PORT设置,默认为5601,那么也可以设置为其他端口

  1. # Password for the 'elastic' user (at least 6 characters)
  2. ELASTIC_PASSWORD=xxxxxxxxxxx
  3. # Password for the 'kibana_system' user (at least 6 characters)
  4. KIBANA_PASSWORD=xxxxxxxxxxx
  5. # Version of Elastic products
  6. STACK_VERSION=8.1.3
  7. # Set the cluster name
  8. CLUSTER_NAME=docker-cluster
  9. # Set to 'basic' or 'trial' to automatically start the 30-day trial
  10. LICENSE=basic
  11. #LICENSE=trial
  12. # Port to expose Elasticsearch HTTP API to the host
  13. ES_PORT=9200
  14. #ES_PORT=127.0.0.1:9200
  15. # Port to expose Kibana to the host
  16. KIBANA_PORT=5601
  17. #KIBANA_PORT=80
  18. # Increase or decrease based on the available host memory (in bytes)
  19. MEM_LIMIT=1073741824
  20. # Project namespace (defaults to the current folder name if not set)
  21. #COMPOSE_PROJECT_NAME=myproject

2 准备docke-compose.yml文件

若启用https,使用如下配置文件

  1. version: "2.2"
  2. services:
  3. setup:
  4. image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
  5. volumes:
  6. - certs:/usr/share/elasticsearch/config/certs
  7. user: "0"
  8. command: >
  9. bash -c '
  10. if [ x${ELASTIC_PASSWORD} == x ]; then
  11. echo "Set the ELASTIC_PASSWORD environment variable in the .env file";
  12. exit 1;
  13. elif [ x${KIBANA_PASSWORD} == x ]; then
  14. echo "Set the KIBANA_PASSWORD environment variable in the .env file";
  15. exit 1;
  16. fi;
  17. if [ ! -f config/certs/ca.zip ]; then
  18. echo "Creating CA";
  19. bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
  20. unzip config/certs/ca.zip -d config/certs;
  21. fi;
  22. if [ ! -f config/certs/certs.zip ]; then
  23. echo "Creating certs";
  24. echo -ne \
  25. "instances:\n"\
  26. " - name: es01\n"\
  27. " dns:\n"\
  28. " - es01\n"\
  29. " - localhost\n"\
  30. " ip:\n"\
  31. " - 127.0.0.1\n"\
  32. " - name: es02\n"\
  33. " dns:\n"\
  34. " - es02\n"\
  35. " - localhost\n"\
  36. " ip:\n"\
  37. " - 127.0.0.1\n"\
  38. " - name: es03\n"\
  39. " dns:\n"\
  40. " - es03\n"\
  41. " - localhost\n"\
  42. " ip:\n"\
  43. " - 127.0.0.1\n"\
  44. > config/certs/instances.yml;
  45. bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
  46. unzip config/certs/certs.zip -d config/certs;
  47. fi;
  48. echo "Setting file permissions"
  49. chown -R root:root config/certs;
  50. find . -type d -exec chmod 750 \{\} \;;
  51. find . -type f -exec chmod 640 \{\} \;;
  52. echo "Waiting for Elasticsearch availability";
  53. until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
  54. echo "Setting kibana_system password";
  55. until curl -s -X POST --cacert config/certs/ca/ca.crt -u elastic:${ELASTIC_PASSWORD} -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;
  56. echo "All done!";
  57. '
  58. healthcheck:
  59. test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"]
  60. interval: 1s
  61. timeout: 5s
  62. retries: 120
  63. es01:
  64. depends_on:
  65. setup:
  66. condition: service_healthy
  67. image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
  68. volumes:
  69. - certs:/usr/share/elasticsearch/config/certs
  70. - esdata01:/usr/share/elasticsearch/data
  71. ports:
  72. - ${ES_PORT}:9200
  73. environment:
  74. - node.name=es01
  75. - cluster.name=${CLUSTER_NAME}
  76. - cluster.initial_master_nodes=es01,es02,es03
  77. - discovery.seed_hosts=es02,es03
  78. - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
  79. - bootstrap.memory_lock=true
  80. - xpack.security.enabled=true
  81. - xpack.security.http.ssl.enabled=true
  82. - xpack.security.http.ssl.key=certs/es01/es01.key
  83. - xpack.security.http.ssl.certificate=certs/es01/es01.crt
  84. - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
  85. - xpack.security.http.ssl.verification_mode=certificate
  86. - xpack.security.transport.ssl.enabled=true
  87. - xpack.security.transport.ssl.key=certs/es01/es01.key
  88. - xpack.security.transport.ssl.certificate=certs/es01/es01.crt
  89. - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
  90. - xpack.security.transport.ssl.verification_mode=certificate
  91. - xpack.license.self_generated.type=${LICENSE}
  92. mem_limit: ${MEM_LIMIT}
  93. ulimits:
  94. memlock:
  95. soft: -1
  96. hard: -1
  97. healthcheck:
  98. test:
  99. [
  100. "CMD-SHELL",
  101. "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
  102. ]
  103. interval: 10s
  104. timeout: 10s
  105. retries: 120
  106. es02:
  107. depends_on:
  108. - es01
  109. image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
  110. volumes:
  111. - certs:/usr/share/elasticsearch/config/certs
  112. - esdata02:/usr/share/elasticsearch/data
  113. environment:
  114. - node.name=es02
  115. - cluster.name=${CLUSTER_NAME}
  116. - cluster.initial_master_nodes=es01,es02,es03
  117. - discovery.seed_hosts=es01,es03
  118. - bootstrap.memory_lock=true
  119. - xpack.security.enabled=true
  120. - xpack.security.http.ssl.enabled=true
  121. - xpack.security.http.ssl.key=certs/es02/es02.key
  122. - xpack.security.http.ssl.certificate=certs/es02/es02.crt
  123. - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
  124. - xpack.security.http.ssl.verification_mode=certificate
  125. - xpack.security.transport.ssl.enabled=true
  126. - xpack.security.transport.ssl.key=certs/es02/es02.key
  127. - xpack.security.transport.ssl.certificate=certs/es02/es02.crt
  128. - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
  129. - xpack.security.transport.ssl.verification_mode=certificate
  130. - xpack.license.self_generated.type=${LICENSE}
  131. mem_limit: ${MEM_LIMIT}
  132. ulimits:
  133. memlock:
  134. soft: -1
  135. hard: -1
  136. healthcheck:
  137. test:
  138. [
  139. "CMD-SHELL",
  140. "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
  141. ]
  142. interval: 10s
  143. timeout: 10s
  144. retries: 120
  145. es03:
  146. depends_on:
  147. - es02
  148. image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
  149. volumes:
  150. - certs:/usr/share/elasticsearch/config/certs
  151. - esdata03:/usr/share/elasticsearch/data
  152. environment:
  153. - node.name=es03
  154. - cluster.name=${CLUSTER_NAME}
  155. - cluster.initial_master_nodes=es01,es02,es03
  156. - discovery.seed_hosts=es01,es02
  157. - bootstrap.memory_lock=true
  158. - xpack.security.enabled=true
  159. - xpack.security.http.ssl.enabled=true
  160. - xpack.security.http.ssl.key=certs/es03/es03.key
  161. - xpack.security.http.ssl.certificate=certs/es03/es03.crt
  162. - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
  163. - xpack.security.http.ssl.verification_mode=certificate
  164. - xpack.security.transport.ssl.enabled=true
  165. - xpack.security.transport.ssl.key=certs/es03/es03.key
  166. - xpack.security.transport.ssl.certificate=certs/es03/es03.crt
  167. - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
  168. - xpack.security.transport.ssl.verification_mode=certificate
  169. - xpack.license.self_generated.type=${LICENSE}
  170. mem_limit: ${MEM_LIMIT}
  171. ulimits:
  172. memlock:
  173. soft: -1
  174. hard: -1
  175. healthcheck:
  176. test:
  177. [
  178. "CMD-SHELL",
  179. "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
  180. ]
  181. interval: 10s
  182. timeout: 10s
  183. retries: 120
  184. kibana:
  185. depends_on:
  186. es01:
  187. condition: service_healthy
  188. es02:
  189. condition: service_healthy
  190. es03:
  191. condition: service_healthy
  192. image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
  193. volumes:
  194. - certs:/usr/share/kibana/config/certs
  195. - kibanadata:/usr/share/kibana/data
  196. ports:
  197. - ${KIBANA_PORT}:5601
  198. environment:
  199. - SERVERNAME=kibana
  200. - ELASTICSEARCH_HOSTS=https://es01:9200
  201. - ELASTICSEARCH_USERNAME=kibana_system
  202. - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
  203. - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
  204. mem_limit: ${MEM_LIMIT}
  205. healthcheck:
  206. test:
  207. [
  208. "CMD-SHELL",
  209. "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
  210. ]
  211. interval: 10s
  212. timeout: 10s
  213. retries: 120
  214. volumes:
  215. certs:
  216. driver: local
  217. esdata01:
  218. driver: local
  219. esdata02:
  220. driver: local
  221. esdata03:
  222. driver: local
  223. kibanadata:
  224. driver: local

若禁用https,则使用如下配置文件

  1. version: "2.2"
  2. services:
  3. setup:
  4. image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
  5. volumes:
  6. - certs:/usr/share/elasticsearch/config/certs
  7. user: "0"
  8. command: >
  9. bash -c '
  10. if [ x${ELASTIC_PASSWORD} == x ]; then
  11. echo "Set the ELASTIC_PASSWORD environment variable in the .env file";
  12. exit 1;
  13. elif [ x${KIBANA_PASSWORD} == x ]; then
  14. echo "Set the KIBANA_PASSWORD environment variable in the .env file";
  15. exit 1;
  16. fi;
  17. if [ ! -f config/certs/ca.zip ]; then
  18. echo "Creating CA";
  19. bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
  20. unzip config/certs/ca.zip -d config/certs;
  21. fi;
  22. if [ ! -f config/certs/certs.zip ]; then
  23. echo "Creating certs";
  24. echo -ne \
  25. "instances:\n"\
  26. " - name: es01\n"\
  27. " dns:\n"\
  28. " - es01\n"\
  29. " - localhost\n"\
  30. " ip:\n"\
  31. " - 127.0.0.1\n"\
  32. " - name: es02\n"\
  33. " dns:\n"\
  34. " - es02\n"\
  35. " - localhost\n"\
  36. " ip:\n"\
  37. " - 127.0.0.1\n"\
  38. " - name: es03\n"\
  39. " dns:\n"\
  40. " - es03\n"\
  41. " - localhost\n"\
  42. " ip:\n"\
  43. " - 127.0.0.1\n"\
  44. > config/certs/instances.yml;
  45. bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
  46. unzip config/certs/certs.zip -d config/certs;
  47. fi;
  48. echo "Setting file permissions"
  49. chown -R root:root config/certs;
  50. find . -type d -exec chmod 750 \{\} \;;
  51. find . -type f -exec chmod 640 \{\} \;;
  52. echo "Waiting for Elasticsearch availability";
  53. until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
  54. echo "Setting kibana_system password";
  55. until curl -s -X POST --cacert config/certs/ca/ca.crt -u elastic:${ELASTIC_PASSWORD} -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;
  56. echo "All done!";
  57. '
  58. healthcheck:
  59. test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"]
  60. interval: 1s
  61. timeout: 5s
  62. retries: 120
  63. es01:
  64. depends_on:
  65. setup:
  66. condition: service_healthy
  67. image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
  68. volumes:
  69. - certs:/usr/share/elasticsearch/config/certs
  70. - esdata01:/usr/share/elasticsearch/data
  71. ports:
  72. - ${ES_PORT}:9200
  73. environment:
  74. - node.name=es01
  75. - cluster.name=${CLUSTER_NAME}
  76. - cluster.initial_master_nodes=es01,es02,es03
  77. - discovery.seed_hosts=es02,es03
  78. - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
  79. - bootstrap.memory_lock=true
  80. - xpack.security.transport.ssl.enabled=true
  81. - xpack.security.transport.ssl.key=certs/es01/es01.key
  82. - xpack.security.transport.ssl.certificate=certs/es01/es01.crt
  83. - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
  84. - xpack.security.transport.ssl.verification_mode=certificate
  85. - xpack.license.self_generated.type=${LICENSE}
  86. mem_limit: ${MEM_LIMIT}
  87. ulimits:
  88. memlock:
  89. soft: -1
  90. hard: -1
  91. healthcheck:
  92. test:
  93. [
  94. "CMD-SHELL",
  95. "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
  96. ]
  97. interval: 10s
  98. timeout: 10s
  99. retries: 120
  100. es02:
  101. depends_on:
  102. - es01
  103. image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
  104. volumes:
  105. - certs:/usr/share/elasticsearch/config/certs
  106. - esdata02:/usr/share/elasticsearch/data
  107. environment:
  108. - node.name=es02
  109. - cluster.name=${CLUSTER_NAME}
  110. - cluster.initial_master_nodes=es01,es02,es03
  111. - discovery.seed_hosts=es01,es03
  112. - bootstrap.memory_lock=true
  113. - xpack.security.transport.ssl.enabled=true
  114. - xpack.security.transport.ssl.key=certs/es02/es02.key
  115. - xpack.security.transport.ssl.certificate=certs/es02/es02.crt
  116. - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
  117. - xpack.security.transport.ssl.verification_mode=certificate
  118. - xpack.license.self_generated.type=${LICENSE}
  119. mem_limit: ${MEM_LIMIT}
  120. ulimits:
  121. memlock:
  122. soft: -1
  123. hard: -1
  124. healthcheck:
  125. test:
  126. [
  127. "CMD-SHELL",
  128. "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
  129. ]
  130. interval: 10s
  131. timeout: 10s
  132. retries: 120
  133. es03:
  134. depends_on:
  135. - es02
  136. image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
  137. volumes:
  138. - certs:/usr/share/elasticsearch/config/certs
  139. - esdata03:/usr/share/elasticsearch/data
  140. environment:
  141. - node.name=es03
  142. - cluster.name=${CLUSTER_NAME}
  143. - cluster.initial_master_nodes=es01,es02,es03
  144. - discovery.seed_hosts=es01,es02
  145. - bootstrap.memory_lock=true
  146. - xpack.security.transport.ssl.enabled=true
  147. - xpack.security.transport.ssl.key=certs/es03/es03.key
  148. - xpack.security.transport.ssl.certificate=certs/es03/es03.crt
  149. - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
  150. - xpack.security.transport.ssl.verification_mode=certificate
  151. - xpack.license.self_generated.type=${LICENSE}
  152. mem_limit: ${MEM_LIMIT}
  153. ulimits:
  154. memlock:
  155. soft: -1
  156. hard: -1
  157. healthcheck:
  158. test:
  159. [
  160. "CMD-SHELL",
  161. "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
  162. ]
  163. interval: 10s
  164. timeout: 10s
  165. retries: 120
  166. kibana:
  167. depends_on:
  168. es01:
  169. condition: service_healthy
  170. es02:
  171. condition: service_healthy
  172. es03:
  173. condition: service_healthy
  174. image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
  175. volumes:
  176. - certs:/usr/share/kibana/config/certs
  177. - kibanadata:/usr/share/kibana/data
  178. ports:
  179. - ${KIBANA_PORT}:5601
  180. environment:
  181. - SERVERNAME=kibana
  182. - ELASTICSEARCH_HOSTS=http://es01:9200
  183. - ELASTICSEARCH_USERNAME=kibana_system
  184. - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
  185. mem_limit: ${MEM_LIMIT}
  186. healthcheck:
  187. test:
  188. [
  189. "CMD-SHELL",
  190. "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
  191. ]
  192. interval: 10s
  193. timeout: 10s
  194. retries: 120
  195. volumes:
  196. certs:
  197. driver: local
  198. esdata01:
  199. driver: local
  200. esdata02:
  201. driver: local
  202. esdata03:
  203. driver: local
  204. kibanadata:
  205. driver: local

3 配置vm.max_map_count 最小为262144

  1. vi /etc/sysctl.conf

然后修改vm.max_map_count的值为262144,如果不存在,则直接增加以下内容

  1. vm.max_map_count=262144

这种方式需要重启,一般情况下环境不允许重启的,因此这里可以继续使用如下命令配置

  1. sysctl -w vm.max_map_count=262144

4 启动服务

执行如下命令,启动服务

  1. docker-compose up -d

5 通过docker-compose ps 命令查看状态,如下,标志已经启动成功

  1. [root@master es]# docker-compose ps
  2. Name Command State Ports
  3. ----------------------------------------------------------------------------------------------------------------
  4. es_es01_1 /bin/tini -- /usr/local/bi ... Up (healthy) 0.0.0.0:9200->9200/tcp,:::9200->9200/tcp, 9300/tcp
  5. es_es02_1 /bin/tini -- /usr/local/bi ... Up (healthy) 9200/tcp, 9300/tcp
  6. es_es03_1 /bin/tini -- /usr/local/bi ... Up (healthy) 9200/tcp, 9300/tcp
  7. es_kibana_1 /bin/tini -- /usr/local/bi ... Up (healthy) 0.0.0.0:5601->5601/tcp,:::5601->5601/tcp
  8. es_setup_1 /bin/tini -- /usr/local/bi ... Exit 0
  9. [root@master es]#

6 浏览器访问kibana

然后再浏览器通过ip+端口即可访问了,比如这里 192.168.116.50:5601,然后输入用户名 elastic和配置的密码,如下

7 登录kibana

始终坚持开源开放共享精神,同时感谢您的充电鼓励和支持!
版权所有,转载本站文章请注明出处:redrose2100, http://blog.redrose2100.com/article/315
个人成就
  • 博客总数: 613 
  • 阅读总量: 715110 
  • 2022年 : 371 篇 
  • 2023年 : 211 篇 
  • 2024年 : 31 篇 
  • 2025年 : 0 篇 
测试开发技术全栈公众号
DevOps技术交流微信群