目錄
-
- 描述
- 制作自定義elasticsearch7.6鏡像
- 制作自定義elasticsearch-head鏡像
- elasticsearch.yml配置
- kibana.yml配置
- docker-compose.yml配置
- 啟動容器
- 配置密碼
- 登陸 kibana 和 elasticsearch-head
描述
最近研究了一下docker-compose釋出elasticsearch7.6,雖然網上有一些教程,但是根據教程操作,最後根本跑不起來或者有三個節點的叢集,配置密碼後隻有一個節點是活的,其他節點無法跟這個節點通信。踩了不少坑,最後還是看官方文檔學習。
ES官網docker配置文檔
ES官網證書配置文檔
如果您隻是簡單的玩一玩,不需要配置證書、密碼,隻需參照ES官網docker配置文檔即可
制作自定義elasticsearch7.6鏡像
ES_Dockerfile配置,包含了ik分詞器、生成證書。
ik分詞器下載下傳位址
ik下載下傳之後是zip包,需要将zip解壓後,壓縮成tar.gz格式的
#官方鏡像
FROM elasticsearch:7.6.2
USER root
##添加ik分詞器
ADD elasticsearch-analysis-ik-7.6.2.tar.gz /usr/share/elasticsearch/plugins/
RUN mv /usr/share/elasticsearch/plugins/elasticsearch-analysis-ik-7.6.2 /usr/share/elasticsearch/plugins/ik
RUN chmod 777 /usr/share/elasticsearch/plugins/ik -R
#生成證書,密碼可自己配置
RUN bin/elasticsearch-certutil ca --out config/elastic-stack-ca.p12 --pass 123456
#生成證書,密碼可自己配置
RUN bin/elasticsearch-certutil cert --ca config/elastic-stack-ca.p12 --ca-pass 123456 --out config/elastic-certificates.p12 --pass 123456
#建立keystore
RUN bin/elasticsearch-keystore create
#将密碼添加至keystore
RUN sh -c '/bin/echo -e "123456" | sh bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password'
RUN sh -c '/bin/echo -e "123456" | sh bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password'
#檔案賦權限
RUN chmod 777 /usr/share/elasticsearch/config/elastic-certificates.p12
RUN chmod 777 /usr/share/elasticsearch/config/elastic-stack-ca.p12
建構鏡像
注:centos7docker:443是我自己搭建的harbor鏡像倉庫,如果您沒有鏡像倉庫您也可以使用阿裡雲的容器鏡像服務。如果您隻是在本地做測試,也可以不用鏡像倉庫。
生成的鏡像
[[email protected] elasticsearch]# docker images | grep '7.6.2'
centos7docker:443/aliang-xyl/elasticsearch 7.6.2 66d1054960ee 46 minutes ago 820MB
kibana 7.6.2 f70986bc5191 5 months ago 1.01GB
elasticsearch 7.6.2 f29a1ee41030 5 months ago 791MB
推送至鏡像倉庫
制作自定義elasticsearch-head鏡像
如果使用原版elasticsearch-head鏡像會出現無法使用的情況,報錯如下:
出現這種錯誤是因為Content-Type不支援,支援的格式是application/json;charset=UTF-8
啟動elasticsearch-head容器,将容器中的/usr/src/app/_site/vendor.js拷貝出來,然後将vendor.js裡面的application/x-www-form-urlencoded替換成application/json;charset=UTF-8。
ES_Head_DockerFile配置:
#原版鏡像
FROM mobz/elasticsearch-head:5
USER root
#删除原本的vendor.js
RUN rm -f /usr/src/app/_site/vendor.js
#将修改後的vendor.js添加進來
ADD vendor.js /usr/src/app/_site/
RUN chmod 777 /usr/src/app/_site/vendor.js
建構鏡像
推送鏡像
elasticsearch.yml配置
注意證書的配置要和自定義鏡像中的證書資訊一緻
network.host: 0.0.0.0
#master節點es01
cluster.initial_master_nodes: ["es01"]
discovery.seed_hosts: ["es01","es02","es03"]
cluster.name: "es-docker-cluster"
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
#開啟kibana監控配置,如果不開啟,也可以在kibana監控界面開啟
xpack.monitoring.collection.enabled: true
#開啟安全認證相關配置
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.audit.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.keystore.type: PKCS12
xpack.security.transport.ssl.verification_mode: certificate
#名字要和自定義鏡像中的名字一緻
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.type: PKCS12
kibana.yml配置
這裡我事先定義好了賬号的密碼資訊
server.name: kibana
server.host: "0"
kibana.index: ".kibana"
elasticsearch.hosts: [ "http://192.168.147.129:9200" ]
xpack.monitoring.ui.container.elasticsearch.enabled: true
i18n.locale: zh-CN
elasticsearch.username: 'kibana'
elasticsearch.password: 'Es123456'
docker-compose.yml配置
version: '2.2'
services:
es01:
image: centos7docker:443/aliang-xyl/elasticsearch:7.6.2
container_name: es01
environment:
- node.name=es01
- cluster.name=es-docker-cluster
- discovery.seed_hosts=es02,es03
- cluster.initial_master_nodes=es01
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- TZ=Asia/Shanghai
- node.master=true
- node.data=true
- http.cors.enabled=true
- http.cors.allow-origin=*
- http.cors.allow-headers=Authorization,X-Requested-With,Content-Length,Content-Type
- xpack.security.enabled=true
- xpack.security.transport.ssl.enabled=true
- xpack.security.audit.enabled=true
- xpack.license.self_generated.type=basic
- xpack.monitoring.collection.enabled=true
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- ./es01/data:/usr/share/elasticsearch/data
- ./es01/logs:/usr/share/elasticsearch/logs
- ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
ports:
- 9200:9200
networks:
- elastic
es02:
image: centos7docker:443/aliang-xyl/elasticsearch:7.6.2
container_name: es02
environment:
- node.name=es02
- cluster.name=es-docker-cluster
- discovery.seed_hosts=es01,es03
- cluster.initial_master_nodes=es01
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- TZ=Asia/Shanghai
- node.master=true
- node.data=true
- http.cors.enabled=true
- http.cors.allow-origin=*
- http.cors.allow-headers=Authorization,X-Requested-With,Content-Length,Content-Type
- xpack.security.enabled=true
- xpack.security.transport.ssl.enabled=true
- xpack.security.audit.enabled=true
- xpack.license.self_generated.type=basic
- xpack.monitoring.collection.enabled=true
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- ./es02/data:/usr/share/elasticsearch/data
- ./es02/logs:/usr/share/elasticsearch/logs
- ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
ports:
- 9202:9200
networks:
- elastic
es03:
image: centos7docker:443/aliang-xyl/elasticsearch:7.6.2
container_name: es03
environment:
- node.name=es03
- cluster.name=es-docker-cluster
- discovery.seed_hosts=es01,es02
- cluster.initial_master_nodes=es01
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- TZ=Asia/Shanghai
- node.master=true
- node.data=true
- http.cors.enabled=true
- http.cors.allow-origin=*
- http.cors.allow-headers=Authorization,X-Requested-With,Content-Length,Content-Type
- xpack.security.enabled=true
- xpack.security.transport.ssl.enabled=true
- xpack.security.audit.enabled=true
- xpack.license.self_generated.type=basic
- xpack.monitoring.collection.enabled=true
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- ./es03/data:/usr/share/elasticsearch/data
- ./es03/logs:/usr/share/elasticsearch/logs
- ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
ports:
- 9203:9200
networks:
- elastic
kibana:
depends_on:
- es01
image: kibana:7.6.2
container_name: kibana
ports:
- 5601:5601
environment:
- elasticsearch.url=http://es01:9200
- elasticsearch.hosts=http://es01:9200
- i18n.locale=zh-CN
- TZ=Asia/Shanghai
volumes:
- ./kibana.yml:/usr/share/kibana/config/kibana.yml
- /etc/localtime:/etc/localtime
networks:
- elastic
eshead:
image: centos7docker:443/aliang-xyl/elasticsearch-head:5
container_name: eshead
networks:
- elastic
ports:
- 9100:9100
networks:
elastic:
driver: bridge
啟動容器
建立檔案夾并給權限:
# mkdir -p es01/logs es01/data es02/logs es02/data es03/logs es03/data
# chmod 777 es0* -R
此時目前目錄下檔案:
[[email protected] elasticsearch]# ll
總用量 4636
-rw-r--r--. 1 root root 4063 9月 2 10:40 docker-compose.yml
-rw-r--r--. 1 root root 4261000 8月 23 16:36 elasticsearch-analysis-ik-7.6.2.tar.gz
-rwxrwxrwx. 1 root root 770 9月 1 21:03 elasticsearch.yml
drwxrwxrwx. 4 root root 30 9月 1 14:47 es01
drwxrwxrwx. 4 root root 30 9月 1 14:47 es02
drwxrwxrwx. 4 root root 30 9月 1 14:47 es03
-rw-r--r--. 1 root root 925 9月 1 22:24 ES_DockerFile
-rw-r--r--. 1 root root 162 8月 23 17:43 ES_Head_DockerFile
-rwxrwxrwx. 1 root root 261 9月 1 15:21 kibana.yml
-rw-r--r--. 1 root root 459899 8月 23 17:41 vendor.js
啟動
# docker-compose -f docker-compose.yml up -d
Creating es01 ... done
Creating kibana ... done
Creating eshead ...
Creating es03 ...
Creating es01 ...
Creating kibana ...
[[email protected] elasticsearch]# docker-compose ps
Name Command State Ports
----------------------------------------------------------------------------------
es01 /usr/local/bin/docker-entr ... Up 0.0.0.0:9200->9200/tcp, 9300/tcp
es02 /usr/local/bin/docker-entr ... Up 0.0.0.0:9202->9200/tcp, 9300/tcp
es03 /usr/local/bin/docker-entr ... Up 0.0.0.0:9203->9200/tcp, 9300/tcp
eshead /bin/sh -c grunt server Up 0.0.0.0:9100->9100/tcp
kibana /usr/local/bin/dumb-init - ... Up 0.0.0.0:5601->5601/tcp
配置密碼
進入master節點容器配置密碼
[[email protected] elasticsearch]# docker exec -it es01 /bin/bash
[[email protected] elasticsearch]# ./bin/elasticsearch-setup-passwords interactive --verbose
Running with configuration path: /usr/share/elasticsearch/config
Testing if bootstrap password is valid for http://172.20.0.3:9200/_security/_authenticate?pretty
{
"username" : "elastic",
"roles" : [
"superuser"
],
"full_name" : null,
"email" : null,
"metadata" : {
"_reserved" : true
},
"enabled" : true,
"authentication_realm" : {
"name" : "reserved",
"type" : "reserved"
},
"lookup_realm" : {
"name" : "reserved",
"type" : "reserved"
}
}
Checking cluster health: http://172.20.0.3:9200/_cluster/health?pretty
{
"cluster_name" : "es-docker-cluster",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 3,
"number_of_data_nodes" : 3,
"active_primary_shards" : 1,
"active_shards" : 2,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Trying user password change call http://172.20.0.3:9200/_security/user/apm_system/_password?pretty
{ }
Changed password for user [apm_system]
Trying user password change call http://172.20.0.3:9200/_security/user/kibana/_password?pretty
{ }
Changed password for user [kibana]
Trying user password change call http://172.20.0.3:9200/_security/user/logstash_system/_password?pretty
{ }
Changed password for user [logstash_system]
Trying user password change call http://172.20.0.3:9200/_security/user/beats_system/_password?pretty
{ }
Changed password for user [beats_system]
Trying user password change call http://172.20.0.3:9200/_security/user/remote_monitoring_user/_password?pretty
{ }
Changed password for user [remote_monitoring_user]
Trying user password change call http://172.20.0.3:9200/_security/user/elastic/_password?pretty
{ }
Changed password for user [elastic]
登陸 kibana 和 elasticsearch-head
浏覽器通路:http://centos7docker:5601/
我的谷歌浏覽器通路時,登陸成功但是無法跳轉至首頁,一直在登陸頁。
谷歌浏覽器無法登陸kibana,具體原因沒有去查,直接使用了火狐浏覽器。
登陸成功後進入監控界面:
elasticsearch-head界面
通路http://centos7docker:9100/?auth_user=elastic&auth_password=Es123456
這裡的centos7docker:9100換成你自己的ip和端口号即可