podman或者podman-compose安装elasticsearch861

podman或者podman-compose安装elasticsearch861

本文连接：https://www.cnblogs.com/muphy/p/16043721.html

安装es、kibana

开防火墙 非必须

firewall-cmd --permanent --zone=public --add-port=9200/tcp
firewall-cmd --permanent --zone=public --add-port=9300/udp
firewall-cmd --permanent --zone=public --add-port=5601/tcp  --add-port=5601/udp
firewall-cmd --reload

1.第一种方式podman

# 授权目录以便正常启动ES
podman network create es_net
mkdir /opt/es/data/
chmod 776 /opt/es/data/ -R
# 安装ES
podman run --restart always \
--privileged=true \
--name=elasticsearch -d \
-e cluster.name=elasticsearch \
-e bootstrap.memory_lock=true  \
-e ES_JAVA_OPTS="-Xms512m -Xmx512m" \
-e discovery.type=single-node \
-v /opt/es/data/es/data:/usr/share/elasticsearch/data \
-v /opt/es/data/es/logs:/usr/share/elasticsearch/logs \
-v /opt/es/data/es/plugins:/usr/share/elasticsearch/plugins \
--net es_net \
--network-alias elasticsearch \
-p 9200:9200 -p 9300:9300 \
--ulimit memlock=-1:-1 \
--ulimit nofile=65536:65536 \
docker.elastic.co/elasticsearch/elasticsearch:7.6.0
# 安装kibna
podman run --restart always \
--privileged=true \
--name=kibana -d \
-e ELASTICSEARCH_HOSTS=http://elasticsearch:9200 \
-v /opt/es/data/kibana/data:/usr/share/kibana/data \
--net es_net \
--network-alias kibana \
-p 5601:5601 \
docker.elastic.co/kibana/kibana:7.6.0

1.第二种方式podman-compose

• 创建podman-compose.yml（可以是podman-compose.yaml、docker-compose.yml、docker-compose.yaml等）文件

version: '3'
services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:8.6.1
    # localhost: elasticsearch
    container_name: elasticsearch
    # user: root
    environment:
      - cluster.name=elasticsearch
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms1g -Xmx1g"
      - discovery.type=single-node
      #- xpack.security.enabled=false
    volumes:
      - ./data/es/data:/usr/share/elasticsearch/data
      - ./data/es/logs:/usr/share/elasticsearch/logs
      - ./data/es/plugins:/usr/share/elasticsearch/plugins
      # - /docker/es/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
    ports:
      - "9200:9200"
      - "9300:9300"
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    healthcheck:
      test: ["CMD-SHELL", "curl -f http://localhost:9200"]
      interval: 30s
      timeout: 10s
      retries: 3
    networks:
      es_net:
        ipv4_address: 172.30.5.10
    deploy:
      resources:
        limits:
          #cpus: 0.25
          memory: 2g
        reservations:
          #cpus: 0.2
          memory: 2g
  kibana:
    image: docker.elastic.co/kibana/kibana:8.6.1
    container_name: kibana
    # hostname: kibana
    # user: root
    depends_on:
      - elasticsearch
    ports:
      - "5601:5601"
    environment:
      #- "elasticsearch.hosts=http://elasticsearch:9200"
      - ELASTICSEARCH_HOSTS=http://elasticsearch:9200
      #- ELASTICSEARCH_USERNAME=elastic
      #- ELASTICSEARCH_PASSWORD=密码  # 替换为你的密码  推荐使用TOKEN
      #- XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY=6fbda411e070f2e82d937ac5b92f31a3949fbaf4e6e641d700a2ec411246541b # 32位随机字符
      #- XPACK_REPORTING_ENCRYPTIONKEY=6fbda411e070f2e82d937ac5b92f31a3949fbaf4e6e641d700a2ec411246541b
      - ELASTICSEARCH_SERVICEACCOUNTTOKEN=TOKEN  #TOKEN
    networks:
      - es_net:
        ipv4_address: 172.30.5.12
    deploy:
      resources:
        limits:
          #cpus: 0.25
          memory: 1g
        reservations:
          #cpus: 0.2
          memory: 1g
# 网络
networks:
  es_net:
    driver: bridge
    ipam:
      config:
        - subnet: 172.30.5.0/24

启动容器

podman-compose up -d

密码

• 首次运行：密码在日志中（docker-compose logs）。
• 忘记密码：用 elasticsearch-reset-password 重置。
• 开发环境：可以直接禁用密码（xpack.security.enabled=false）

docker exec -it elasticsearch /bin/bash
# 这会生成一个新密码并打印在终端
bin/elasticsearch-reset-password -u elastic
# 如果是多节点集群，为所有内置用户（如 elastic、kibana_system 等）生成随机密码，可以运行：
bin/elasticsearch-setup-passwords auto

# 使用 curl 修改密码：
curl -XPOST -u elastic:当前密码 "http://localhost:9200/_security/user/elastic/_password" -H "Content-Type: application/json" -d '{
  "password": "你的新密码"
}'

# 验证新密码
curl -u elastic:你的新密码 http://localhost:9200/

安装es中文分词器

docker exec -it elasticsearch bash
./bin/elasticsearch-plugin install https://get.infini.cloud/elasticsearch/analysis-ik/8.6.1

kibana配置TOKEN或者账号

方式1

• 进入 Elasticsearch 容器生成 Token

docker exec -it elasticsearch /bin/bash
bin/elasticsearch-service-tokens create elastic/kibana kibana-token

方式2

    environment:
      # 允许`elastic` 用户中添加
      - elasticsearch.allowSuperuserAccount=true

方式3

curl -X POST -u elastic:你的密码 "http://localhost:9200/_security/service/elastic/kibana/credential/token/kibana-token" -H "Content-Type: application/json"

验证Token是否有效

curl -XGET -H "Authorization: Bearer TOKEN" "http://localhost:9200/_cluster/health"

生成32位随机字符

# XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY、XPACK_REPORTING_ENCRYPTIONKEY
openssl rand -hex 32

访问kibana

• 账号密码和elasticsearch一致
• http://127.0.0.1:5601/app/integrations/browse elastic:你的密码