基于docker构建es集群
首先,假定有三台机器,分别是elasticsearch_node1,elasticsearch_node2,elasticsearch_node3,将他们ip和域名写入/etc/hosts.
然后基于docker.1ms.run/elasticsearch:7.17.18镜像进行操作
一、先将ip和域名写入/etc/hosts
elasticsearch_node1, 192.168.1.1
elasticsearch_node2, 192.168.1.2
elasticsearch_node3, 192.168.1.3
二、先构建证书和三个节点的证书
#1-先构建公共证书
docker run --rm -it \
-v /srv/share/elasticsearch/certs:/certs \
docker.1ms.run/elasticsearch:7.17.18 \
bin/elasticsearch-certutil ca \
-s \
-E xpack.security.http.ssl.enabled=false \
--ip 127.0.0.1 \
--pem \
-out /certs/certs.zip
#将上面的压缩包解压,会有ca.crt ca.key两个文件,下面要用
#2构建每个节点的证书
docker run --rm -it \
-v /srv/share/elasticsearch/certs:/certs \
docker.1ms.run/elasticsearch:7.17.18 \
bin/elasticsearch-certutil cert \
--ca-cert /certs/ca/ca/ca.crt \
--ca-key /certs/ca/ca/ca.key \
-name elasticsearch_node1 \
--ip 192.168.1.1 \
--dns elasticsearch_node1,localhost \
--pem \
-out /certs/node1.zip
docker run --rm -it \
-v /srv/share/elasticsearch/certs:/certs \
docker.1ms.run/elasticsearch:7.17.18 \
bin/elasticsearch-certutil cert \
--ca-cert /certs/ca/ca/ca.crt \
--ca-key /certs/ca/ca/ca.key \
-name elasticsearch_node2 \
--ip 192.168.1.2 \
--dns elasticsearch_node2,localhost \
--pem \
-out /certs/node2.zip
docker run --rm -it \
-v /srv/share/elasticsearch/certs:/certs \
docker.1ms.run/elasticsearch:7.17.18 \
bin/elasticsearch-certutil cert \
--ca-cert /certs/ca/ca/ca.crt \
--ca-key /certs/ca/ca/ca.key \
-name elasticsearch_node3 \
--ip 192.168.1.3 \
--dns elasticsearch_node3,localhost \
--pem \
-out /certs/node3.zip
上述会获得3个节点压缩包,解压后,
将/srv/share/elasticsearch/certs/ca/ca/ca.crt 复制到这3个节点文件夹中
三、分别在三台机器上启动
下面是节点1的docker-compose.yaml,其他2个节点改下对应的node
version: '3'
services:
elasticsearch:
image: docker.1ms.run/elasticsearch:7.17.18
container_name: elasticsearch
user: root
restart: always
environment:
- node.name=elasticsearch_node1
- cluster.name=elasticsearch_cluster
- discovery.seed_hosts=elasticsearch_node2:9300,elasticsearch_node3:9300
- cluster.initial_master_nodes=elasticsearch_node1,elasticsearch_node2,elasticsearch_node3
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms16g -Xmx16g"
- ELASTIC_PASSWORD=password
- network.host=0.0.0.0
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/certs/elasticsearch_node1.key
- xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/certs/elasticsearch_node1.crt
- xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/certs/ca.crt
- xpack.security.enabled=true
- xpack.security.transport.ssl.enabled=true
- xpack.security.http.ssl.enabled=false
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- /srv/share/elasticsearch/data:/usr/share/elasticsearch/data
- /srv/share/elasticsearch/plugins:/usr/share/elasticsearch/plugins
- /srv/share/elasticsearch/certs/elasticsearch_node1:/usr/share/elasticsearch/config/certs:ro
- /etc/hosts:/etc/hosts:ro
- /dev/random:/dev/random:ro
- /dev/urandom:/dev/urandom:ro
network_mode: host
四、构建kibana
version: '3'
services:
kibana:
image: docker.1ms.run/kibana:7.17.18
container_name: kibana
restart: always
ports:
- "32602:5601"
environment:
- SERVERNAME=kibana.example.com
- ELASTICSEARCH_HOSTS=["http://192.168.1.1:9200"] # 修改为你的任意一个 ES 节点 IP:9200
- ELASTICSEARCH_USERNAME=elastic
- ELASTICSEARCH_PASSWORD=password
- SERVER_SSL_ENABLED=false
- XPACK_SECURITY_ENABLED=true
- XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY=k3F8mPq9nR2sT7vX5wZ1aB6cD4eH8gJ2
- XPACK_SECURITY_ENCRYPTIONKEY=s2K9nR3tT6vX8wZ4aB7cD5eH9gJ3kL5m
- XPACK_REPORTING_ENCRYPTIONKEY=r5M8nS4uV7xY2bA6dE8fH1jK4nM7pQ9r
volumes:
# 如果你启用了 Elasticsearch HTTPS(HTTP SSL),需要挂载 CA 证书
- /srv/share/elasticsearch/certs/ca/ca/ca.crt:/usr/share/kibana/config/certs/ca.crt:ro
networks:
host-network:
driver: host
五、安装ik分词器
分别进三台机器
docker exec -ti elasticsearch bash
#进去后执行
bin/elasticsearch-plugin install https://get.infini.cloud/elasticsearch/analysis-ik/7.17.18
大功告成
浙公网安备 33010602011771号