创建 docker 网络
1
|
docker network create --subnet=172.16.0.0/24 elasticsearch-br0
|
生成证书
默认生成三年,我指定生成 100 年证书,生成到 cert 目录下,指定 elastic——version
1
2
3
4
5
6
|
export ELASTIC_VERSION=8.13.4
docker run --rm -it -v $(pwd)/certs:/tmp/certs elasticsearch:${ELASTIC_VERSION} bash -c \
'echo -e "\n\n" | /usr/share/elasticsearch/bin/elasticsearch-certutil ca -s -days 36500 && \
echo -e "\n\n\n" | /usr/share/elasticsearch/bin/elasticsearch-certutil cert -s -days 36500 --ca elastic-stack-ca.p12 && \
mv /usr/share/elasticsearch/*.p12 /tmp/certs && \
chmod 777 -R /tmp/certs'
|
报错
1
|
Please enter the desired output file [elastic-stack-ca.p12]: Enter password for elastic-stack-ca.p12 : Enter password for CA
|
主要是因为权限问题。已修复
1
2
3
|
mkdir certs
chmod 777 -R certs
把上面的该权限的去掉。
|
指定 IP 运行容器
我这里将数据持久化到了 docker 卷中,通过docker volume ls可以查看。
运行 elasticsearch1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
docker run -d --name elasticsearch1 \
--ulimit memlock=-1:-1 \
-e "ES_JAVA_OPTS=-Xms512m -Xmx512m" \
-e node.name=elasticsearch1 \
-e cluster.name=es-cluster \
-e discovery.seed_hosts=elasticsearch2,elasticsearch3 \
-e cluster.initial_master_nodes=elasticsearch1,elasticsearch2,elasticsearch3 \
-e bootstrap.memory_lock=true \
-e xpack.security.enabled=true \
-e http.cors.enabled=true \
-e "http.cors.allow-origin= '*'" \
-e http.cors.allow-headers=Authorization \
-e xpack.security.enabled=true \
-e xpack.security.transport.ssl.enabled=true \
-e xpack.security.transport.ssl.verification_mode=certificate \
-e xpack.security.transport.ssl.keystore.path=/usr/share/elasticsearch/config/elastic-certificates.p12 \
-e xpack.security.transport.ssl.truststore.path=/usr/share/elasticsearch/config/elastic-certificates.p12 \
-v es-data1:/usr/share/elasticsearch/data:rw \
-v es-logs1:/usr/share/elasticsearch/logs:rw \
--mount type=bind,source=$(pwd)/certs/elastic-certificates.p12,target=/usr/share/elasticsearch/config/elastic-certificates.p12 \
--network elasticsearch-br0 \
--ip 172.16.0.11 \
-p 9201:9200 -p 9301:9300 \
elasticsearch:${ELASTIC_VERSION}
|
elasticsearch2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
docker run -d --name elasticsearch2 \
--ulimit memlock=-1:-1 \
-e "ES_JAVA_OPTS=-Xms512m -Xmx512m" \
-e node.name=elasticsearch2 \
-e cluster.name=es-cluster \
-e discovery.seed_hosts=elasticsearch1,elasticsearch3 \
-e cluster.initial_master_nodes=elasticsearch1,elasticsearch2,elasticsearch3 \
-e bootstrap.memory_lock=true \
-e xpack.security.enabled=true \
-e http.cors.enabled=true \
-e "http.cors.allow-origin= '*'" \
-e http.cors.allow-headers=Authorization \
-e xpack.security.enabled=true \
-e xpack.security.transport.ssl.enabled=true \
-e xpack.security.transport.ssl.verification_mode=certificate \
-e xpack.security.transport.ssl.keystore.path=/usr/share/elasticsearch/config/elastic-certificates.p12 \
-e xpack.security.transport.ssl.truststore.path=/usr/share/elasticsearch/config/elastic-certificates.p12 \
-v es-data2:/usr/share/elasticsearch/data:rw \
-v es-logs2:/usr/share/elasticsearch/logs:rw \
--mount type=bind,source=$(pwd)/certs/elastic-certificates.p12,target=/usr/share/elasticsearch/config/elastic-certificates.p12 \
--network elasticsearch-br0 \
--ip 172.16.0.12 \
-p 9202:9200 -p 9302:9300 \
elasticsearch:${ELASTIC_VERSION}
|
elasticsearch3
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
docker run -d --name elasticsearch3 \
--ulimit memlock=-1:-1 \
-e "ES_JAVA_OPTS=-Xms512m -Xmx512m" \
-e node.name=elasticsearch3 \
-e cluster.name=es-cluster \
-e discovery.seed_hosts=elasticsearch1,elasticsearch2 \
-e cluster.initial_master_nodes=elasticsearch1,elasticsearch2,elasticsearch3 \
-e bootstrap.memory_lock=true \
-e xpack.security.enabled=true \
-e http.cors.enabled=true \
-e "http.cors.allow-origin= '*'" \
-e http.cors.allow-headers=Authorization \
-e xpack.security.enabled=true \
-e xpack.security.transport.ssl.enabled=true \
-e xpack.security.transport.ssl.verification_mode=certificate \
-e xpack.security.transport.ssl.keystore.path=/usr/share/elasticsearch/config/elastic-certificates.p12 \
-e xpack.security.transport.ssl.truststore.path=/usr/share/elasticsearch/config/elastic-certificates.p12 \
-v es-data3:/usr/share/elasticsearch/data:rw \
-v es-logs3:/usr/share/elasticsearch/logs:rw \
--mount type=bind,source=$(pwd)/certs/elastic-certificates.p12,target=/usr/share/elasticsearch/config/elastic-certificates.p12 \
--network elasticsearch-br0 \
--ip 172.16.0.13 \
-p 9203:9200 -p 9303:9300 \
elasticsearch:${ELASTIC_VERSION}
|
初始化密码
需要等待服务启动后才可设置初始化密码,命令只能生成一次。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
# 自动生成密码
docker exec elasticsearch1 bash -c "echo y | /usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto"
Changed password for user apm_system
PASSWORD apm_system = BB1gzyBfp5Eihesuc7cl
Changed password for user kibana_system
PASSWORD kibana_system = bhAfvUavnwWRvzY4Y1Lf
Changed password for user kibana
PASSWORD kibana = bhAfvUavnwWRvzY4Y1Lf
Changed password for user logstash_system
PASSWORD logstash_system = zR9AKcjarBFpBTQzEEI2
Changed password for user beats_system
PASSWORD beats_system = kqJgbY2QcJGVUH4oYdsu
Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = ouE9NB89fUNZhXOTqjUD
Changed password for user elastic
PASSWORD elastic = RIw7zbxmGqCrcUdqDbPI
# 生成指定的密码
docker exec -it elasticsearch1 bash -c 'echo -e "y
123456
123456
123456
123456
123456
123456
123456
123456
123456
123456
123456
123456" | /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive'
|
部署 kibana
准备 kibana.yml
密码按照实际情况修改
1
2
3
4
5
6
7
8
|
server.name: kibana
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.username: "kibana"
elasticsearch.password: "bhAfvUavnwWRvzY4Y1Lf"
elasticsearch.hosts: ["http://elasticsearch1:9200", "http://elasticsearch2:9200", "http://elasticsearch3:9200"]
i18n.locale: "zh-CN"
|
启动 kiban
1
2
3
4
5
|
docker run -d --name kibana \
--net elasticsearch-br0 \
-p 5601:5601 \
-v "$(pwd)"/kibana.yml:/usr/share/kibana/config/kibana.yml \
kibana:${ELASTIC_VERSION}
|
