docker搭建ES集群并设置密码
Elasticsearch从6.8开始,就已经允许免费用户使用X-Pack的安全功能,如此,裸奔的ES就有基础的安全认证了
我们基于docker-compose来搭建该环境
先找个目录来存放docker-compose.yaml以及es的数据和日志等文件
我这里存放在~/DockerFile/es下
创建docker-compose文件以及数据文件
mkdir work # 数据和日志都会放这里
mkdir work/data # 存放数据
mkdir work/logs # 存放日志
touch work/elasticsearch.yml # es相关配置
touch work/kibana.yml # kibana相关配置
elasticsearch.yml的文件内容如下:
network.host: 0.0.0.0
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.keystore.type: PKCS12
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.type: PKCS12
xpack.security.audit.enabled: truekibana.yml的文件内容如下
#
# ** THIS IS AN AUTO-GENERATED FILE **
#
# Default Kibana configuration for docker target
server.name: kibana
server.host: "0"
elasticsearch.hosts: [ "http://elasticsearch:9200" ]
elasticsearch.username: "elastic"
elasticsearch.password: ""
再创建docker-compose.yaml
vim docker-compose.yaml
docker-compose.yaml的文件内容如下
version: '2.2'
services:
es01:
image: docker.elastic.co/elasticsearch/elasticsearch:7.12.1
container_name: es01
environment:
- node.name=es01
- cluster.name=es-docker-cluster
- cluster.initial_master_nodes=es01
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- ./work/data:/usr/share/elasticsearch/data
- ./work/logs:/usr/share/elasticsearch/logs
- ./work/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- ./work/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
ports:
- 9200:9200
networks:
- elastic
kib01:
image: docker.elastic.co/kibana/kibana:7.12.1
container_name: kib01
ports:
- 5601:5601
environment:
ELASTICSEARCH_URL: http://es01:9200
ELASTICSEARCH_HOSTS: '["http://es01:9200"]'
volumes:
- ./work/kibana.yml:/usr/share/kibana/config/kibana.yml
networks:
- elastic
networks:
elastic:
driver: bridge该配置为单节点配置,服务启动后只有一个节点,如果需要多节点,可以在work目录下建立多个日志数据目录
多节点配置
mkdir -p work/es01/data
mkdir -p work/es01/logs
mkdir -p work/es02/data
mkdir -p work/es02/logs
mkdir -p work/es03/data
mkdir -p work/es03/logs之后在docker-composer.yaml的services里增加相应的es02、es03的节点配置,然后修改每个节点里的environment里的cluster.initial_master_nodes的值为es01,es02,es03,再接着在每个节点里的environment里增加一项discovery.seed_hosts,其值为其他两个节点的名字,比如es01的discovery.seed_hosts值为es02,es03
完整配置如下:
version: '2.2'
services:
es01:
image: docker.elastic.co/elasticsearch/elasticsearch:7.12.1
container_name: es01
environment:
- node.name=es01
- cluster.name=es-docker-cluster
- discovery.seed_hosts=es02,es03
- cluster.initial_master_nodes=es01,es02,es03
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- ./work/es01/data:/usr/share/elasticsearch/data
- ./work/es01/logs:/usr/share/elasticsearch/logs
- ./work/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- ./work/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
ports:
- 9200:9200
networks:
- elastic
es02:
image: docker.elastic.co/elasticsearch/elasticsearch:7.12.1
container_name: es02
environment:
- node.name=es02
- cluster.name=es-docker-cluster
- discovery.seed_hosts=es01,es03
- cluster.initial_master_nodes=es01,es02,es03
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- ./work/es02/data:/usr/share/elasticsearch/data
- ./work/es02/logs:/usr/share/elasticsearch/logs
- ./work/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- ./work/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
ports:
- 9201:9200
networks:
- elastic
es03:
image: docker.elastic.co/elasticsearch/elasticsearch:7.12.1
container_name: es03
environment:
- node.name=es03
- cluster.name=es-docker-cluster
- discovery.seed_hosts=es01,es02
- cluster.initial_master_nodes=es01,es02,es03
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- ./work/es03/data:/usr/share/elasticsearch/data
- ./work/es03/logs:/usr/share/elasticsearch/logs
- ./work/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- ./work/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
ports:
- 9202:9200
networks:
- elastic
kib01:
image: docker.elastic.co/kibana/kibana:7.12.1
container_name: kib01
ports:
- 5601:5601
environment:
ELASTICSEARCH_URL: http://es01:9200
ELASTICSEARCH_HOSTS: '["http://es01:9200"]'
volumes:
- ./work/kibana.yml:/usr/share/kibana/config/kibana.yml
networks:
- elastic
networks:
elastic:
driver: bridge创建elastic-certificates.p12
首先运行实例
docker run -dit --name=es docker.elastic.co/elasticsearch/elasticsearch:7.12.1 /bin/bash之后进入实例
docker exec -it es /bin/bash执行证书生成命令
./bin/elasticsearch-certutil ca # 选择默认即可,可以不设置密码
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
复制证书出来, ctrl+d退出容器内部
docker cp es:/usr/share/elasticsearch/elastic-certificates.p12 .
# 关闭这个容器
docker kill es
docker rm es
启动容器
docker-compose up -d生成密码
进入es01容器(多节点的话,任意一台都是可以的)
docker exec -it es01 /bin/bash可以通过-h查看相关帮助
./bin/elasticsearch-setup-passwords -h我们通过auto来自动生成密码
./bin/elasticsearch-setup-passwords auto修改kibana的配置文件
修改./work/kibana.yml文件
将elasticsearch.password这一项替换成上一步elastic的密码
之后重启kibana
docker-compose restart kib01然后~搞定
《火红的青春》国产剧高清在线免费观看:https://www.jgz518.com/xingkong/38563.html
《潘金莲之前世今生》剧情片高清在线免费观看:https://www.jgz518.com/xingkong/93993.html
《征服北极》记录片高清在线免费观看:https://www.jgz518.com/xingkong/166081.html
若能在案例选择上更贴近现实,说服力会进一步提升。
新项目准备上线,寻找志同道合的合作伙伴coinsrore.com
2025年10月新盘 做第一批吃螃蟹的人coinsrore.com
新车新盘 嘎嘎稳 嘎嘎靠谱coinsrore.com
新车首发,新的一年,只带想赚米的人coinsrore.com
新盘 上车集合 留下 我要发发 立马进裙coinsrore.com
做了几十年的项目 我总结了最好的一个盘(纯干货)coinsrore.com
新车上路,只带前10个人coinsrore.com
新盘首开 新盘首开 征召客户!!!coinsrore.com
新项目准备上线,寻找志同道合的合作伙伴coinsrore.com
新车即将上线 真正的项目,期待你的参与coinsrore.com
新盘新项目,不再等待,现在就是最佳上车机会!coinsrore.com
新盘新盘 这个月刚上新盘 新车第一个吃螃蟹!coinsrore.com