opendistro 試用

以前轉載過一篇別人的關於opendistro的文章，還好使用docker-compose 運行，很方便，所以自己也跑下

環境准備

• docker-compose 文件

version: '3'
services:
  odfe-node1:
    image: amazon/opendistro-for-elasticsearch:0.8.0
    container_name: odfe-node1
    environment:
      - cluster.name=odfe-cluster
      - bootstrap.memory_lock=true # along with the memlock settings below, disables swapping
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - odfe-data1:/usr/share/elasticsearch/data
    ports:
      - 9200:9200
      - 9600:9600 # required for Performance Analyzer
    networks:
      - odfe-net
  odfe-node2:
    image: amazon/opendistro-for-elasticsearch:0.8.0
    container_name: odfe-node2
    environment:
      - cluster.name=odfe-cluster
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - discovery.zen.ping.unicast.hosts=odfe-node1
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - odfe-data2:/usr/share/elasticsearch/data
    networks:
      - odfe-net
  kibana:
    image: amazon/opendistro-for-elasticsearch-kibana:0.8.0
    container_name: odfe-kibana
    ports:
      - 5601:5601
    expose:
      - "5601"
    environment:
      ELASTICSEARCH_URL: https://odfe-node1:9200
    networks:
      - odfe-net

volumes:
  odfe-data1:
  odfe-data2:

networks:
  odfe-net:

啟動&&測試

• 啟動

docker-compose up -d

• es 信息

curl -XGET https://localhost:9200 -u admin:admin -k

{
  "name" : "HNpZ24Y",
  "cluster_name" : "odfe-cluster",
  "cluster_uuid" : "hEydY5GWSqKrf15FzeagFg",
  "version" : {
    "number" : "6.6.2",
    "build_flavor" : "oss",
    "build_type" : "tar",
    "build_hash" : "3bd3e59",
    "build_date" : "2019-03-06T15:16:26.864148Z",
    "build_snapshot" : false,
    "lucene_version" : "7.6.0",
    "minimum_wire_compatibility_version" : "5.6.0",
    "minimum_index_compatibility_version" : "5.0.0"
  },
  "tagline" : "You Know, for Search"
}

• kibana ui

  賬戶 admin admin

http://localhost:5601

界面

• 使用sql特性

GET _opendistro/_sql
{
  "query": "select audit_cluster_name from security-auditlog-2019.04.24 limit 1"
}

效果

• 角色管理

說明

從上邊可以看出opendistro 還是很強大的，支持的功能也比較多，基本可以替換我們使用的開源版本的elk了

參考資料

https://github.com/rongfengliang/opendistro-docker-compose
https://opendistro.github.io/for-elasticsearch-docs/docs/install/