資源清單
| 主機 | IP |
|---|---|
| es-master | 10.0.0.1 |
| es-node1 | 10.0.0.2 |
| es-node2 | 10.0.0.3 |
| 軟件 | 版本 |
|---|---|
| docker | 20.10.12 |
| docker-compose | 1.23.1 |
| elasticsearch | 7.16.3 |
| kibana | 7.16.3 |
一、Docker 安裝
1. 使用國內 yum 源
# yum install -y yum-utils device-mapper-persistent-data lvm2
# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
2. 卸載舊版本的 docker
## 如果主機上已經有docker存在且不是想要安裝的版本,需要先進行卸載。
# yum remove -y docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-selinux \
docker-engine-selinux \
docker-engine \
container*
3. 安裝 Docker20.10 版本
# yum -y install docker-ce-20.10.12-3.el7 docker-ce-cli-20.10.12-3.el7
4. 設置鏡像加速
# mkdir /etc/docker
# vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://xxxxxxxxx.mirror.aliyuncs.com"]
}
5. 啟動 docker
# systemctl start docker
# systemctl enable docker
# systemctl status docker
二、Docker-compose 安裝
1. Docker-compose 安裝
## github.com 可能訪問超時,可以使用下面的獲取下載下來后上傳服務器即可
# curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
# curl -k "https://dl.cactifans.com/zabbix_docker/docker-compose" -o /usr/bin/docker-compose
# chmod a+x /usr/bin/docker-compose
2. 查看 docker-compose 版本
# docker-compose version
三、部署 ES 集群
1. 部署 es-master 節點
10.0.0.1主機
a | 編輯 docker-compose 文件
version: '3'
services:
es-master:
image: elasticsearch:7.16.3
container_name: es-master
environment:
- "ES_JAVA_OPTS=-Xms4096m -Xmx4096m"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- /data/elasticsearch/config/es.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
- /data/elasticsearch/data:/usr/share/elasticsearch/data:rw
- /data/elasticsearch/log:/usr/share/elasticsearch/log:rw
ports:
- 9200:9200
- 9300:9300
extra_hosts: # 設置容器 hosts
- "es-master:10.0.0.1"
- "es-node1:10.0.0.2"
- "es-node2:10.0.0.3"
kibana:
image: kibana:7.16.3
container_name: kibana
restart: always
environment:
- TZ="Asia/Shanghai"
ports:
- 5601:5601
volumes:
- /data/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml:ro
depends_on:
- es-master
b | 創建服務掛載目錄
## 創建es配置數據日志目錄
# mkdir /data/elasticsearch/{config,data,log} -pv
## 創建kibana配置目錄
# mkdir /data/kibana/config -pv
## 修改es目錄權限,否則容器啟動報錯,es容器使用es用戶啟動,用戶id=1000
# chown 1000:1000 /data/elasticsearch/* -R
c | 編輯 es.yml 配置文件
# vim /data/elasticsearch/config/es.yml
cluster.name: es-cluster-test
node.name: es-master
node.master: true
node.data: true
#network.host: 0.0.0.0
network.bind_host: 0.0.0.0
network.publish_host: 10.0.0.1
http.port: 9200
transport.tcp.port: 9300
http.cors.enabled: true
http.cors.allow-origin: "*"
discovery.zen.ping.unicast.hosts: ["es-master:9300", "es-node1:9300", "es-node2:9300"]
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping_timeout: 5s
bootstrap.memory_lock: true
action.destructive_requires_name: true
cluster.initial_master_nodes: ["es-master"]
ingest.geoip.downloader.enabled: false
d | 編輯 kibana.yml 配置文件
# vim /data/kibana/config/kibana.yml
server.name: kibana
server.host: "0.0.0.0"
#此處為es的master地址
elasticsearch.hosts: "http://es-master:9200"
xpack.monitoring.ui.container.elasticsearch.enabled: true
e | 啟動服務
# docker-compose up -d
## ElasticSearch啟動報錯,bootstrap checks failed
## max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
# cat /etc/sysctl.conf
vm.max_map_count=655360
# sysctl -p
## 參考文檔: https://blog.csdn.net/feng12345zi/article/details/80367907
2. 部署 es-node1 節點
10.0.0.2主機
a | 編輯 docker-compose 文件
version: '3'
services:
es-node1:
image: elasticsearch:7.16.3
container_name: es-node1
environment:
- "ES_JAVA_OPTS=-Xms4096m -Xmx4096m"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- /data/elasticsearch/config/es.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
- /data/elasticsearch/data:/usr/share/elasticsearch/data:rw
- /data/elasticsearch/log:/usr/share/elasticsearch/log:rw
ports:
- 9200:9200
- 9300:9300
extra_hosts: # 設置容器 hosts
- "es-master:10.0.0.1"
- "es-node1:10.0.0.2"
- "es-node2:10.0.0.3"
b | 創建服務掛載目錄
## 創建es配置數據日志目錄
# mkdir /data/elasticsearch/{config,data,log} -pv
## 修改es目錄權限,否則容器啟動報錯,es容器使用es用戶啟動,用戶id=1000
# chown 1000:1000 /data/elasticsearch/* -R
## ElasticSearch啟動報錯,bootstrap checks failed
## max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
# cat /etc/sysctl.conf
vm.max_map_count=655360
# sysctl -p
## 參考文檔: https://blog.csdn.net/feng12345zi/article/details/80367907
c | 編輯 es.yml 配置文件
# vim /data/elasticsearch/config/es.yml
cluster.name: es-cluster-test
node.name: es-node1
node.master: false
node.data: true
network.bind_host: 0.0.0.0
network.publish_host: 10.0.0.2
http.port: 9200
transport.tcp.port: 9300
http.cors.enabled: true
http.cors.allow-origin: "*"
discovery.zen.ping.unicast.hosts: ["es-master:9300", "es-node1:9300", "es-node2:9300"]
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping_timeout: 5s
bootstrap.memory_lock: true
action.destructive_requires_name: true
cluster.initial_master_nodes: ["es-master"]
d | 啟動服務
# docker-compose up -d
3. 部署 es-node2 節點
10.0.0.3主機
a | 編輯 docker-compose 文件
version: '3'
services:
es-node1:
image: elasticsearch:7.16.3
container_name: es-node2
environment:
- "ES_JAVA_OPTS=-Xms4096m -Xmx4096m"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- /data/elasticsearch/config/es.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
- /data/elasticsearch/data:/usr/share/elasticsearch/data:rw
- /data/elasticsearch/log:/usr/share/elasticsearch/log:rw
ports:
- 9200:9200
- 9300:9300
extra_hosts: # 設置容器 hosts
- "es-master:10.0.0.1"
- "es-node1:10.0.0.2"
- "es-node2:10.0.0.3"
b | 創建服務掛載目錄
## 創建es配置數據日志目錄
# mkdir /data/elasticsearch/{config,data,log} -pv
## 修改es目錄權限,否則容器啟動報錯,es容器使用es用戶啟動,用戶id=1000
# chown 1000:1000 /data/elasticsearch/* -R
## ElasticSearch啟動報錯,bootstrap checks failed
## max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
# cat /etc/sysctl.conf
vm.max_map_count=655360
# sysctl -p
## 參考文檔: https://blog.csdn.net/feng12345zi/article/details/80367907
c | 編輯 es.yml 配置文件
# vim /data/elasticsearch/config/es.yml
cluster.name: es-cluster-test
node.name: es-node1
node.master: false
node.data: true
network.bind_host: 0.0.0.0
network.publish_host: 10.0.0.3
http.port: 9200
transport.tcp.port: 9300
http.cors.enabled: true
http.cors.allow-origin: "*"
discovery.zen.ping.unicast.hosts: ["es-master:9300", "es-node1:9300", "es-node2:9300"]
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping_timeout: 5s
bootstrap.memory_lock: true
action.destructive_requires_name: true
cluster.initial_master_nodes: ["es-master"]
d | 啟動服務
# docker-compose up -d
4. 啟動 es_xpack 認證
集群認證需要首先配置秘鑰才行,否則在給內置用戶創建秘鑰的時候將會報錯
a | 生成證書
## 登陸其中一個node節點執行命令,生成完證書傳到集群其他節點即可
# docker exec -it es-mater bash
# /usr/share/elasticsearch/bin/elasticsearch-certutil ca
# /usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
## 兩條命令均一路回車即可,不需要給秘鑰再添加密碼。
## 證書創建完成之后,默認在es的數據目錄,這里統一cp 到宿主機目錄中
# mv elastic-* /usr/share/elasticsearch/data/
## 退出容器
# exit
## 復制 /data/elasticsearch/data/ 下證書到 config 目錄
# cd /data/elasticsearch/config/
# cp /data/elasticsearch/data/elastic-* ./
# chmod 644 elastic-*
# chown 1000:10000 elastic*
## 復制證書文件到其他節點
# scp /data/elasticsearch/config/elastic-* 10.0.0.2:/data/elasticsearch/config/
# scp /data/elasticsearch/config/elastic-* 10.0.0.3:/data/elasticsearch/config/
b | 新增 es.yml 配置
##三台機器新增配置如下:
......
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/elastic-certificates.p12
c | 修改 docker-compose.yml 文件
version: '3'
services:
es-node1:
image: elasticsearch:7.16.3
......
volumes:
- /data/elasticsearch/config/es.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
## 掛載 ssl 證書到容器中
- /data/elasticsearch/config/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12:ro
- /data/elasticsearch/config/elastic-stack-ca.p12:/usr/share/elasticsearch/config/elastic-stack-ca.p12:ro
- /data/elasticsearch/data:/usr/share/elasticsearch/data:rw
- /data/elasticsearch/log:/usr/share/elasticsearch/log:rw
......
d | 創建賬戶,並為內置賬號添加密碼
ES中內置了幾個管理其他集成組件的賬號即:apm_system,beats_system,elastic,kibana,logstash_system,remote_monitoring_user,使用之前,首先需要添加一下密碼。
# docker exec -it es-mater bash
# /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
e | 配置完畢之后,可以通過如下方式訪問 es 服務:
curl -XGET -u elastic 'localhost:9200/_xpack/security/user?pretty'
f | kibana 配置文件中,新增 es 賬戶密碼
## kibana.yml 文件
elasticsearch.username: "elastic"
elasticsearch.password: "123456"