Docker 部署 3 節點 ES 叢集
阿新 • • 發佈:2022-04-21
資源清單
| 主機 | IP |
|---|---|
| es-master | 10.0.0.1 |
| es-node1 | 10.0.0.2 |
| es-node2 | 10.0.0.3 |
| 軟體 | 版本 |
|---|---|
| docker | 20.10.12 |
| docker-compose | 1.23.1 |
| elasticsearch | 7.16.3 |
| kibana | 7.16.3 |
一、Docker 安裝
1. 使用國內 yum 源
# yum install -y yum-utils device-mapper-persistent-data lvm2 # yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
2. 解除安裝舊版本的 docker
## 如果主機上已經有docker存在且不是想要安裝的版本,需要先進行解除安裝。 # yum remove -y docker \ docker-client \ docker-client-latest \ docker-common \ docker-latest \ docker-latest-logrotate \ docker-logrotate \ docker-selinux \ docker-engine-selinux \ docker-engine \ container*
3. 安裝 Docker20.10 版本
# yum -y install docker-ce-20.10.12-3.el7 docker-ce-cli-20.10.12-3.el7
4. 設定映象加速
# mkdir /etc/docker
# vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://xxxxxxxxx.mirror.aliyuncs.com"]
}
5. 啟動 docker
# systemctl start docker # systemctl enable docker # systemctl status docker
二、Docker-compose 安裝
1. Docker-compose 安裝
## github.com 可能訪問超時,可以使用下面的獲取下載下來後上傳伺服器即可
# curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
# curl -k "https://dl.cactifans.com/zabbix_docker/docker-compose" -o /usr/bin/docker-compose
# chmod a+x /usr/bin/docker-compose
2. 檢視 docker-compose 版本
# docker-compose version
三、部署 ES 叢集
1. 部署 es-master 節點
10.0.0.1主機
a | 編輯 docker-compose 檔案
version: '3'
services:
es-master:
image: elasticsearch:7.16.3
container_name: es-master
environment:
- "ES_JAVA_OPTS=-Xms4096m -Xmx4096m"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- /data/elasticsearch/config/es.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
- /data/elasticsearch/data:/usr/share/elasticsearch/data:rw
- /data/elasticsearch/log:/usr/share/elasticsearch/log:rw
ports:
- 9200:9200
- 9300:9300
extra_hosts: # 設定容器 hosts
- "es-master:10.0.0.1"
- "es-node1:10.0.0.2"
- "es-node2:10.0.0.3"
kibana:
image: kibana:7.16.3
container_name: kibana
restart: always
environment:
- TZ="Asia/Shanghai"
ports:
- 5601:5601
volumes:
- /data/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml:ro
depends_on:
- es-master
b | 建立服務掛載目錄
## 建立es配置資料日誌目錄
# mkdir /data/elasticsearch/{config,data,log} -pv
## 建立kibana配置目錄
# mkdir /data/kibana/config -pv
## 修改es目錄許可權,否則容器啟動報錯,es容器使用es使用者啟動,使用者id=1000
# chown 1000:1000 /data/elasticsearch/* -R
c | 編輯 es.yml 配置檔案
# vim /data/elasticsearch/config/es.yml
cluster.name: es-cluster-test
node.name: es-master
node.master: true
node.data: true
#network.host: 0.0.0.0
network.bind_host: 0.0.0.0
network.publish_host: 10.0.0.1
http.port: 9200
transport.tcp.port: 9300
http.cors.enabled: true
http.cors.allow-origin: "*"
discovery.zen.ping.unicast.hosts: ["es-master:9300", "es-node1:9300", "es-node2:9300"]
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping_timeout: 5s
bootstrap.memory_lock: true
action.destructive_requires_name: true
cluster.initial_master_nodes: ["es-master"]
ingest.geoip.downloader.enabled: false
d | 編輯 kibana.yml 配置檔案
# vim /data/kibana/config/kibana.yml
server.name: kibana
server.host: "0.0.0.0"
#此處為es的master地址
elasticsearch.hosts: "http://es-master:9200"
xpack.monitoring.ui.container.elasticsearch.enabled: true
e | 啟動服務
# docker-compose up -d
## ElasticSearch啟動報錯,bootstrap checks failed
## max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
# cat /etc/sysctl.conf
vm.max_map_count=655360
# sysctl -p
## 參考文件: https://blog.csdn.net/feng12345zi/article/details/80367907
2. 部署 es-node1 節點
10.0.0.2主機
a | 編輯 docker-compose 檔案
version: '3'
services:
es-node1:
image: elasticsearch:7.16.3
container_name: es-node1
environment:
- "ES_JAVA_OPTS=-Xms4096m -Xmx4096m"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- /data/elasticsearch/config/es.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
- /data/elasticsearch/data:/usr/share/elasticsearch/data:rw
- /data/elasticsearch/log:/usr/share/elasticsearch/log:rw
ports:
- 9200:9200
- 9300:9300
extra_hosts: # 設定容器 hosts
- "es-master:10.0.0.1"
- "es-node1:10.0.0.2"
- "es-node2:10.0.0.3"
b | 建立服務掛載目錄
## 建立es配置資料日誌目錄
# mkdir /data/elasticsearch/{config,data,log} -pv
## 修改es目錄許可權,否則容器啟動報錯,es容器使用es使用者啟動,使用者id=1000
# chown 1000:1000 /data/elasticsearch/* -R
## ElasticSearch啟動報錯,bootstrap checks failed
## max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
# cat /etc/sysctl.conf
vm.max_map_count=655360
# sysctl -p
## 參考文件: https://blog.csdn.net/feng12345zi/article/details/80367907
c | 編輯 es.yml 配置檔案
# vim /data/elasticsearch/config/es.yml
cluster.name: es-cluster-test
node.name: es-node1
node.master: false
node.data: true
network.bind_host: 0.0.0.0
network.publish_host: 10.0.0.2
http.port: 9200
transport.tcp.port: 9300
http.cors.enabled: true
http.cors.allow-origin: "*"
discovery.zen.ping.unicast.hosts: ["es-master:9300", "es-node1:9300", "es-node2:9300"]
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping_timeout: 5s
bootstrap.memory_lock: true
action.destructive_requires_name: true
cluster.initial_master_nodes: ["es-master"]
d | 啟動服務
# docker-compose up -d
3. 部署 es-node2 節點
10.0.0.3主機
a | 編輯 docker-compose 檔案
version: '3'
services:
es-node1:
image: elasticsearch:7.16.3
container_name: es-node2
environment:
- "ES_JAVA_OPTS=-Xms4096m -Xmx4096m"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- /data/elasticsearch/config/es.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
- /data/elasticsearch/data:/usr/share/elasticsearch/data:rw
- /data/elasticsearch/log:/usr/share/elasticsearch/log:rw
ports:
- 9200:9200
- 9300:9300
extra_hosts: # 設定容器 hosts
- "es-master:10.0.0.1"
- "es-node1:10.0.0.2"
- "es-node2:10.0.0.3"
b | 建立服務掛載目錄
## 建立es配置資料日誌目錄
# mkdir /data/elasticsearch/{config,data,log} -pv
## 修改es目錄許可權,否則容器啟動報錯,es容器使用es使用者啟動,使用者id=1000
# chown 1000:1000 /data/elasticsearch/* -R
## ElasticSearch啟動報錯,bootstrap checks failed
## max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
# cat /etc/sysctl.conf
vm.max_map_count=655360
# sysctl -p
## 參考文件: https://blog.csdn.net/feng12345zi/article/details/80367907
c | 編輯 es.yml 配置檔案
# vim /data/elasticsearch/config/es.yml
cluster.name: es-cluster-test
node.name: es-node1
node.master: false
node.data: true
network.bind_host: 0.0.0.0
network.publish_host: 10.0.0.3
http.port: 9200
transport.tcp.port: 9300
http.cors.enabled: true
http.cors.allow-origin: "*"
discovery.zen.ping.unicast.hosts: ["es-master:9300", "es-node1:9300", "es-node2:9300"]
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping_timeout: 5s
bootstrap.memory_lock: true
action.destructive_requires_name: true
cluster.initial_master_nodes: ["es-master"]
d | 啟動服務
# docker-compose up -d
4. 啟動 es_xpack 認證
叢集認證需要首先配置祕鑰才行,否則在給內建使用者建立祕鑰的時候將會報錯
a | 生成證書
## 登陸其中一個node節點執行命令,生成完證書傳到叢集其他節點即可
# docker exec -it es-mater bash
# /usr/share/elasticsearch/bin/elasticsearch-certutil ca
# /usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
## 兩條命令均一路回車即可,不需要給祕鑰再新增密碼。
## 證書建立完成之後,預設在es的資料目錄,這裡統一cp 到宿主機目錄中
# mv elastic-* /usr/share/elasticsearch/data/
## 退出容器
# exit
## 複製 /data/elasticsearch/data/ 下證書到 config 目錄
# cd /data/elasticsearch/config/
# cp /data/elasticsearch/data/elastic-* ./
# chmod 644 elastic-*
# chown 1000:10000 elastic*
## 複製證書檔案到其他節點
# scp /data/elasticsearch/config/elastic-* 10.0.0.2:/data/elasticsearch/config/
# scp /data/elasticsearch/config/elastic-* 10.0.0.3:/data/elasticsearch/config/
b | 新增 es.yml 配置
##三臺機器新增配置如下:
......
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/elastic-certificates.p12
c | 修改 docker-compose.yml 檔案
version: '3'
services:
es-node1:
image: elasticsearch:7.16.3
......
volumes:
- /data/elasticsearch/config/es.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
## 掛載 ssl 證書到容器中
- /data/elasticsearch/config/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12:ro
- /data/elasticsearch/config/elastic-stack-ca.p12:/usr/share/elasticsearch/config/elastic-stack-ca.p12:ro
- /data/elasticsearch/data:/usr/share/elasticsearch/data:rw
- /data/elasticsearch/log:/usr/share/elasticsearch/log:rw
......
d | 建立賬戶,併為內建賬號新增密碼
ES中內建了幾個管理其他整合元件的賬號即:apm_system, beats_system, elastic, kibana, logstash_system, remote_monitoring_user,使用之前,首先需要新增一下密碼。
# docker exec -it es-mater bash
# /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
e | 配置完畢之後,可以通過如下方式訪問es服務:
curl -XGET -u elastic 'localhost:9200/_xpack/security/user?pretty'
f | kibana 配置檔案中,新增 es 賬戶密碼
## kibana.yml 檔案
elasticsearch.username: "elastic"
elasticsearch.password: "123456"