本文小编为大家详细介绍“docker怎么安装Elasticsearch集群并设置密码”,内容详细,步骤清晰,细节处理妥当,希望这篇“docker怎么安装Elasticsearch集群并设置密码”文章能帮助大家解决疑惑,下面跟着小编的思路慢慢深入,一起来学习新知识吧。
一些基础配置
es需要修改linux的一些参数。
设置vm.max_map_count=262144
sudo vim /etc/sysctl.conf vm.max_map_count=262144
不重启, 直接生效当前的命令
sysctl -w vm.max_map_count=262144
es的data和logs目录需要给1000的用户授权, 我们假设安装3个实力的es集群,先创建对应的数据存储文件
mkdir -p es01/data mkdir -p es01/logs mkdir -p es02/data mkdir -p es02/logs mkdir -p es03/data mkdir -p es03/logs ## es的用户id为1000,这里暂且授权给所有人好了 sudo chmod 777 es* -r
关于版本和docker镜像
elasticsearch分几种licenses,其中open source和basic是免费的, 而在6.8之后安全功能才开始集成在es的basic授权上。
basic对应docker镜像为
docker pull docker.elastic.co/elasticsearch/elasticsearch:7.6.2
同时dockerhub同步为elasticsearch. 我们直接拉取elasticsearch:7.6.2
就好。
开始
安装文件均放在github: https://github.com/ryan-miao/docker-china-source/tree/master/docker-elasticsearch
首先,创建docker-compose.yml
version: '2.2' services: es01: image: elasticsearch:7.6.2 container_name: es01 environment: - node.name=es01 - cluster.name=es-docker-cluster - discovery.seed_hosts=es02,es03 - cluster.initial_master_nodes=es01,es02,es03 - bootstrap.memory_lock=true - "es_java_opts=-xms512m -xmx512m" ulimits: memlock: soft: -1 hard: -1 volumes: - ./es01/data:/usr/share/elasticsearch/data - ./es01/logs:/usr/share/elasticsearch/logs - ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml - ./elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12 ports: - 9200:9200 networks: - elastic es02: image: elasticsearch:7.6.2 container_name: es02 environment: - node.name=es02 - cluster.name=es-docker-cluster - discovery.seed_hosts=es01,es03 - cluster.initial_master_nodes=es01,es02,es03 - bootstrap.memory_lock=true - "es_java_opts=-xms512m -xmx512m" ulimits: memlock: soft: -1 hard: -1 volumes: - ./es02/data:/usr/share/elasticsearch/data - ./es02/logs:/usr/share/elasticsearch/logs - ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml - ./elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12 ports: - 9201:9200 networks: - elastic es03: image: elasticsearch:7.6.2 container_name: es03 environment: - node.name=es03 - cluster.name=es-docker-cluster - discovery.seed_hosts=es01,es02 - cluster.initial_master_nodes=es01,es02,es03 - bootstrap.memory_lock=true - "es_java_opts=-xms512m -xmx512m" ulimits: memlock: soft: -1 hard: -1 volumes: - ./es03/data:/usr/share/elasticsearch/data - ./es03/logs:/usr/share/elasticsearch/logs - ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml - ./elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12 ports: - 9202:9200 networks: - elastic kib01: depends_on: - es01 image: kibana:7.6.2 container_name: kib01 ports: - 5601:5601 environment: elasticsearch_url: http://es01:9200 elasticsearch_hosts: http://es01:9200 volumes: - ./kibana.yml:/usr/share/kibana/config/kibana.yml networks: - elastic networks: elastic: driver: bridge
关于elasticsearch.yml
内容如下
network.host: 0.0.0.0 xpack.security.enabled: true xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.keystore.type: pkcs12 xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.type: pkcs12 xpack.security.audit.enabled: true
network.host 设置允许其他ip访问,解除ip绑定
xpack.security 则是安全相关配置,其中ssl的证书需要自己生成
关于证书elastic-certificates.p12
es提供了生成证书的工具elasticsearch-certutil
,我们可以在docker实例中生成它,然后复制出来,后面统一使用。
首先运行es实例
sudo docker run -dit --name=es elasticsearch:7.6.2 /bin/bash
进入实例内部
sudo docker exec -it es /bin/bash
生成ca: elastic-stack-ca.p12
[root@25dee1848942 elasticsearch]# ./bin/elasticsearch-certutil ca this tool assists you in the generation of x.509 certificates and certificate signing requests for use with ssl/tls in the elastic stack. the 'ca' mode generates a new 'certificate authority' this will create a new x.509 certificate and private key that can be used to sign certificate when running in 'cert' mode. use the 'ca-dn' option if you wish to configure the 'distinguished name' of the certificate authority by default the 'ca' mode produces a single pkcs#12 output file which holds: * the ca certificate * the ca's private key if you elect to generate pem format certificates (the -pem option), then the output will be a zip file containing individual files for the ca certificate and private key please enter the desired output file [elastic-stack-ca.p12]: enter password for elastic-stack-ca.p12 :
再生成cert: elastic-certificates.p12
[root@25dee1848942 elasticsearch]# ./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 this tool assists you in the generation of x.509 certificates and certificate signing requests for use with ssl/tls in the elastic stack. the 'cert' mode generates x.509 certificate and private keys.
这个生成elastic-certificates.p12 就是我们需要使用的。
复制出证书, ctrl+d退出容器内部
sudo docker cp es:/usr/share/elasticsearch/elastic-certificates.p12 . # 关闭这个容器 sudo docker kill es sudo docker rm es
如此获取了证书。
生成密码
我们首先要启动es集群,去里面生成密码。
sudo docker-compose up
然后进入其中一台
sudo docker exec -it es01 /bin/bash
生成密码用auto, 自己设置用 interactive
[root@cfeeab4bb0eb elasticsearch]# ./bin/elasticsearch-setup-passwords -h sets the passwords for reserved users commands -------- auto - uses randomly generated passwords interactive - uses passwords entered by a user non-option arguments: command option description ------ ----------- -e <keyvaluepair> configure a setting -h, --help show help -s, --silent show minimal output -v, --verbose show verbose output [root@cfeeab4bb0eb elasticsearch]# ./bin/elasticsearch-setup-passwords auto initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user. the passwords will be randomly generated and printed to the console. please confirm that you would like to continue [y/n]y changed password for user apm_system password apm_system = yxvzet9b2jedujyp66ws changed password for user kibana password kibana = 8nnthbj0n02idatghidu changed password for user logstash_system password logstash_system = 9nidge7ksv8sqidsk8dj changed password for user beats_system password beats_system = qeuvaf1vealpjhfeuojj changed password for user remote_monitoring_user password remote_monitoring_user = dtzcrckvtzsinrn3tw3d changed password for user elastic password elastic = q5f2qnfujqyvzpiz57mz
使用密码
浏览器访问localhost:9200/9201/9202 需要输入账号
输入对应的elastic/password就好
浏览器访问localhost:5601
忘记密码
如果生成后忘记密码了怎么办, 可以进入机器去修改。
进入es的机器
sudo docker exec -it es01 /bin/bash
创建一个临时的超级用户ryanmiao
./bin/elasticsearch-users useradd ryan -r superuser enter new password: error: invalid password...passwords must be at least [6] characters long [root@cfeeab4bb0eb elasticsearch]# ./bin/elasticsearch-users useradd ryan -r superuser enter new password: retype new password:
用这个用户去修改elastic的密码:
curl -xput -u ryan:ryan123 http://localhost:9200/_xpack/security/user/elastic/_password -h "content-type: application/json" -d ' { "password": "q5f2qnfujqyvzpiz57mz" }'
读到这里,这篇“docker怎么安装Elasticsearch集群并设置密码”文章已经介绍完毕,想要掌握这篇文章的知识点还需要大家自己动手实践使用过才能领会,如果想了解更多相关内容的文章,欢迎关注亿速云行业资讯频道。
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。