参考
Install Elasticsearch with Docker
Images
环境
docker
# docker version
Client: Docker Engine - CommunityVersion: 24.0.7API version: 1.43Go version: go1.20.10Git commit: afdd53bBuilt: Thu Oct 26 09:08:01 2023OS/Arch: linux/amd64Context: defaultServer: Docker Engine - CommunityEngine:Version: 24.0.7API version: 1.43 (minimum version 1.12)Go version: go1.20.10Git commit: 311b9ffBuilt: Thu Oct 26 09:08:01 2023OS/Arch: linux/amd64Experimental: falsecontainerd:Version: 1.6.26GitCommit: 3dd1e886e55dd695541fdcd67420c2888645a495runc:Version: 1.1.10GitCommit: v1.1.10-0-g18a0cb0docker-init:Version: 0.19.0GitCommit: de40ad0
# docker compose version
Docker Compose version v2.21.0
images
image | tag |
---|---|
docker.elastic.co/kibana/kibana | 8.11.2-amd64 |
docker.elastic.co/elasticsearch/elasticsearch | 8.11.2-amd64 |
环境
node | role | MountPoint |
---|---|---|
172.22.175.110 | es01 kibana | /opt/data/es01 /opt/data/kibana |
172.22.175.111 | es02 | /opt/data/es02 |
172.22.175.112 | es03 | /opt/data/es03 |
- /etc/hosts
127.0.0.1 localhost
172.22.175.110 es01
172.22.175.111 es02
172.22.175.112 es03
- sysctl
# echo "vm.max_map_count=262144" >>/etc/sysctl.conf
# sysctl -p
部署
es01
- 挂载目录准备
# mkdir -p /opt/data/{es01,kibana}
### container 中使用非 root 运行的 es 和 kibana, 他们账户的 id 是 1000
# chown -R 1000:1000 /opt/data/{es01,kibana}
- .env
# Password for the 'elastic' user (at least 6 characters)
ELASTIC_PASSWORD=1qazXSW@# Password for the 'kibana_system' user (at least 6 characters)
KIBANA_PASSWORD=1qazXSW@# Version of Elastic products
STACK_VERSION=8.11.2-amd64# Set the cluster name
CLUSTER_NAME=bj-es-docker# Set to 'basic' or 'trial' to automatically start the 30-day trial
LICENSE=basic
#LICENSE=trial# Port to expose Elasticsearch HTTP API to the host
ES_PORT=9200
#ES_PORT=127.0.0.1:9200# Port to expose Kibana to the host
KIBANA_PORT=5601
#KIBANA_PORT=80# Increase or decrease based on the available host memory (in bytes)
MEM_LIMIT=17179869184# Project namespace (defaults to the current folder name if not set)
#COMPOSE_PROJECT_NAME=myproject
- docker-compose.yaml
version: "3"services:setup:image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}volumes:- ./certs:/usr/share/elasticsearch/config/certsuser: "0"command: >bash -c 'if [ x${ELASTIC_PASSWORD} == x ]; thenecho "Set the ELASTIC_PASSWORD environment variable in the .env file";exit 1;elif [ x${KIBANA_PASSWORD} == x ]; thenecho "Set the KIBANA_PASSWORD environment variable in the .env file";exit 1;fi;if [ ! -f config/certs/ca.zip ]; thenecho "Creating CA";bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;unzip config/certs/ca.zip -d config/certs;fi;if [ ! -f config/certs/certs.zip ]; thenecho "Creating certs";echo -ne \"instances:\n"\" - name: es01\n"\" dns:\n"\" - es01\n"\" ip:\n"\" - 172.22.175.110\n"\" - name: es02\n"\" dns:\n"\" - es02\n"\" ip:\n"\" - 172.22.175.111\n"\" - name: es03\n"\" dns:\n"\" - es03\n"\" ip:\n"\" - 172.22.175.112\n"\> config/certs/instances.yml;bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;unzip config/certs/certs.zip -d config/certs;fi;echo "Setting file permissions"chown -R root:root config/certs;find . -type d -exec chmod 750 \{\} \;;find . -type f -exec chmod 640 \{\} \;;echo "Waiting for Elasticsearch availability";until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done;echo "Setting kibana_system password";until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;echo "All done!";'healthcheck:test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"]interval: 1stimeout: 5sretries: 120es01:depends_on:setup:condition: service_healthyimage: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}volumes:- ./certs:/usr/share/elasticsearch/config/certs- /opt/data/es01:/usr/share/elasticsearch/dataenvironment:- node.name=es01- cluster.name=${CLUSTER_NAME}- cluster.initial_master_nodes=es01,es02,es03- discovery.seed_hosts=es02,es03- ELASTIC_PASSWORD=${ELASTIC_PASSWORD}- bootstrap.memory_lock=true- xpack.security.enabled=true- xpack.security.http.ssl.enabled=true- xpack.security.http.ssl.key=certs/es01/es01.key- xpack.security.http.ssl.certificate=certs/es01/es01.crt- xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt- xpack.security.transport.ssl.enabled=true- xpack.security.transport.ssl.key=certs/es01/es01.key- xpack.security.transport.ssl.certificate=certs/es01/es01.crt- xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt- xpack.security.transport.ssl.verification_mode=certificate- xpack.license.self_generated.type=${LICENSE}restart: alwaysnetwork_mode: hostulimits:memlock:soft: -1hard: -1healthcheck:test:["CMD-SHELL","curl -s -k --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",]interval: 10stimeout: 10sretries: 120kibana:depends_on:es01:condition: service_healthyimage: docker.elastic.co/kibana/kibana:${STACK_VERSION}volumes:- ./certs:/usr/share/kibana/config/certs- /opt/data/kibana:/usr/share/kibana/dataenvironment:- SERVERNAME=kibana- ELASTICSEARCH_HOSTS=https://es01:9200- ELASTICSEARCH_USERNAME=kibana_system- ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}- ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crtrestart: alwaysnetwork_mode: hosthealthcheck:test:["CMD-SHELL","curl -k -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",]interval: 10stimeout: 10sretries: 120
- 启动
# docker compose up -d
[+] Running 4/4✔ Network es_default Created 0.2s✔ Container es-setup-1 Healthy 0.4s✔ Container es-es01-1 Healthy 0.1s✔ Container es-kibana-1 Started 0.1s
- 同步 certs 和 .env 到其他节点
# scp -r certs/ .env es02:/opt/compose/es/
ca.crt 100% 1200 899.3KB/s 00:00
ca.key 100% 1675 1.4MB/s 00:00
certs.zip 100% 7615 6.8MB/s 00:00
ca.zip 100% 2515 2.5MB/s 00:00
es03.crt 100% 1176 1.3MB/s 00:00
es03.key 100% 1675 1.8MB/s 00:00
instances.yml 100% 230 228.9KB/s 00:00
es01.crt 100% 1176 1.2MB/s 00:00
es01.key 100% 1675 1.7MB/s 00:00
es02.key 100% 1675 1.2MB/s 00:00
es02.crt 100% 1172 1.1MB/s 00:00
.env
# scp -r certs/ .env es03:/opt/compose/es/
ca.crt 100% 1200 197.9KB/s 00:00
ca.key 100% 1675 849.8KB/s 00:00
certs.zip 100% 7615 3.3MB/s 00:00
ca.zip 100% 2515 1.5MB/s 00:00
es03.crt 100% 1176 604.2KB/s 00:00
es03.key 100% 1675 932.1KB/s 00:00
instances.yml 100% 230 140.3KB/s 00:00
es01.crt 100% 1176 652.2KB/s 00:00
es01.key 100% 1675 1.2MB/s 00:00
es02.key 100% 1675 672.5KB/s 00:00
es02.crt 100% 1172 844.9KB/s 00:00
.env
es02
- 挂载目录准备
# mkdir -p /opt/data/es02
# chown -R 1000:1000 /opt/data/es02
- .env
同 es01 - docker-compose.yaml
version: '3'
services:es02:image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}volumes:- ./certs:/usr/share/elasticsearch/config/certs- /opt/data/es02/:/usr/share/elasticsearch/dataenvironment:- node.name=es02- cluster.name=${CLUSTER_NAME}- cluster.initial_master_nodes=es01,es02,es03- discovery.seed_hosts=es01,es03- bootstrap.memory_lock=true- xpack.security.enabled=true- xpack.security.http.ssl.enabled=true- xpack.security.http.ssl.key=certs/es02/es02.key- xpack.security.http.ssl.certificate=certs/es02/es02.crt- xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt- xpack.security.transport.ssl.enabled=true- xpack.security.transport.ssl.key=certs/es02/es02.key- xpack.security.transport.ssl.certificate=certs/es02/es02.crt- xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt- xpack.security.transport.ssl.verification_mode=certificate- xpack.license.self_generated.type=${LICENSE}restart: alwaysnetwork_mode: hostulimits:memlock:soft: -1hard: -1healthcheck:test:["CMD-SHELL","curl -s -k --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",]interval: 10stimeout: 10sretries: 120
- 启动
# docker compose up -d
[+] Running 1/1✔ Container es-es02-1 Started
### 等一会儿,等 health 变成 healthy
# docker compose ps
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
es-es02-1 docker.elastic.co/elasticsearch/elasticsearch:8.11.2-amd64 "/bin/tini -- /usr/local/bin/docker-entrypoint.sh eswrapper" es02 12 seconds ago Up 10 seconds (health: starting)
。。。
# docker compose ps
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
es-es02-1 docker.elastic.co/elasticsearch/elasticsearch:8.11.2-amd64 "/bin/tini -- /usr/local/bin/docker-entrypoint.sh eswrapper" es02 3 minutes ago Up 3 minutes (healthy)
es03
- 挂载目录准备
# mkdir -p /opt/data/es03
# chown -R 1000:1000 /opt/data/es03
- .env
同 es01 - docker-compose.yaml
version: '3'
services:es03:image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}volumes:- ./certs:/usr/share/elasticsearch/config/certs- /opt/data/es03:/usr/share/elasticsearch/dataenvironment:- node.name=es03- cluster.name=${CLUSTER_NAME}- cluster.initial_master_nodes=es01,es02,es03- discovery.seed_hosts=es01,es02- bootstrap.memory_lock=true- xpack.security.enabled=true- xpack.security.http.ssl.enabled=true- xpack.security.http.ssl.key=certs/es03/es03.key- xpack.security.http.ssl.certificate=certs/es03/es03.crt- xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt- xpack.security.transport.ssl.enabled=true- xpack.security.transport.ssl.key=certs/es03/es03.key- xpack.security.transport.ssl.certificate=certs/es03/es03.crt- xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt- xpack.security.transport.ssl.verification_mode=certificate- xpack.license.self_generated.type=${LICENSE}restart: alwaysnetwork_mode: hostulimits:memlock:soft: -1hard: -1healthcheck:test:["CMD-SHELL","curl -s -k --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",]interval: 10stimeout: 10sretries: 120
- 启动
s# docker compose up -d
[+] Running 1/1✔ Container es-es03-1 Started
### 等一会儿,等 health 变成 healthy
# docker compose ps
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
es-es03-1 docker.elastic.co/elasticsearch/elasticsearch:8.11.2-amd64 "/bin/tini -- /usr/local/bin/docker-entrypoint.sh eswrapper" es03 12 seconds ago Up 11 seconds (health: starting)
。。。
# docker compose ps
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
es-es03-1 docker.elastic.co/elasticsearch/elasticsearch:8.11.2-amd64 "/bin/tini -- /usr/local/bin/docker-entrypoint.sh eswrapper" es03 About a minute ago Up About a minute (healthy)
验证
# curl --user "elastic:1qazXSW@" -k https://172.22.175.110:9200/_cat/nodes?v
ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name
172.22.175.111 6 67 1 0.31 0.83 0.54 cdfhilmrstw * es02
172.22.175.112 10 65 2 1.58 0.80 0.31 cdfhilmrstw - es03
172.22.175.110 12 90 2 0.67 0.82 0.88 cdfhilmrstw - es01
# curl --user "elastic:1qazXSW@" -k https://172.22.175.110:9200/_cat/health?v
epoch timestamp cluster status node.total node.data shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent
1705029621 03:20:21 bj-es-docker green 3 3 61 30 0 0 0 0 - 100.0%
### PS: kibana 也能通过浏览器访问和使用
总结
官网的例子是在 1 个节点上通过 docker-compose 跑起来的 3 个实例,不符合需求,故将官方的 docker-compose.yml 进行拆分加上适当的调整来满足需求;因犯懒癌,所以将网络都设置为 host 模式,避免网络问题去 troubleshooting 半天,从而运气不错,一次性搞定。