docker部署es集群
修改内核参数每台执行
echo 'vm.max_map_count=262144' > /etc/sysctl.conf
sysctl -p
useradd -u 1000 -M -s /sbin/nologin elasticsearch创建目录每台执行
mkdir -p /www/daqsoft/elasticsearch/{data,logs,plugins,config}配置文件
先不打开注释的地方,启动一台es后进入docker,生成证书后打开注释,重启docker,拷贝elastic-certificates.p12证书到其他节点
/bin/elasticsearch-certutil ca
/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
es01:
cluster.name: elasticsearch-cluster
node.name: es-node01
network.bind_host: 0.0.0.0
network.publish_host: 192.168.133.202
http.port: 9200
transport.tcp.port: 9300
http.cors.enabled: true
http.cors.allow-origin: "*"
node.master: true
node.data: true
discovery.zen.ping.unicast.hosts: ["192.168.133.200:9300","192.168.133.201:9300","192.168.133.202:9300"]
discovery.zen.minimum_master_nodes: 2
xpack.security.enabled: true
#xpack.security.transport.ssl.enabled: true
#xpack.security.transport.ssl.verification_mode: certificate
#xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/elastic-certificates.p12
#xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/elastic-certificates.p12
es02:
cluster.name: elasticsearch-cluster
node.name: es-node02
network.bind_host: 0.0.0.0
network.publish_host: 192.168.133.202
http.port: 9200
transport.tcp.port: 9300
http.cors.enabled: true
http.cors.allow-origin: "*"
node.master: true
node.data: true
discovery.zen.ping.unicast.hosts: ["192.168.133.200:9300","192.168.133.201:9300","192.168.133.202:9300"]
discovery.zen.minimum_master_nodes: 2
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/elastic-certificates.p12
es03:
cluster.name: elasticsearch-cluster
node.name: es-node03
network.bind_host: 0.0.0.0
network.publish_host: 192.168.133.202
http.port: 9200
transport.tcp.port: 9300
http.cors.enabled: true
http.cors.allow-origin: "*"
node.master: true
node.data: true
discovery.zen.ping.unicast.hosts: ["192.168.133.200:9300","192.168.133.201:9300","192.168.133.202:9300"]
discovery.zen.minimum_master_nodes: 2
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/elastic-certificates.p12compose配置
与上面的es01配置文件对应,先不打开只是,带启动完成后,生成证书后再打开
es01:
version: '3'
services:
elasticsearch:
image: elasticsearch:7.16.3
restart: always
container_name: es01
volumes:
- /www/daqsoft/elasticsearch/data:/usr/share/elasticsearch/data
- /www/daqsoft/elasticsearch/plugins:/usr/share/elasticsearch/plugins
- /www/daqsoft/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
# - /www/daqsoft/elasticsearch/config/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
environment:
- "ES_JAVA_OPTS=-Xms512m -Xmx800m"
- discovery.type=single-node
ports:
- 9200:9200 #java、集群通信端口
- 9300:9300 #http通信端口
privileged: true #环境变量
es02:
version: '3'
services:
elasticsearch:
image: elasticsearch:7.16.3
restart: always
container_name: es02
volumes:
- /www/daqsoft/elasticsearch/data:/usr/share/elasticsearch/data
- /www/daqsoft/elasticsearch/logs:/usr/share/elasticsearch/logs
- /www/daqsoft/elasticsearch/plugins:/usr/share/elasticsearch/plugins
- /www/daqsoft/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- /www/daqsoft/elasticsearch/config/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
environment:
- "ES_JAVA_OPTS=-Xms512m -Xmx800m"
- discovery.type=single-node
ports:
- 9200:9200 #java、集群通信端口
- 9300:9300 #http通信端口
privileged: true #环境变量
es03:
version: '3'
services:
elasticsearch:
image: elasticsearch:7.16.3
restart: always
container_name: es03
volumes:
- /www/daqsoft/elasticsearch/data:/usr/share/elasticsearch/data
- /www/daqsoft/elasticsearch/plugins:/usr/share/elasticsearch/plugins
- /www/daqsoft/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- /www/daqsoft/elasticsearch/config/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
environment:
- "ES_JAVA_OPTS=-Xms512m -Xmx800m"
- discovery.type=single-node
ports:
- 9200:9200 #java、集群通信端口
- 9300:9300 #http通信端口
privileged: true #环境变量自动生成密码有问题,这里手动修改密码,每台执行
bin/elasticsearch-users useradd jack -r superuser
curl -XPUT -u jack:123456 http://127.0.0.1:9200/_xpack/security/user/elastic/_password -H "Content-Type: application/json" -d '
{
"password": "elastic"
}'- 感谢你赐予我前进的力量
-
微信 
支付宝
赞赏者名单
因为你们的支持让我意识到写文章的价值🙏
本文是原创文章,采用 CC BY-NC-ND 4.0 协议,完整转载请注明来自 运维小白
阅读建议
评论
匿名评论
隐私政策
你无需删除空行,直接评论以获取最佳展示效果
