使用docker-compose部署ElasticSearch
准备工作
0 创建文件夹 设置版本号变量
mkdir -p /home/elasticsearch/8.x/{certs,es01,es02,es03,kba} && cd /home/elasticsearch/8.x/
chown -R 1000:1000 /home/elasticsearch/8.x/{certs,es01,es02,es03,kba}
v_es="8.11.4"
v_es="8.12.0"
echo ${v_es}1 节点机器优化设置
#参见 节点优化.md 文档2 镜像拉取
# docker pull elasticsearch:8.12.0
# docker pull kibana:8.12.0
docker pull docker.elastic.co/elasticsearch/elasticsearch:${v_es}
docker pull docker.elastic.co/kibana/kibana:${v_es}3 准备ik分词器
# 国内加速下载
# v_es="8.11.4"
# v_es="8.12.0"
curl -OSL https://hub.gitmirror.com/https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v${v_es}/elasticsearch-analysis-ik-${v_es}.zip
# 配置ik分词器插件
mkdir -p es01/{data,plugins} es02/{data,plugins} es03/{data,plugins} \
&& unzip -o elasticsearch-analysis-ik-${v_es}.zip -d es01/plugins/ik/ \
&& unzip -o elasticsearch-analysis-ik-${v_es}.zip -d es02/plugins/ik/ \
&& unzip -o elasticsearch-analysis-ik-${v_es}.zip -d es03/plugins/ik/
# curl -OSL https://hub.gitmirror.com/https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v8.11.4/elasticsearch-analysis-ik-8.11.4.zip
# curl -SL https://hub.gitmirror.com/https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v${v_es}/elasticsearch-analysis-ik-${v_es}.zip -o ./elasticsearch-analysis-ik-${v_es}.zip
# 官方版本
# wget https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v8.12.0/elasticsearch-analysis-ik-8.12.0.zip
# curl -OSL https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v8.11.4/elasticsearch-analysis-ik-8.11.4.zip
# v_es="8.12.0"
# wget https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v${v_es}/elasticsearch-analysis-ik-${v_es}.zip
# curl -SL https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v${v_es}/elasticsearch-analysis-ik-${v_es}.zip -o ./elasticsearch-analysis-ik-${v_es}.zip部署步骤
下载.env和docker-compose.yml文件
# v_es="8.12"
# curl -OSL https://raw.githubusercontent.com/elastic/elasticsearch/8.12/docs/reference/setup/install/docker/.env
# curl -OSL https://raw.githubusercontent.com/elastic/elasticsearch/8.12/docs/reference/setup/install/docker/docker-compose.yml
curl -OSL https://hub.gitmirror.com/https://raw.githubusercontent.com/elastic/elasticsearch/8.12/docs/reference/setup/install/docker/.env
curl -OSL https://hub.gitmirror.com/https://raw.githubusercontent.com/elastic/elasticsearch/8.12/docs/reference/setup/install/docker/docker-compose.yml
# 编辑.env文件
vi .env
# 主要设置项 时区 密码 版本号 内存占用
TZ=Asia/Shanghai
ES_JAVA_OPTS="-Xms1g -Xmx1g"
# 编辑docker-compose.yml文件
vi docker-compose.yml
# 主要设置项 重启规则 本机端口 挂载目录
restart: unless-stopped
ports:
# - ${ES_PORT}:9200
- 9201:9200
- 9202:9200
- 9203:9200
volumes:
- ./certs:/usr/share/elasticsearch/config/certs #所有节点共享
- ./es01/data:/usr/share/elasticsearch/data
- ./es01/plugins/:/usr/share/elasticsearch/plugins
- ./es02/plugins/:/usr/share/elasticsearch/plugins
- ./es03/plugins/:/usr/share/elasticsearch/plugins
- ./kba:/usr/share/kibana/data #kibana节点开始部署
# 修改目录权限
chown -R 1000:1000 {certs,es01,es02,es03,kba}
chown -R 1000:1000 /home/elasticsearch/8.x/{certs,es01,es02,es03,kba}
docker-compose pull
docker-compose up -d清理资源
docker-compose down -v
rm -rf {certs,es01,es02,es03,kba} \
&& mkdir {certs,es01,es02,es03,kba} \
&& mkdir -p es01/{data,plugins} es02/{data,plugins} es03/{data,plugins} \
&& unzip -o elasticsearch-analysis-ik-${v_es}.zip -d es01/plugins/ik/ \
&& unzip -o elasticsearch-analysis-ik-${v_es}.zip -d es02/plugins/ik/ \
&& unzip -o elasticsearch-analysis-ik-${v_es}.zip -d es03/plugins/ik/ \
&& chown -R 1000:1000 {certs,es01,es02,es03,kba}后续其他操作
使用指定用户执行指令
docker-compose -f es-kba.yml up -d
#使用1000用户身份执行指令
runuser -l 1000 -c 'docker-compose -f es-kba.yml up -d'测试集群是否安装成功
ELASTIC_PASSWORD='*********'
curl --cacert certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" https://127.0.0.1:9201/_cat/health
curl --cacert certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" https://127.0.0.1:9201/_cat/health
curl --cacert certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" https://127.0.0.1:9201/_cat/health查看集群节点
curl --cacert certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" https://127.0.0.1:9201/_cat/nodes?v=true&pretty
# 搭建成功可在在浏览器地址栏访问https://192.168.1.62:9200/_cat/nodes?pretty 查看各节点状态
curl -X GET --cacert certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" "https://127.0.0.1:9200/_cat/nodes?v=true&pretty"
curl -X GET --cacert certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" "https://127.0.0.1:9201/_cat/nodes?v=true&pretty"
curl https://192.168.1.62:9201/_cat/nodes?pretty配置监控指标
相关文档
https://www.elastic.co/cn/downloads/beats/metricbeat https://www.elastic.co/guide/en/beats/metricbeat/current/running-on-docker.html https://www.elastic.co/guide/en/beats/metricbeat/7.10/metricbeat-installation-configuration.html
下载 MetricBeat 组件
curl -L -O https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-7.10.1-linux-x86_64.tar.gz
tar xzvf metricbeat-7.10.1-linux-x86_64.tar.gz新增配置文件
output.elasticsearch:
hosts: ["192.168.1.61:9200","192.168.1.62:9200","192.168.1.63:9200"]
username: "elastic"
password: "ELASTIC_PASSWORD"
setup.kibana:
host: "192.168.1.60:5601"
username: "elastic"
password: "ELASTIC_PASSWORD"开启 MetricBeat 模块
./metricbeat modules enable elasticsearch
./metricbeat modules enable elasticsearch-xpack
./metricbeat setup -e启动 MetricBeat
./metricbeat
./metricbeat run开启xpack.monitoring.collection.enabled配置
在生产集群上将xpack.monitoring.collection.enabled设置为true。默认情况下,它是禁用的(false)。 您可以使用以下API来查看和更改此设置:
GET _cluster/settings
PUT _cluster/settings
{
"persistent": {
"xpack.monitoring.collection.enabled": true
}
}指标相关服务后台执行
#启动logstash
nohup ./bin/logstash -f logpipeline.conf & > nohup.out
#启动filebeat
nohup ./filebeat -e -c filebeat.yml -d "Publish" & > nohup.out
#启动metricbeat
nohup ./metricbeat -e -c metricbeat.yml -d "publish" & > nohup.outdocker pull docker.elastic.co/beats/metricbeat:7.10.1
docker run --restart=unless-stopped --network esNet -d --name metricbeat \
docker.elastic.co/beats/metricbeat:7.10.1 \
setup -E setup.kibana.host=kba01:5601 \
-E setup.kibana.username= 'elastic' \
-E setup.kibana.password= 'ELASTIC_PASSWORD' \
-E output.elasticsearch.username= 'elastic' \
-E output.elasticsearch.password= 'ELASTIC_PASSWORD' \
-E output.elasticsearch.hosts=["es01:9200","es02:9200","es03:9200"]附录0
nginx负载均衡示例
proxy_pass https://192.168.1.62:9201;
;注意:多端口负载均衡有token跨节点失效的问题
upstream esBalanced {
server 192.168.1.62:9201 weight=5 max_fails=3 fail_timeout=12s;
server 192.168.1.62:9202 weight=5 max_fails=3 fail_timeout=12s;
server 192.168.1.62:9203 weight=5 max_fails=3 fail_timeout=12s;
}
server {
server_name es.tinyrui.com;
location / {
proxy_ssl_verify off;
proxy_pass https://esBalanced;
}
}附录1
.env 文件
# 时区设置
TZ=Asia/Shanghai
STACK_VERSION=8.11.4
ELASTIC_PASSWORD='ELASTIC_PASSWORD'
KIBANA_PASSWORD='KIBANA_PASSWORD'
#限制内存占用
MEM_LIMIT=2g
#ES_JAVA_OPTS="-Xms2g -Xmx2g"
ES_PORT=9201附录2
docker-compose.yml 文件
version: "2.2"
services:
setup:
image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
volumes:
- certs:/usr/share/elasticsearch/config/certs
user: "0"
command: >
bash -c '
if [ x${ELASTIC_PASSWORD} == x ]; then
echo "Set the ELASTIC_PASSWORD environment variable in the .env file";
exit 1;
elif [ x${KIBANA_PASSWORD} == x ]; then
echo "Set the KIBANA_PASSWORD environment variable in the .env file";
exit 1;
fi;
if [ ! -f config/certs/ca.zip ]; then
echo "Creating CA";
bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
unzip config/certs/ca.zip -d config/certs;
fi;
if [ ! -f config/certs/certs.zip ]; then
echo "Creating certs";
echo -ne \
"instances:\n"\
" - name: es01\n"\
" dns:\n"\
" - es01\n"\
" - localhost\n"\
" ip:\n"\
" - 127.0.0.1\n"\
" - name: es02\n"\
" dns:\n"\
" - es02\n"\
" - localhost\n"\
" ip:\n"\
" - 127.0.0.1\n"\
" - name: es03\n"\
" dns:\n"\
" - es03\n"\
" - localhost\n"\
" ip:\n"\
" - 127.0.0.1\n"\
> config/certs/instances.yml;
bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
unzip config/certs/certs.zip -d config/certs;
fi;
echo "Setting file permissions"
chown -R root:root config/certs;
find . -type d -exec chmod 750 \{\} \;;
find . -type f -exec chmod 640 \{\} \;;
echo "Waiting for Elasticsearch availability";
until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
echo "Setting kibana_system password";
until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;
echo "All done!";
'
healthcheck:
test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"]
interval: 1s
timeout: 5s
retries: 120
es01:
depends_on:
setup:
condition: service_healthy
image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
volumes:
- certs:/usr/share/elasticsearch/config/certs
- esdata01:/usr/share/elasticsearch/data
ports:
- ${ES_PORT}:9200
environment:
- node.name=es01
- cluster.name=${CLUSTER_NAME}
- cluster.initial_master_nodes=es01,es02,es03
- discovery.seed_hosts=es02,es03
- ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
- bootstrap.memory_lock=true
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=certs/es01/es01.key
- xpack.security.http.ssl.certificate=certs/es01/es01.crt
- xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.key=certs/es01/es01.key
- xpack.security.transport.ssl.certificate=certs/es01/es01.crt
- xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.license.self_generated.type=${LICENSE}
mem_limit: ${MEM_LIMIT}
ulimits:
memlock:
soft: -1
hard: -1
healthcheck:
test:
[
"CMD-SHELL",
"curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
]
interval: 10s
timeout: 10s
retries: 120
es02:
depends_on:
- es01
image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
volumes:
- certs:/usr/share/elasticsearch/config/certs
- esdata02:/usr/share/elasticsearch/data
environment:
- node.name=es02
- cluster.name=${CLUSTER_NAME}
- cluster.initial_master_nodes=es01,es02,es03
- discovery.seed_hosts=es01,es03
- bootstrap.memory_lock=true
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=certs/es02/es02.key
- xpack.security.http.ssl.certificate=certs/es02/es02.crt
- xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.key=certs/es02/es02.key
- xpack.security.transport.ssl.certificate=certs/es02/es02.crt
- xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.license.self_generated.type=${LICENSE}
mem_limit: ${MEM_LIMIT}
ulimits:
memlock:
soft: -1
hard: -1
healthcheck:
test:
[
"CMD-SHELL",
"curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
]
interval: 10s
timeout: 10s
retries: 120
es03:
depends_on:
- es02
image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
volumes:
- certs:/usr/share/elasticsearch/config/certs
- esdata03:/usr/share/elasticsearch/data
environment:
- node.name=es03
- cluster.name=${CLUSTER_NAME}
- cluster.initial_master_nodes=es01,es02,es03
- discovery.seed_hosts=es01,es02
- bootstrap.memory_lock=true
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=certs/es03/es03.key
- xpack.security.http.ssl.certificate=certs/es03/es03.crt
- xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.key=certs/es03/es03.key
- xpack.security.transport.ssl.certificate=certs/es03/es03.crt
- xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.license.self_generated.type=${LICENSE}
mem_limit: ${MEM_LIMIT}
ulimits:
memlock:
soft: -1
hard: -1
healthcheck:
test:
[
"CMD-SHELL",
"curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
]
interval: 10s
timeout: 10s
retries: 120
kibana:
depends_on:
es01:
condition: service_healthy
es02:
condition: service_healthy
es03:
condition: service_healthy
image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
volumes:
- certs:/usr/share/kibana/config/certs
- kibanadata:/usr/share/kibana/data
ports:
- ${KIBANA_PORT}:5601
environment:
- SERVERNAME=kibana
- ELASTICSEARCH_HOSTS=https://es01:9200
- ELASTICSEARCH_USERNAME=kibana_system
- ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
- ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
mem_limit: ${MEM_LIMIT}
healthcheck:
test:
[
"CMD-SHELL",
"curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
]
interval: 10s
timeout: 10s
retries: 120
volumes:
certs:
driver: local
esdata01:
driver: local
esdata02:
driver: local
esdata03:
driver: local
kibanadata:
driver: local