文章目录
前言
这篇文章主要采用Dockerfile+elasticsearch7.12.1(配置密码及证书)+kibana7.12.1+cerebro0.83搭建集群
提示:以下是本篇文章正文内容,下面案例可供参考
一、制定自定义的ElasticSearch镜像
1.Dockerfile文件内容如下:
#官方镜像
FROM elasticsearch:7.12.1
USER root
#生成证书,密码可自己配置
RUN bin/elasticsearch-certutil ca --out config/elastic-stack-ca.p12 --pass 12345678
#生成证书,密码可自己配置
RUN bin/elasticsearch-certutil cert --ca config/elastic-stack-ca.p12 --ca-pass 12345678 --out config/elastic-certificates.p12 --pass 12345678
#创建keystore
RUN bin/elasticsearch-keystore create
#将密码添加至keystore
RUN sh -c '/bin/echo -e "12345678" | sh bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password'
RUN sh -c '/bin/echo -e "12345678" | sh bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password'
#文件赋权限
RUN chmod 777 /usr/share/elasticsearch/config/elastic-certificates.p12
RUN chmod 777 /usr/share/elasticsearch/config/elastic-stack-ca.p12
2.执行构建镜像
- janson11/elasticsearch是我在dockerHub建立的镜像仓库
docker build -t janson11/elasticsearch:7.12.1 . -f DockerFile
通过命令docker images |grep ‘7.12.1’查看构建的镜像。
janson11/elasticsearch 7.12.1 6f25ad543f45 24 hours ago 894MB
3.推送镜像
docker push janson11/elasticsearch:7.12.1
在我自己的dockerHub可以看到推送的镜像。
二、docker-compose等配置文件
1.docker-compose.yml
version: '2.1'
services:
cerebro:
image: lmenezes/cerebro:0.8.3
container_name: cerebro
ports:
- "9000:9000"
command:
- -Dhosts.0.host=http://elasticsearch:9200
networks:
- es7net
kibana:
image: docker.elastic.co/kibana/kibana:7.12.1
container_name: kibana7
environment:
- I18N_LOCALE=zh-CN
- XPACK_GRAPH_ENABLED=true
- TIMELION_ENABLED=true
- TZ=Asia/Shanghai
volumes:
- ./kibana.yml:/usr/share/kibana/config/kibana.yml
ports:
- "5601:5601"
networks:
- es7net
elasticsearch:
image: janson11/elasticsearch:7.12.1
container_name: es7_01
environment:
- cluster.name=janson-es-cluster
- node.name=es7_01
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- discovery.seed_hosts=es7_02,es7_03
- cluster.initial_master_nodes=es7_01,es7_02,es7_03
- TZ=Asia/Shanghai
- http.cors.enabled=true
- http.cors.allow-origin=*
- http.cors.allow-headers=Authorization,X-Requested-With,Content-Length,Content-Type
- xpack.security.enabled=true
- xpack.security.authc.accept_default_password=true
- xpack.security.transport.ssl.enabled=true
- xpack.security.audit.enabled=true
- xpack.license.self_generated.type=basic
- xpack.monitoring.collection.enabled=true
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- ./es7_01/data:/usr/share/elasticsearch/data
- ./es7_01/log:/usr/share/elasticsearch/logs
- ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
ports:
- "9200:9200"
- "9300:9300"
networks:
- es7net
elasticsearch2:
image: janson11/elasticsearch:7.12.1
container_name: es7_02
environment:
- cluster.name=janson-es-cluster
- node.name=es7_02
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- discovery.seed_hosts=es7_01,es7_03
- cluster.initial_master_nodes=es7_01,es7_02,es7_03
- TZ=Asia/Shanghai
- http.cors.enabled=true
- http.cors.allow-origin=*
- http.cors.allow-headers=Authorization,X-Requested-With,Content-Length,Content-Type
- xpack.security.enabled=true
- xpack.security.authc.accept_default_password=true
- xpack.security.transport.ssl.enabled=true
- xpack.security.audit.enabled=true
- xpack.license.self_generated.type=basic
- xpack.monitoring.collection.enabled=true
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- ./es7_02/data:/usr/share/elasticsearch/data
- ./es7_02/log:/usr/share/elasticsearch/logs
- ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
networks:
- es7net
elasticsearch3:
image: janson11/elasticsearch:7.12.1
container_name: es7_03
environment:
- cluster.name=janson-es-cluster
- node.name=es7_03
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- discovery.seed_hosts=es7_01,es7_02
- cluster.initial_master_nodes=es7_01,es7_02,es7_03
- TZ=Asia/Shanghai
- http.cors.enabled=true
- http.cors.allow-origin=*
- http.cors.allow-headers=Authorization,X-Requested-With,Content-Length,Content-Type
- xpack.security.enabled=true
- xpack.security.authc.accept_default_password=true
- xpack.security.transport.ssl.enabled=true
- xpack.security.audit.enabled=true
- xpack.license.self_generated.type=basic
- xpack.monitoring.collection.enabled=true
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- ./es7_03/data:/usr/share/elasticsearch/data
- ./es7_03/log:/usr/share/elasticsearch/logs
- ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
networks:
- es7net
volumes:
es7data1:
driver: local
es7data2:
driver: local
es7data3:
driver: local
networks:
es7net:
driver: bridge
2.elasticsearch.yml
network.host: 0.0.0.0
#master节点es7_01
cluster.initial_master_nodes: ["es7_01"]
discovery.seed_hosts: ["es7_01","es7_03","es7_03"]
cluster.name: "janson-es-cluster"
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
#开启kibana监控配置,如果不开启,也可以在kibana监控界面开启
xpack.monitoring.collection.enabled: true
#开启安全认证相关配置
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.audit.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.keystore.type: PKCS12
xpack.security.transport.ssl.verification_mode: certificate
#名字要和自定义镜像中的名字一致
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.type: PKCS12
3.kibana.yml
server.name: kibana
server.host: "0"
kibana.index: ".kibana"
elasticsearch.hosts: [ "http://elasticsearch:9200" ]
xpack.monitoring.ui.container.elasticsearch.enabled: true
i18n.locale: zh-CN
elasticsearch.username: 'elastic'
elasticsearch.password: '12345678'
4.文件目录和授权
mkdir -p es7_01/data es7_01/logs es7_02/data es7_02/logs es7_03/data es7_03/logs
chmod -Rf 777 es7_*
查看目录和文件
-rw-r--r-- 1 Dockerfile
-rw-r--r-- 1 docker-compose.yml
-rwxrwxrwx 1 elasticsearch.yml
drwxrwxrwx 5 es7_01
drwxrwxrwx 5 es7_02
drwxrwxrwx 5 es7_03
-rwxrwxrwx 1 kibana.yml
三、启动容器
docker-compose -f docker-compose.yml up -d
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3e55de90149f janson11/elasticsearch:7.12.1 "/bin/tini -- /usr/l…" 20 hours ago Up 20 hours 9200/tcp, 9300/tcp es7_03
34d7c5abada1 janson11/elasticsearch:7.12.1 "/bin/tini -- /usr/l…" 20 hours ago Up 20 hours 9200/tcp, 9300/tcp es7_02
6d60ec471596 janson11/elasticsearch:7.12.1 "/bin/tini -- /usr/l…" 20 hours ago Up 20 hours 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp, 0.0.0.0:9300->9300/tcp, :::9300->9300/tcp es7_01
84b4e20e6b14 docker.elastic.co/kibana/kibana:7.12.1 "/bin/tini -- /usr/l…" 20 hours ago Up 20 hours 0.0.0.0:5601->5601/tcp, :::5601->5601/tcp kibana7
c17475367b0f lmenezes/cerebro:0.8.3 "/opt/cerebro/bin/ce…" 20 hours ago Up 20 hours 0.0.0.0:9000->9000/tcp, :::9000->9000/tcp cerebro
四、配置密码
进入master节点容器配置密码
docker exec -it es7_01 /bin/bash
[root@6d60ec471596 elasticsearch]# ./bin/elasticsearch-setup-passwords interactive --verbose
Running with configuration path: /usr/share/elasticsearch/config
Testing if bootstrap password is valid for http://172.24.0.5:9200/_security/_authenticate?pretty
{
"username" : "elastic",
"roles" : [
"superuser"
],
"full_name" : null,
"email" : null,
"metadata" : {
"_reserved" : true
},
"enabled" : true,
"authentication_realm" : {
"name" : "reserved",
"type" : "reserved"
},
"lookup_realm" : {
"name" : "reserved",
"type" : "reserved"
},
"authentication_type" : "realm"
}
Checking cluster health: http://172.24.0.5:9200/_cluster/health?pretty
{
"cluster_name" : "janson-es-cluster",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 3,
"number_of_data_nodes" : 3,
"active_primary_shards" : 1,
"active_shards" : 2,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana_system]:
Reenter password for [kibana_system]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Trying user password change call http://172.24.0.5:9200/_security/user/apm_system/_password?pretty
{ }
Changed password for user [apm_system]
Trying user password change call http://172.24.0.5:9200/_security/user/kibana_system/_password?pretty
{ }
Changed password for user [kibana_system]
Trying user password change call http://172.24.0.5:9200/_security/user/kibana/_password?pretty
{ }
Changed password for user [kibana]
Trying user password change call http://172.24.0.5:9200/_security/user/logstash_system/_password?pretty
{ }
Changed password for user [logstash_system]
Trying user password change call http://172.24.0.5:9200/_security/user/beats_system/_password?pretty
{ }
Changed password for user [beats_system]
Trying user password change call http://172.24.0.5:9200/_security/user/remote_monitoring_user/_password?pretty
{ }
Changed password for user [remote_monitoring_user]
Trying user password change call http://172.24.0.5:9200/_security/user/elastic/_password?pretty
{ }
Changed password for user [elastic]
五、访问ElasticSearch
谷歌浏览器输入localhost:9200,输入用户名elastic和密码12345678可以看到集群信息。
cluster_name : janson-es-cluster
{
"name" : "es7_01",
"cluster_name" : "janson-es-cluster",
"cluster_uuid" : "IHIDAJllSuK9WLn46nsIbw",
"version" : {
"number" : "7.12.1",
"build_flavor" : "default",
"build_type" : "docker",
"build_hash" : "3186837139b9c6b6d23c3200870651f10d3343b7",
"build_date" : "2021-04-20T20:56:39.040728659Z",
"build_snapshot" : false,
"lucene_version" : "8.8.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
六、访问Kibana
谷歌浏览器输入localhost:5601,输入用户名elastic和密码12345678可以看到kibana的首页。
七、访问Cerebro
谷歌浏览器输入localhost:9000,输入用户名elastic和密码12345678可以看到cerebro的首页。
八、总结
本篇文章从Elasticsearch镜像的自定义制作和操作docker,构建可视化kibana界面及cerebro集群管理界面,可以很方便监控Elasticsearch的健康状态,下篇文章介绍如何使用springBoot操作Elasticsearch。如果觉得本篇文章有用,欢迎评论、点赞、收藏和转发,谢谢。
版权声明:本文为shanjian341622原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。