elasticsearch 8.4.1 一键启动 docker-compose
部署步骤
生成SSL证书
生成CA证书
该命令会在当前目录下创建cert目录,并在其中生成名为 elastic-stack-ca.zip 的CA证书
docker run --rm -it \
-v $(pwd)/certs:/usr/share/elasticsearch/config/certificates \
elasticsearch:8.4.1 \
bin/elasticsearch-certutil ca --pem --out /usr/share/elasticsearch/config/certificates/elastic-stack-ca.zip使用CA证书生成集群节点证书
将上一步的证书解压到ca文件夹中,然后使用下列命令生成集群证书
有几个节点就生成几个证书(当然也可以生成一个证书共用,注意移除dns配置)
docker run --rm -it \
-v $(pwd)/certs:/usr/share/elasticsearch/config/certificates \
elasticsearch:8.4.1 \
bin/elasticsearch-certutil cert --pem --ca-cert /usr/share/elasticsearch/config/certificates/ca/ca.crt --ca-key /usr/share/elasticsearch/config/certificates/ca/ca.key --out /usr/share/elasticsearch/config/certificates/es01.zip --dns es01es集群配置
该集群demo测试在单机部署ok
version: '3'
services:
es01:
image: elasticsearch:8.4.1
container_name: es01
ports:
- 7853:9200
volumes:
- ./data01:/usr/share/elasticsearch/data
- ./logs01:/usr/share/elasticsearch/logs
- ./certs:/usr/share/elasticsearch/config/certificates
environment:
- ES_JAVA_OPTS=-Xms5120m -Xmx5120m
- ingest.geoip.downloader.enabled=false
- node.name=es01
- cluster.name=es-docker-cluster
- discovery.seed_hosts=es02,es03
- cluster.initial_master_nodes=es01,es02,es03
- bootstrap.memory_lock=true
- xpack.security.enabled=true
- xpack.security.transport.ssl.enabled=true
- xpack.security.http.ssl.enabled=false
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.key=certificates/es01/es01.key
- xpack.security.transport.ssl.certificate=certificates/es01/es01.crt
- xpack.security.transport.ssl.certificate_authorities=certificates/ca/ca.crt
ulimits:
memlock:
soft: -1
hard: -1
networks:
- elastic
es02:
image: elasticsearch:8.4.1
container_name: es02
volumes:
- ./data02:/usr/share/elasticsearch/data
- ./logs02:/usr/share/elasticsearch/logs
- ./certs:/usr/share/elasticsearch/config/certificates
environment:
- node.name=es02
- cluster.name=es-docker-cluster
- discovery.seed_hosts=es01,es03
- cluster.initial_master_nodes=es01,es02,es03
- bootstrap.memory_lock=true
- ES_JAVA_OPTS=-Xms5120m -Xmx5120m
- xpack.security.enabled=true
- xpack.security.transport.ssl.enabled=true
- xpack.security.http.ssl.enabled=false
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.key=certificates/es02/es02.key
- xpack.security.transport.ssl.certificate=certificates/es02/es02.crt
- xpack.security.transport.ssl.certificate_authorities=certificates/ca/ca.crt
ulimits:
memlock:
soft: -1
hard: -1
networks:
- elastic
es03:
image: elasticsearch:8.4.1
container_name: es03
volumes:
- ./data03:/usr/share/elasticsearch/data
- ./logs03:/usr/share/elasticsearch/logs
- ./certs:/usr/share/elasticsearch/config/certificates
environment:
- node.name=es03
- cluster.name=es-docker-cluster
- discovery.seed_hosts=es01,es02
- cluster.initial_master_nodes=es01,es02,es03
- bootstrap.memory_lock=true
- ES_JAVA_OPTS=-Xms5120m -Xmx5120m
- xpack.security.enabled=true
- xpack.security.transport.ssl.enabled=true
- xpack.security.http.ssl.enabled=false
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.key=certificates/es03/es03.key
- xpack.security.transport.ssl.certificate=certificates/es03/es03.crt
- xpack.security.transport.ssl.certificate_authorities=certificates/ca/ca.crt
ulimits:
memlock:
soft: -1
hard: -1
networks:
- elastic
kibana:
image: kibana:8.4.1
container_name: kibana
ports:
- "5601:5601"
environment:
- ELASTICSEARCH_HOSTS=http://es01:9200
- ELASTICSEARCH_USERNAME=kibana_system
- ELASTICSEARCH_PASSWORD=************
networks:
- elastic
depends_on:
- es01
- es02
- es03
networks:
elastic:
driver: bridge
评论
