单点或者集群,都采用docker方式安装 并且注意,在安装前有4个步骤需要先执行
1、生成配置文件/etc/sysctl.d/elasticsearch.conf
单点或集群都要
cat >>/etc/sysctl.d/elasticsearch.conf <<EOF
vm.max_map_count=262144
EOF
#
sysctl --system
2、生成配置文件/data/elasticsearch6/conf/elasticsearch.yml
注意单点模式和集群模式配置不同
## 单点 ##
cat > elasticsearch.yml <<EOF
cluster.name: "ops-es7-cluster"
network.host: 0.0.0.0
xpack.security.enabled: true
EOF
#
mv elasticsearch.yml /data/elasticsearch6/conf/elasticsearch.yml
## 集群 ##
mkdir /data/elasticsearch7/conf/ -p
#配置文件,启用xpack
cat > /data/elasticsearch7/conf/elasticsearch.yml <<EOF
cluster.name: "es7-cluster"
node.name: es-node-01
network.host: 0.0.0.0
#注意每个节点不同
network.publish_host: 192.168.10.10
#集群初始化时需要有一个master,实践发现,ES-7不指定master会报错,集群发现不了master无法初始化
cluster.initial_master_nodes: ["es-node-01"]
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
#证书可选p12格式或pem(crt)格式,p12为二进制,包含了私钥;pem为文本,私钥与证书分开。
#证书路径可用相对路径(相对config路径)
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-stack-ca.p12
#xpack.security.transport.ssl.key: certs/instance/instance.key
#xpack.security.transport.ssl.certificate: certs/instance/instance.crt
#xpack.security.transport.ssl.certificate_authorities: [ "certs/ca/ca.crt" ]
#这一条配置与起docker时discovery.zen.ping.unicast.hosts参数功效一样,并且需要注意两种配置不能同时使用
discovery.seed_hosts: ["192.168.10.10","192.168.10.11","192.168.10.12"]
transport.tcp.port: 9300
3、修改目录权限
单点或集群都要
chown 1000 /data/elasticsearch7/ -R
4、部署ES集群特别步骤 - - 生成证书
生成证书需要用到ES自带的工具,可以在ES容器内找到
路径和生成CA的命令如下,注意:生成的证书在当前目录下
/usr/share/elasticsearch/bin/elasticsearch-certutil ca
接着使用CA生成节点证书
/usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
将证书文件从容器中拷贝到宿主机 certs目录。
image.png
5、启ES容器
接下来就可以执行docker run来创建容器了,同样分单点和集群两种
单点:
docker run --restart unless-stopped -d \
--ulimit memlock=-1:-1 \
-e "bootstrap.memory_lock=true" \
-e "discovery.type=single-node" \
-e "ES_JAVA_OPTS=-Xms1g -Xmx1g" \
-p 9200:9200 -p 9300:9300 \
-v /data/elasticsearch7/data:/usr/share/elasticsearch/data \
-v /data/elasticsearch7/conf/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml \
-v /data/elasticsearch7/plugins:/usr/share/elasticsearch/plugins \
--name elasticsearch7 elasticsearch:7.9.2
集群:
IP1=192.168.10.10;IP2=192.168.10.11;IP3=192.168.10.12
docker run --restart unless-stopped -d \
--ulimit memlock=-1:-1 \
-e "bootstrap.memory_lock=true" \
-e "ES_JAVA_OPTS=-Xms1g -Xmx1g" \
-e discovery.zen.ping.unicast.hosts=${IP1},${IP2},${IP3} \#注意此参数与配置文件elasticsearch.yml中discovery.seed_hosts参数,只能二选一
-e discovery.zen.minimum_master_nodes=2 \
-p 9200:9200 -p 9300:9300 \
-v /data/elasticsearch6/data:/usr/share/elasticsearch/data \
-v /data/elasticsearch6/conf/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml \
-v /data/elasticsearch6/certs:/usr/share/elasticsearch/config/certs \
-v /data/elasticsearch6/plugins:/usr/share/elasticsearch/plugins \
--name elasticsearch6 elasticsearch:7.9.2
6、添加密码
因为添加了xpack插件,我们需要为之添加密码
执行如下命令,会以交互的形式创建elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user多个用户,并依次设置密码 注意:这一步中的操作只能用于创建密码,不能用于修改已经存在的密码
docker exec -it elasticsearch6 sh
elasticsearch-setup-passwords interactive -u http://localhost:9200
网友评论