Elasticsearch-docker集群搭建

Elasticsearch-docker集群搭建

艾瑞斯胡 83 2022-10-14

前提:配置好Elasticsearch证书

一、集群搭建

1)创建数据目录

mkdir -p data/es01 data/es02 data/es03
chmod -R 777 data

2)创建环境变量文件 .env

ELASTIC_PASSWORD=Study123

ES_IMAGE_VERSION=7.17.6

ES01_CONTAINER_DOMAIN_NAME=es.home.cloud
ES02_CONTAINER_DOMAIN_NAME=es02.home.cloud
ES03_CONTAINER_DOMAIN_NAME=es03.home.cloud

CERTS_DIR=/usr/share/elasticsearch/config/certificates
ES_DATA_DIR=/usr/share/elasticsearch/data

ES01_CONTAINER_DOMAIN_IP=172.18.37.2
ES02_CONTAINER_DOMAIN_IP=172.18.37.3
ES03_CONTAINER_DOMAIN_IP=172.18.37.4

3)创建 docker-compose.yml 文件

version: '3.8'

x-es-common: &es-common
  image: elasticsearch:$ES_IMAGE_VERSION
  #restart: always
  extra_hosts:
    - $ES01_CONTAINER_DOMAIN_NAME:$ES01_CONTAINER_DOMAIN_IP
    - $ES02_CONTAINER_DOMAIN_NAME:$ES02_CONTAINER_DOMAIN_IP
    - $ES03_CONTAINER_DOMAIN_NAME:$ES03_CONTAINER_DOMAIN_IP
  ulimits:
    memlock:
      soft: -1
      hard: -1
  volumes:
    - /etc/localtime:/etc/localtime:ro
  networks:
    - es-net


services:
  es01:
    << : *es-common
    hostname: es01
    container_name: es01
    environment:
      - node.name=es01
      - discovery.seed_hosts=$ES02_CONTAINER_DOMAIN_NAME,$ES03_CONTAINER_DOMAIN_NAME
      - cluster.initial_master_nodes=es01,es02,es03
      - ELASTIC_PASSWORD=$ELASTIC_PASSWORD
      - "ES_JAVA_OPTS=-Des.insecure.allow.root=true -Xms512m -Xmx512m"
      - cluster.name=es-docker-cluster
      #- network.host=$ES01_CONTAINER_DOMAIN_NAME
      #- discovery.zen.fd.ping_timeout=5m
      - bootstrap.memory_lock=true
      - xpack.license.self_generated.type=trial    # Automatically generate and apply a trial subscription, in order to enable security features
      - xpack.security.enabled=true                # enable xpack authenticity
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.verification_mode=certificate # disable verification of authenticity for inter-node communication
      - xpack.security.transport.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
      - xpack.security.transport.ssl.key=$CERTS_DIR/$ES01_CONTAINER_DOMAIN_NAME/$ES01_CONTAINER_DOMAIN_NAME.key
      - xpack.security.transport.ssl.certificate=$CERTS_DIR/$ES01_CONTAINER_DOMAIN_NAME/$ES01_CONTAINER_DOMAIN_NAME.crt
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
      - xpack.security.http.ssl.key=$CERTS_DIR/$ES01_CONTAINER_DOMAIN_NAME/$ES01_CONTAINER_DOMAIN_NAME.key
      - xpack.security.http.ssl.certificate=$CERTS_DIR/$ES01_CONTAINER_DOMAIN_NAME/$ES01_CONTAINER_DOMAIN_NAME.crt
    volumes:
      #- ./logs/es01:/usr/share/elasticsearch/logs/
      - ./data/es01:$ES_DATA_DIR
      - ./config/certs:$CERTS_DIR
    ports:
      - "9200:9200"
      #- "9300:9300"
    networks:
      es-net:
        ipv4_address: $ES01_CONTAINER_DOMAIN_IP
    healthcheck:
      test: curl --cacert $CERTS_DIR/ca/ca.crt -s https://localhost:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi
      interval: 30s
      timeout: 10s
      retries: 5

  es02:
    << : *es-common
    hostname: es02
    container_name: es02
    environment:
      - node.name=es02
      - discovery.seed_hosts=$ES01_CONTAINER_DOMAIN_NAME,$ES03_CONTAINER_DOMAIN_NAME
      - cluster.initial_master_nodes=es01,es02,es03
      - ELASTIC_PASSWORD=$ELASTIC_PASSWORD
      - "ES_JAVA_OPTS=-Des.insecure.allow.root=true -Xms512m -Xmx512m"
      - cluster.name=es-docker-cluster
      #- network.host=$ES01_CONTAINER_DOMAIN_NAME
      #- discovery.zen.fd.ping_timeout=5m
      - bootstrap.memory_lock=true
      - xpack.license.self_generated.type=trial    # Automatically generate and apply a trial subscription, in order to enable security features
      - xpack.security.enabled=true                # enable xpack authenticity
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.verification_mode=certificate # disable verification of authenticity for inter-node communication
      - xpack.security.transport.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
      - xpack.security.transport.ssl.key=$CERTS_DIR/$ES02_CONTAINER_DOMAIN_NAME/$ES02_CONTAINER_DOMAIN_NAME.key
      - xpack.security.transport.ssl.certificate=$CERTS_DIR/$ES02_CONTAINER_DOMAIN_NAME/$ES02_CONTAINER_DOMAIN_NAME.crt
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
      - xpack.security.http.ssl.key=$CERTS_DIR/$ES02_CONTAINER_DOMAIN_NAME/$ES02_CONTAINER_DOMAIN_NAME.key
      - xpack.security.http.ssl.certificate=$CERTS_DIR/$ES02_CONTAINER_DOMAIN_NAME/$ES02_CONTAINER_DOMAIN_NAME.crt
    volumes:
      #- ./logs/es02:/usr/share/elasticsearch/logs/
      - ./data/es02:$ES_DATA_DIR
      - ./config/certs:$CERTS_DIR
    networks:
      es-net:
        ipv4_address: $ES02_CONTAINER_DOMAIN_IP

  es03:
    << : *es-common
    hostname: es03
    container_name: es03
    environment:
      - node.name=es03
      - discovery.seed_hosts=$ES01_CONTAINER_DOMAIN_NAME,$ES02_CONTAINER_DOMAIN_NAME
      - cluster.initial_master_nodes=es01,es02,es03
      - ELASTIC_PASSWORD=$ELASTIC_PASSWORD
      - "ES_JAVA_OPTS=-Des.insecure.allow.root=true -Xms512m -Xmx512m"
      - cluster.name=es-docker-cluster
      #- network.host=$ES01_CONTAINER_DOMAIN_NAME
      #- discovery.zen.fd.ping_timeout=5m
      - bootstrap.memory_lock=true
      - xpack.license.self_generated.type=trial # Automatically generate and apply a trial subscription, in order to enable security features
      - xpack.security.enabled=true                # enable xpack authenticity
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.verification_mode=certificate # disable verification of authenticity for inter-node communication
      - xpack.security.transport.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
      - xpack.security.transport.ssl.key=$CERTS_DIR/$ES03_CONTAINER_DOMAIN_NAME/$ES03_CONTAINER_DOMAIN_NAME.key
      - xpack.security.transport.ssl.certificate=$CERTS_DIR/$ES03_CONTAINER_DOMAIN_NAME/$ES03_CONTAINER_DOMAIN_NAME.crt
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
      - xpack.security.http.ssl.key=$CERTS_DIR/$ES03_CONTAINER_DOMAIN_NAME/$ES03_CONTAINER_DOMAIN_NAME.key
      - xpack.security.http.ssl.certificate=$CERTS_DIR/$ES03_CONTAINER_DOMAIN_NAME/$ES03_CONTAINER_DOMAIN_NAME.crt
    volumes:
      #- ./logs/es03:/usr/share/elasticsearch/logs/
      - ./data/es03:$ES_DATA_DIR
      - ./config/certs:$CERTS_DIR
    networks:
      es-net:
        ipv4_address: $ES03_CONTAINER_DOMAIN_IP
        
  networks:
    es-net:
      name: esnet
      driver: bridge
      ipam:
        driver: default
        config:
          - subnet: 172.18.37.0/24
            gateway: 172.18.37.1

二、开启防火墙

allow-service elasticsearch

三、访问 Elasticsearch 主页

访问地址

会提示进行认证

用户名:elastic

密码:Study123


# 集群搭建 # elasticsearch # docker