一、集群搭建
1)创建数据目录
mkdir -p data/es01 data/es02 data/es03
chmod -R 777 data
2)创建环境变量文件 .env
ELASTIC_PASSWORD=Study123
ES_IMAGE_VERSION=7.17.6
ES01_CONTAINER_DOMAIN_NAME=es.home.cloud
ES02_CONTAINER_DOMAIN_NAME=es02.home.cloud
ES03_CONTAINER_DOMAIN_NAME=es03.home.cloud
CERTS_DIR=/usr/share/elasticsearch/config/certificates
ES_DATA_DIR=/usr/share/elasticsearch/data
ES01_CONTAINER_DOMAIN_IP=172.18.37.2
ES02_CONTAINER_DOMAIN_IP=172.18.37.3
ES03_CONTAINER_DOMAIN_IP=172.18.37.4
3)创建 docker-compose.yml 文件
version: '3.8'
x-es-common: &es-common
image: elasticsearch:$ES_IMAGE_VERSION
#restart: always
extra_hosts:
- $ES01_CONTAINER_DOMAIN_NAME:$ES01_CONTAINER_DOMAIN_IP
- $ES02_CONTAINER_DOMAIN_NAME:$ES02_CONTAINER_DOMAIN_IP
- $ES03_CONTAINER_DOMAIN_NAME:$ES03_CONTAINER_DOMAIN_IP
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- /etc/localtime:/etc/localtime:ro
networks:
- es-net
services:
es01:
<< : *es-common
hostname: es01
container_name: es01
environment:
- node.name=es01
- discovery.seed_hosts=$ES02_CONTAINER_DOMAIN_NAME,$ES03_CONTAINER_DOMAIN_NAME
- cluster.initial_master_nodes=es01,es02,es03
- ELASTIC_PASSWORD=$ELASTIC_PASSWORD
- "ES_JAVA_OPTS=-Des.insecure.allow.root=true -Xms512m -Xmx512m"
- cluster.name=es-docker-cluster
#- network.host=$ES01_CONTAINER_DOMAIN_NAME
#- discovery.zen.fd.ping_timeout=5m
- bootstrap.memory_lock=true
- xpack.license.self_generated.type=trial # Automatically generate and apply a trial subscription, in order to enable security features
- xpack.security.enabled=true # enable xpack authenticity
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate # disable verification of authenticity for inter-node communication
- xpack.security.transport.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
- xpack.security.transport.ssl.key=$CERTS_DIR/$ES01_CONTAINER_DOMAIN_NAME/$ES01_CONTAINER_DOMAIN_NAME.key
- xpack.security.transport.ssl.certificate=$CERTS_DIR/$ES01_CONTAINER_DOMAIN_NAME/$ES01_CONTAINER_DOMAIN_NAME.crt
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
- xpack.security.http.ssl.key=$CERTS_DIR/$ES01_CONTAINER_DOMAIN_NAME/$ES01_CONTAINER_DOMAIN_NAME.key
- xpack.security.http.ssl.certificate=$CERTS_DIR/$ES01_CONTAINER_DOMAIN_NAME/$ES01_CONTAINER_DOMAIN_NAME.crt
volumes:
#- ./logs/es01:/usr/share/elasticsearch/logs/
- ./data/es01:$ES_DATA_DIR
- ./config/certs:$CERTS_DIR
ports:
- "9200:9200"
#- "9300:9300"
networks:
es-net:
ipv4_address: $ES01_CONTAINER_DOMAIN_IP
healthcheck:
test: curl --cacert $CERTS_DIR/ca/ca.crt -s https://localhost:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi
interval: 30s
timeout: 10s
retries: 5
es02:
<< : *es-common
hostname: es02
container_name: es02
environment:
- node.name=es02
- discovery.seed_hosts=$ES01_CONTAINER_DOMAIN_NAME,$ES03_CONTAINER_DOMAIN_NAME
- cluster.initial_master_nodes=es01,es02,es03
- ELASTIC_PASSWORD=$ELASTIC_PASSWORD
- "ES_JAVA_OPTS=-Des.insecure.allow.root=true -Xms512m -Xmx512m"
- cluster.name=es-docker-cluster
#- network.host=$ES01_CONTAINER_DOMAIN_NAME
#- discovery.zen.fd.ping_timeout=5m
- bootstrap.memory_lock=true
- xpack.license.self_generated.type=trial # Automatically generate and apply a trial subscription, in order to enable security features
- xpack.security.enabled=true # enable xpack authenticity
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate # disable verification of authenticity for inter-node communication
- xpack.security.transport.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
- xpack.security.transport.ssl.key=$CERTS_DIR/$ES02_CONTAINER_DOMAIN_NAME/$ES02_CONTAINER_DOMAIN_NAME.key
- xpack.security.transport.ssl.certificate=$CERTS_DIR/$ES02_CONTAINER_DOMAIN_NAME/$ES02_CONTAINER_DOMAIN_NAME.crt
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
- xpack.security.http.ssl.key=$CERTS_DIR/$ES02_CONTAINER_DOMAIN_NAME/$ES02_CONTAINER_DOMAIN_NAME.key
- xpack.security.http.ssl.certificate=$CERTS_DIR/$ES02_CONTAINER_DOMAIN_NAME/$ES02_CONTAINER_DOMAIN_NAME.crt
volumes:
#- ./logs/es02:/usr/share/elasticsearch/logs/
- ./data/es02:$ES_DATA_DIR
- ./config/certs:$CERTS_DIR
networks:
es-net:
ipv4_address: $ES02_CONTAINER_DOMAIN_IP
es03:
<< : *es-common
hostname: es03
container_name: es03
environment:
- node.name=es03
- discovery.seed_hosts=$ES01_CONTAINER_DOMAIN_NAME,$ES02_CONTAINER_DOMAIN_NAME
- cluster.initial_master_nodes=es01,es02,es03
- ELASTIC_PASSWORD=$ELASTIC_PASSWORD
- "ES_JAVA_OPTS=-Des.insecure.allow.root=true -Xms512m -Xmx512m"
- cluster.name=es-docker-cluster
#- network.host=$ES01_CONTAINER_DOMAIN_NAME
#- discovery.zen.fd.ping_timeout=5m
- bootstrap.memory_lock=true
- xpack.license.self_generated.type=trial # Automatically generate and apply a trial subscription, in order to enable security features
- xpack.security.enabled=true # enable xpack authenticity
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate # disable verification of authenticity for inter-node communication
- xpack.security.transport.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
- xpack.security.transport.ssl.key=$CERTS_DIR/$ES03_CONTAINER_DOMAIN_NAME/$ES03_CONTAINER_DOMAIN_NAME.key
- xpack.security.transport.ssl.certificate=$CERTS_DIR/$ES03_CONTAINER_DOMAIN_NAME/$ES03_CONTAINER_DOMAIN_NAME.crt
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
- xpack.security.http.ssl.key=$CERTS_DIR/$ES03_CONTAINER_DOMAIN_NAME/$ES03_CONTAINER_DOMAIN_NAME.key
- xpack.security.http.ssl.certificate=$CERTS_DIR/$ES03_CONTAINER_DOMAIN_NAME/$ES03_CONTAINER_DOMAIN_NAME.crt
volumes:
#- ./logs/es03:/usr/share/elasticsearch/logs/
- ./data/es03:$ES_DATA_DIR
- ./config/certs:$CERTS_DIR
networks:
es-net:
ipv4_address: $ES03_CONTAINER_DOMAIN_IP
networks:
es-net:
name: esnet
driver: bridge
ipam:
driver: default
config:
- subnet: 172.18.37.0/24
gateway: 172.18.37.1
二、开启防火墙
allow-service elasticsearch
三、访问 Elasticsearch 主页
会提示进行认证
用户名:elastic
密码:Study123