本文以 Elasticsearch8.8.0 为例,介绍一下单机安装 ES ,使用 docker-compose 方式进行便捷管理
需要准本docker 环境:一键安装脚本 https://www.cnblogs.com/Alay/p/15433473.html
需要准备 docker-compose 环境:一键安装脚本 https://www.cnblogs.com/Alay/p/15433907.html
官网阅读参考
ES 的编排:https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html?baymax=rec&rogue=pop-1&elektra=docs
github:https://github.com/elastic/elasticsearch/blob/main/docs/reference/setup/install/docker/docker-compose.yml
**** 以下所有命名 均为 my-... 实际使用中,请自行全局替换修改,如:my-es ,myes 等,自行修改为自己的项目名称
开始正题:
一、介绍:
以下部署分三种模式,单机节点部署,双节点部署,多节点集群部署, 其中单节点,双节点 均由多节点 模式改造而来, 三种模式均 包含 了 kibana 的部署,三种模式均已经测试验证,
部署环境,使用的是 阿里云 ecs 单服务器 8GB 内存 进行的测试部署,三节点服务器要求,单服务 8GB 内存以上才能流畅的测试,否则会在此过程中,部分节点 停机,导致集群不能全部启动
环境说明,本案例使用的 阿里云 ECS 非 root 用户,出于安全考虑,而是购买时直接设置了 ecs-user 用户,所以省去了 新创建 非 root 用户的麻烦,如果是 ECS 使用者也推荐购买时直接选择 ecs-user(非root 用户)
二、常见问题:
1、docker 非 root 用户 无法访问 docker 命令问题 $USER 代表读取当前用户,或者 声明指定 比如 改为 ecs-user
sudo usermod -aG docker $USER 或者 sudo gpasswd -a $USER docker
2、非 root 用户常见权限问题:
如: 给 用户 ecs-user 授权 路径 /home/appdata
sudo chown -R ecs-user:docker /home/appdata sudo chmod -R 775 /home/appdata
3、报错:Error: Could not create the Java Virtual Machine.
基本是挂载文件的权限问题,没有权限,比如日志,数据文件挂在路径没有权限,使用上一步的方式给相关的挂载路径赋予权限即可
4、报错 vm.max_map_count [65530] is too low
elasticsearch用户拥有的内存权限太小,至少需要262144, 执行
sudo sysctl -w vm.max_map_count=262144
以上是我测试中遇到的问题,其他问题没有发生,所以无法给出提示
三、环境变量文件准备
.evn 环境变量文件
BASE_DIR=/home/appdata # Password for the 'elastic' user (at least 6 characters) elastic 用户名的密码 ELASTIC_PASSWORD=myes_7j1TEQyVyoVLJ5G4SXM3NcH6Z # Password for the 'kibana_system' user (at least 6 characters) kibana 密码 KIBANA_PASSWORD=myes_ZFzBxCF1Hrz5Gp5UAElBLnNFS # ES 8.x 的版本标识(可根据个人项目需求修改) STACK_VERSION=8.8.0 # Set the cluster name CLUSTER_NAME=my-es-cluster # Set to 'basic' or 'trial' to automatically start the 30-day trial 设置为 “基本” 或 “试用” 以自动开始30天的试用 #LICENSE=trial LICENSE=basic # Port to expose Elasticsearch HTTP API to the host ES_PORT=9200 #ES_PORT=127.0.0.1:9200 # 集群间内部通讯 TRANSPORT_PORT=9300 # Port to expose Kibana to the host KIBANA_PORT=5601 #KIBANA_PORT=80 # Increase or decrease based on the available host memory (in bytes) # 1GB MEM_LIMIT=1073741824 # Project namespace (defaults to the current folder name if not set)项目命名空间 (如果未设置,默认为当前文件夹名称) COMPOSE_PROJECT_NAME=my-es
四、部署
1、单机节点部署
docker-compose.yml 文件编写
version: '3.8'
services:
my-es-setup:
env_file:
- .env
image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
container_name: my-es-setup
volumes:
- certs:/usr/share/elasticsearch/config/certs
user: "0"
command: >
bash -c '
if [ x${ELASTIC_PASSWORD} == x ]; then
echo "Set the ELASTIC_PASSWORD environment variable in the .env file";
exit 1;
elif [ x${KIBANA_PASSWORD} == x ]; then
echo "Set the KIBANA_PASSWORD environment variable in the .env file";
exit 1;
fi;
if [ ! -f config/certs/ca.zip ]; then
echo "Creating CA";
bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
unzip config/certs/ca.zip -d config/certs;
fi;
if [ ! -f config/certs/certs.zip ]; then
echo "Creating certs";
echo -ne \
"instances:\n"\
" - name: my-es\n"\
" dns:\n"\
" - my-es\n"\
" - localhost\n"\
" ip:\n"\
" - 127.0.0.1\n"\
> config/certs/instances.yml;
bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
unzip config/certs/certs.zip -d config/certs;
fi;
echo "Setting file permissions"
chown -R root:root config/certs;
find . -type d -exec chmod 750 \{\} \;;
find . -type f -exec chmod 640 \{\} \;;
echo "Waiting for Elasticsearch availability";
until curl -s --cacert config/certs/ca/ca.crt https://my-es:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
echo "Setting kibana_system password";
until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://my-es:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;
echo "All done!";
'
healthcheck:
test: ["CMD-SHELL", "[ -f config/certs/my-es/my-es.crt ]"]
interval: 1s
timeout: 5s
retries: 120
networks:
- my-network
my-es:
env_file:
- .env
depends_on:
my-es-setup:
condition: service_healthy
image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
container_name: my-es
volumes:
- certs:/usr/share/elasticsearch/config/certs
- '${BASE_DIR}/elasticsearch/plugins:/usr/share/elasticsearch/plugins'
- '${BASE_DIR}/elasticsearch/data:/usr/share/elasticsearch/data'
- '${BASE_DIR}/elasticsearch/logs:/usr/share/elasticsearch/logs'
ports:
- ${ES_PORT}:9200
- ${TRANSPORT_PORT}:9300
environment:
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- node.name=my-es
- cluster.name=${CLUSTER_NAME}
- cluster.initial_master_nodes=my-es
- discovery.seed_hosts=my-es
- ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
- bootstrap.memory_lock=true
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=certs/my-es/my-es.key
- xpack.security.http.ssl.certificate=certs/my-es/my-es.crt
- xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.key=certs/my-es/my-es.key
- xpack.security.transport.ssl.certificate=certs/my-es/my-es.crt
- xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.license.self_generated.type=${LICENSE}
deploy:
resources:
limits:
memory: ${MEM_LIMIT}
# 句柄数配置
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
healthcheck:
test:
[
"CMD-SHELL",
"curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
]
interval: 10s
timeout: 10s
retries: 120
networks:
- my-network
my-kibana:
env_file:
- .env
depends_on:
my-es:
condition: service_healthy
image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
container_name: my-kibana
volumes:
- certs:/usr/share/kibana/config/certs
- '${BASE_DIR}/kibana/data:/usr/share/kibana/data'
ports:
- ${KIBANA_PORT}:5601
environment:
- SERVERNAME=kibana
- ELASTICSEARCH_HOSTS=https://my-es:9200
- ELASTICSEARCH_USERNAME=kibana_system
- ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
- ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
deploy:
resources:
limits:
memory: ${MEM_LIMIT}
healthcheck:
test:
[
"CMD-SHELL",
"curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
]
interval: 10s
timeout: 10s
retries: 120
networks:
- my-network
# 自定义网桥 my-network
networks:
my-network:
# 启动时不自动创建网桥,需要提前手动创建 网桥 docker network create -d bridge my-network
external: true
driver: bridge
# https://www.w3cschool.cn/doc_docker_1_11/docker_1_11-engine-reference-commandline-volume_create-index.html
# 创建的 volume 将存储到 /var/lib/docker/volumes/ 路径下
volumes:
# CA 证书 挂载
certs:
driver: local
2、双节点模式部署
一个 master node 一个 work node
docker-compose.yml 文件
version: '3.8'
services:
my-es-setup:
env_file:
- .env
image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
container_name: my-es-setup
volumes:
- certs:/usr/share/elasticsearch/config/certs
user: "0"
command: >
bash -c '
if [ x${ELASTIC_PASSWORD} == x ]; then
echo "Set the ELASTIC_PASSWORD environment variable in the .env file";
exit 1;
elif [ x${KIBANA_PASSWORD} == x ]; then
echo "Set the KIBANA_PASSWORD environment variable in the .env file";
exit 1;
fi;
if [ ! -f config/certs/ca.zip ]; then
echo "Creating CA";
bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
unzip config/certs/ca.zip -d config/certs;
fi;
if [ ! -f config/certs/certs.zip ]; then
echo "Creating certs";
echo -ne \
"instances:\n"\
" - name: my-es-master\n"\
" dns:\n"\
" - my-es-master\n"\
" - localhost\n"\
" ip:\n"\
" - 127.0.0.1\n"\
" - name: my-es-node1\n"\
" dns:\n"\
" - my-es-node1\n"\
" - localhost\n"\
" ip:\n"\
" - 127.0.0.1\n"\
> config/certs/instances.yml;
bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
unzip config/certs/certs.zip -d config/certs;
fi;
echo "Setting file permissions"
chown -R root:root config/certs;
find . -type d -exec chmod 750 \{\} \;;
find . -type f -exec chmod 640 \{\} \;;
echo "Waiting for Elasticsearch availability";
until curl -s --cacert config/certs/ca/ca.crt https://my-es-master:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
echo "Setting kibana_system password";
until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://my-es-master:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;
echo "All done!";
'
healthcheck:
test: [ "CMD-SHELL", "[ -f config/certs/my-es-master/my-es-master.crt ]" ]
interval: 1s
timeout: 5s
retries: 120
networks:
- my-network
my-es-master:
env_file:
- .env
depends_on:
my-es-setup:
condition: service_healthy
image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
container_name: my-es-master
volumes:
- certs:/usr/share/elasticsearch/config/certs
- 'pluginis:/usr/share/elasticsearch/plugins'
- '${BASE_DIR}/elasticsearch/master-data:/usr/share/elasticsearch/data'
- '${BASE_DIR}/elasticsearch/master-logs:/usr/share/elasticsearch/logs'
ports:
- ${ES_PORT}:9200
- ${TRANSPORT_PORT}:9300
environment:
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- node.name=my-es-master
- cluster.name=${CLUSTER_NAME}
- cluster.initial_master_nodes=my-es-master,my-es-node1
- discovery.seed_hosts=my-es-node1
- ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
- bootstrap.memory_lock=true
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=certs/my-es-master/my-es-master.key
- xpack.security.http.ssl.certificate=certs/my-es-master/my-es-master.crt
- xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.key=certs/my-es-master/my-es-master.key
- xpack.security.transport.ssl.certificate=certs/my-es-master/my-es-master.crt
- xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.license.self_generated.type=${LICENSE}
deploy:
resources:
limits:
memory: ${MEM_LIMIT}
# 句柄数配置
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
healthcheck:
test:
[
"CMD-SHELL",
"curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
]
interval: 10s
timeout: 10s
retries: 120
networks:
- my-network
my-es-node1:
env_file:
- .env
depends_on:
- my-es-master
image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
container_name: my-es-node1
volumes:
- 'certs:/usr/share/elasticsearch/config/certs'
- 'pluginis:/usr/share/elasticsearch/plugins'
- '${BASE_DIR}/elasticsearch/node1-data:/usr/share/elasticsearch/data'
- '${BASE_DIR}/elasticsearch/node1-logs:/usr/share/elasticsearch/logs'
environment:
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- node.name=my-es-node1
- cluster.name=${CLUSTER_NAME}
- cluster.initial_master_nodes=my-es-master,my-es-node1
- discovery.seed_hosts=my-es-master
- bootstrap.memory_lock=true
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=certs/my-es-node1/my-es-node1.key
- xpack.security.http.ssl.certificate=certs/my-es-node1/my-es-node1.crt
- xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.key=certs/my-es-node1/my-es-node1.key
- xpack.security.transport.ssl.certificate=certs/my-es-node1/my-es-node1.crt
- xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.license.self_generated.type=${LICENSE}
deploy:
resources:
limits:
memory: ${MEM_LIMIT}
# 句柄数配置
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
healthcheck:
test:
[
"CMD-SHELL",
"curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
]
interval: 10s
timeout: 10s
retries: 120
networks:
- my-network
my-kibana:
env_file:
- .env
depends_on:
my-es-master:
condition: service_healthy
my-es-node1:
condition: service_healthy
image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
container_name: my-kibana
volumes:
- certs:/usr/share/kibana/config/certs
- '${BASE_DIR}/elasticsearch/kibana/data:/usr/share/kibana/data'
ports:
- ${KIBANA_PORT}:5601
environment:
- SERVERNAME=kibana
- ELASTICSEARCH_HOSTS=https://my-es-master:9200
- ELASTICSEARCH_USERNAME=kibana_system
- ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
- ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
deploy:
resources:
limits:
memory: ${MEM_LIMIT}
healthcheck:
test:
[
"CMD-SHELL",
"curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
]
interval: 10s
timeout: 10s
retries: 120
networks:
- my-network
# 自定义网桥 my-network
networks:
my-network:
# 启动时不自动创建网桥,需要提前手动创建 网桥 docker network create -d bridge my-network
external: true
driver: bridge
# https://www.w3cschool.cn/doc_docker_1_11/docker_1_11-engine-reference-commandline-volume_create-index.html
# 创建的 volume 将存储到 /var/lib/docker/volumes/ 路径下
volumes:
# CA 证书 挂载
certs:
driver: local
# 插件挂载
pluginis:
driver: local
3、集群模式部署
以下示例以 一个 master 两个 work node 为例,实际中,有多个请自行修改扩展(复制修改)
docker-compose.yml 文件
version: '3.8'
services:
my-es-setup:
env_file:
- .env
image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
container_name: my-es-setup
volumes:
- certs:/usr/share/elasticsearch/config/certs
user: "0"
command: >
bash -c '
if [ x${ELASTIC_PASSWORD} == x ]; then
echo "Set the ELASTIC_PASSWORD environment variable in the .env file";
exit 1;
elif [ x${KIBANA_PASSWORD} == x ]; then
echo "Set the KIBANA_PASSWORD environment variable in the .env file";
exit 1;
fi;
if [ ! -f config/certs/ca.zip ]; then
echo "Creating CA";
bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
unzip config/certs/ca.zip -d config/certs;
fi;
if [ ! -f config/certs/certs.zip ]; then
echo "Creating certs";
echo -ne \
"instances:\n"\
" - name: my-es-master\n"\
" dns:\n"\
" - my-es-master\n"\
" - localhost\n"\
" ip:\n"\
" - 127.0.0.1\n"\
" - name: my-es-node1\n"\
" dns:\n"\
" - my-es-node1\n"\
" - localhost\n"\
" ip:\n"\
" - 127.0.0.1\n"\
" - name: my-es-node2\n"\
" dns:\n"\
" - my-es-node2\n"\
" - localhost\n"\
" ip:\n"\
" - 127.0.0.1\n"\
> config/certs/instances.yml;
bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
unzip config/certs/certs.zip -d config/certs;
fi;
echo "Setting file permissions"
chown -R root:root config/certs;
find . -type d -exec chmod 750 \{\} \;;
find . -type f -exec chmod 640 \{\} \;;
echo "Waiting for Elasticsearch availability";
until curl -s --cacert config/certs/ca/ca.crt https://my-es-master:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
echo "Setting kibana_system password";
until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://my-es-master:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;
echo "All done!";
'
healthcheck:
test: [ "CMD-SHELL", "[ -f config/certs/my-es-master/my-es-master.crt ]" ]
interval: 1s
timeout: 5s
retries: 120
networks:
- my-network
my-es-master:
env_file:
- .env
depends_on:
my-es-setup:
condition: service_healthy
image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
container_name: my-es-master
volumes:
- certs:/usr/share/elasticsearch/config/certs
- '${BASE_DIR}/elasticsearch/master-data:/usr/share/elasticsearch/data'
- '${BASE_DIR}/elasticsearch/master-logs:/usr/share/elasticsearch/logs'
ports:
- ${ES_PORT}:9200
- ${TRANSPORT_PORT}:9300
environment:
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- node.name=my-es-master
- cluster.name=${CLUSTER_NAME}
- cluster.initial_master_nodes=my-es-master,my-es-node1,my-es-node2
- discovery.seed_hosts=my-es-node1,my-es-node2
- ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
- bootstrap.memory_lock=true
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=certs/my-es-master/my-es-master.key
- xpack.security.http.ssl.certificate=certs/my-es-master/my-es-master.crt
- xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.key=certs/my-es-master/my-es-master.key
- xpack.security.transport.ssl.certificate=certs/my-es-master/my-es-master.crt
- xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.license.self_generated.type=${LICENSE}
deploy:
resources:
limits:
memory: ${MEM_LIMIT}
# 句柄数配置
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
healthcheck:
test:
[
"CMD-SHELL",
"curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
]
interval: 10s
timeout: 10s
retries: 120
networks:
- my-network
my-es-node1:
env_file:
- .env
depends_on:
- my-es-master
image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
container_name: my-es-node1
volumes:
- certs:/usr/share/elasticsearch/config/certs
- 'pluginis:/usr/share/elasticsearch/plugins'
- '${BASE_DIR}/elasticsearch/node1-data:/usr/share/elasticsearch/data'
- '${BASE_DIR}/elasticsearch/node1-logs:/usr/share/elasticsearch/logs'
environment:
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- node.name=my-es-node1
- cluster.name=${CLUSTER_NAME}
- cluster.initial_master_nodes=my-es-master,my-es-node1,my-es-node2
- discovery.seed_hosts=my-es-master,my-es-node2
- bootstrap.memory_lock=true
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=certs/my-es-node1/my-es-node1.key
- xpack.security.http.ssl.certificate=certs/my-es-node1/my-es-node1.crt
- xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.key=certs/my-es-node1/my-es-node1.key
- xpack.security.transport.ssl.certificate=certs/my-es-node1/my-es-node1.crt
- xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.license.self_generated.type=${LICENSE}
deploy:
resources:
limits:
memory: ${MEM_LIMIT}
# 句柄数配置
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
healthcheck:
test:
[
"CMD-SHELL",
"curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
]
interval: 10s
timeout: 10s
retries: 120
networks:
- my-network
my-es-node2:
env_file:
- .env
depends_on:
- my-es-node1
image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
container_name: my-es-node2
volumes:
- certs:/usr/share/elasticsearch/config/certs
- 'pluginis:/usr/share/elasticsearch/plugins'
- '${BASE_DIR}/elasticsearch/node2-data:/usr/share/elasticsearch/data'
- '${BASE_DIR}/elasticsearch/node2-logs:/usr/share/elasticsearch/logs'
environment:
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- node.name=my-es-node2
- cluster.name=${CLUSTER_NAME}
- cluster.initial_master_nodes=my-es-master,my-es-node1,my-es-node2
- discovery.seed_hosts=my-es-master,my-es-node1
- bootstrap.memory_lock=true
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=certs/my-es-node2/my-es-node2.key
- xpack.security.http.ssl.certificate=certs/my-es-node2/my-es-node2.crt
- xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.key=certs/my-es-node2/my-es-node2.key
- xpack.security.transport.ssl.certificate=certs/my-es-node2/my-es-node2.crt
- xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.license.self_generated.type=${LICENSE}
deploy:
resources:
limits:
memory: ${MEM_LIMIT}
# 句柄数配置
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
healthcheck:
test:
[
"CMD-SHELL",
"curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
]
interval: 10s
timeout: 10s
retries: 120
networks:
- my-network
my-kibana:
env_file:
- .env
depends_on:
my-es-master:
condition: service_healthy
my-es-node1:
condition: service_healthy
my-es-node2:
condition: service_healthy
image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
container_name: my-kibana
volumes:
- certs:/usr/share/kibana/config/certs
- '${BASE_DIR}/elasticsearch/kibana/data:/usr/share/kibana/data'
ports:
- ${KIBANA_PORT}:5601
environment:
- SERVERNAME=kibana
- ELASTICSEARCH_HOSTS=https://my-es-master:9200
- ELASTICSEARCH_USERNAME=kibana_system
- ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
- ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
deploy:
resources:
limits:
memory: ${MEM_LIMIT}
healthcheck:
test:
[
"CMD-SHELL",
"curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
]
interval: 10s
timeout: 10s
retries: 120
networks:
- my-network
# 自定义网桥 my
networks:
my-network:
# 启动时不自动创建网桥,需要提前手动创建 网桥 docker network create -d bridge my-network
external: true
driver: bridge
# https://www.w3cschool.cn/doc_docker_1_11/docker_1_11-engine-reference-commandline-volume_create-index.html
# 创建的 volume 将存储到 /var/lib/docker/volumes/ 路径下
volumes:
# 插件挂载
pluginis:
driver: local
# CA 证书 挂载
certs:
driver: local
# 声明指令的卷名,compose会自动创建卷名 project_tomcat_volume01;project 为docker-compose所在的目录的名称,
# docker volume create certs 提前手动创建定义的数据卷,docker volume create /home/appdata/certs
#external: true
# master-data:
# driver: local
# master-logs:
# driver: local
#
# node1-data:
# driver: local
# node1-logs:
# driver: local
#
# node2-data:
# driver: local
# node2-logs:
# driver: local
#
# kibana-data:
# driver: local
标签:compose,config,ca,certs,elasticsearch,docker,my,Elasticsearch8,es From: https://www.cnblogs.com/Alay/p/17477153.html