本文以 Elasticsearch8.8.0 为例,介绍一下单机安装 ES ,使用 docker-compose 方式进行便捷管理
需要准本docker 环境:一键安装脚本 https://www.cnblogs.com/Alay/p/15433473.html
需要准备 docker-compose 环境:一键安装脚本 https://www.cnblogs.com/Alay/p/15433907.html
官网阅读参考
ES 的编排:https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html?baymax=rec&rogue=pop-1&elektra=docs
github:https://github.com/elastic/elasticsearch/blob/main/docs/reference/setup/install/docker/docker-compose.yml
**** 以下所有命名 均为 my-... 实际使用中,请自行全局替换修改,如:my-es ,myes 等,自行修改为自己的项目名称
开始正题:
一、介绍:
以下部署分三种模式,单机节点部署,双节点部署,多节点集群部署, 其中单节点,双节点 均由多节点 模式改造而来, 三种模式均 包含 了 kibana 的部署,三种模式均已经测试验证,
部署环境,使用的是 阿里云 ecs 单服务器 8GB 内存 进行的测试部署,三节点服务器要求,单服务 8GB 内存以上才能流畅的测试,否则会在此过程中,部分节点 停机,导致集群不能全部启动
环境说明,本案例使用的 阿里云 ECS 非 root 用户,出于安全考虑,而是购买时直接设置了 ecs-user 用户,所以省去了 新创建 非 root 用户的麻烦,如果是 ECS 使用者也推荐购买时直接选择 ecs-user(非root 用户)
二、常见问题:
1、docker 非 root 用户 无法访问 docker 命令问题 $USER 代表读取当前用户,或者 声明指定 比如 改为 ecs-user
sudo usermod -aG docker $USER 或者 sudo gpasswd -a $USER docker
2、非 root 用户常见权限问题:
如: 给 用户 ecs-user 授权 路径 /home/appdata
sudo chown -R ecs-user:docker /home/appdata sudo chmod -R 775 /home/appdata
3、报错:Error: Could not create the Java Virtual Machine.
基本是挂载文件的权限问题,没有权限,比如日志,数据文件挂在路径没有权限,使用上一步的方式给相关的挂载路径赋予权限即可
4、报错 vm.max_map_count [65530] is too low
elasticsearch用户拥有的内存权限太小,至少需要262144, 执行
sudo sysctl -w vm.max_map_count=262144
以上是我测试中遇到的问题,其他问题没有发生,所以无法给出提示
三、环境变量文件准备
.evn 环境变量文件
BASE_DIR=/home/appdata # Password for the 'elastic' user (at least 6 characters) elastic 用户名的密码 ELASTIC_PASSWORD=myes_7j1TEQyVyoVLJ5G4SXM3NcH6Z # Password for the 'kibana_system' user (at least 6 characters) kibana 密码 KIBANA_PASSWORD=myes_ZFzBxCF1Hrz5Gp5UAElBLnNFS # ES 8.x 的版本标识(可根据个人项目需求修改) STACK_VERSION=8.8.0 # Set the cluster name CLUSTER_NAME=my-es-cluster # Set to 'basic' or 'trial' to automatically start the 30-day trial 设置为 “基本” 或 “试用” 以自动开始30天的试用 #LICENSE=trial LICENSE=basic # Port to expose Elasticsearch HTTP API to the host ES_PORT=9200 #ES_PORT=127.0.0.1:9200 # 集群间内部通讯 TRANSPORT_PORT=9300 # Port to expose Kibana to the host KIBANA_PORT=5601 #KIBANA_PORT=80 # Increase or decrease based on the available host memory (in bytes) # 1GB MEM_LIMIT=1073741824 # Project namespace (defaults to the current folder name if not set)项目命名空间 (如果未设置,默认为当前文件夹名称) COMPOSE_PROJECT_NAME=my-es
四、部署
1、单机节点部署
docker-compose.yml 文件编写
version: '3.8' services: my-es-setup: env_file: - .env image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} container_name: my-es-setup volumes: - certs:/usr/share/elasticsearch/config/certs user: "0" command: > bash -c ' if [ x${ELASTIC_PASSWORD} == x ]; then echo "Set the ELASTIC_PASSWORD environment variable in the .env file"; exit 1; elif [ x${KIBANA_PASSWORD} == x ]; then echo "Set the KIBANA_PASSWORD environment variable in the .env file"; exit 1; fi; if [ ! -f config/certs/ca.zip ]; then echo "Creating CA"; bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip; unzip config/certs/ca.zip -d config/certs; fi; if [ ! -f config/certs/certs.zip ]; then echo "Creating certs"; echo -ne \ "instances:\n"\ " - name: my-es\n"\ " dns:\n"\ " - my-es\n"\ " - localhost\n"\ " ip:\n"\ " - 127.0.0.1\n"\ > config/certs/instances.yml; bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key; unzip config/certs/certs.zip -d config/certs; fi; echo "Setting file permissions" chown -R root:root config/certs; find . -type d -exec chmod 750 \{\} \;; find . -type f -exec chmod 640 \{\} \;; echo "Waiting for Elasticsearch availability"; until curl -s --cacert config/certs/ca/ca.crt https://my-es:9200 | grep -q "missing authentication credentials"; do sleep 30; done; echo "Setting kibana_system password"; until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://my-es:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done; echo "All done!"; ' healthcheck: test: ["CMD-SHELL", "[ -f config/certs/my-es/my-es.crt ]"] interval: 1s timeout: 5s retries: 120 networks: - my-network my-es: env_file: - .env depends_on: my-es-setup: condition: service_healthy image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} container_name: my-es volumes: - certs:/usr/share/elasticsearch/config/certs - '${BASE_DIR}/elasticsearch/plugins:/usr/share/elasticsearch/plugins' - '${BASE_DIR}/elasticsearch/data:/usr/share/elasticsearch/data' - '${BASE_DIR}/elasticsearch/logs:/usr/share/elasticsearch/logs' ports: - ${ES_PORT}:9200 - ${TRANSPORT_PORT}:9300 environment: - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - node.name=my-es - cluster.name=${CLUSTER_NAME} - cluster.initial_master_nodes=my-es - discovery.seed_hosts=my-es - ELASTIC_PASSWORD=${ELASTIC_PASSWORD} - bootstrap.memory_lock=true - xpack.security.enabled=true - xpack.security.http.ssl.enabled=true - xpack.security.http.ssl.key=certs/my-es/my-es.key - xpack.security.http.ssl.certificate=certs/my-es/my-es.crt - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt - xpack.security.transport.ssl.enabled=true - xpack.security.transport.ssl.key=certs/my-es/my-es.key - xpack.security.transport.ssl.certificate=certs/my-es/my-es.crt - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt - xpack.security.transport.ssl.verification_mode=certificate - xpack.license.self_generated.type=${LICENSE} deploy: resources: limits: memory: ${MEM_LIMIT} # 句柄数配置 ulimits: memlock: soft: -1 hard: -1 nofile: soft: 65536 hard: 65536 healthcheck: test: [ "CMD-SHELL", "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'", ] interval: 10s timeout: 10s retries: 120 networks: - my-network my-kibana: env_file: - .env depends_on: my-es: condition: service_healthy image: docker.elastic.co/kibana/kibana:${STACK_VERSION} container_name: my-kibana volumes: - certs:/usr/share/kibana/config/certs - '${BASE_DIR}/kibana/data:/usr/share/kibana/data' ports: - ${KIBANA_PORT}:5601 environment: - SERVERNAME=kibana - ELASTICSEARCH_HOSTS=https://my-es:9200 - ELASTICSEARCH_USERNAME=kibana_system - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD} - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt deploy: resources: limits: memory: ${MEM_LIMIT} healthcheck: test: [ "CMD-SHELL", "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'", ] interval: 10s timeout: 10s retries: 120 networks: - my-network # 自定义网桥 my-network networks: my-network: # 启动时不自动创建网桥,需要提前手动创建 网桥 docker network create -d bridge my-network external: true driver: bridge # https://www.w3cschool.cn/doc_docker_1_11/docker_1_11-engine-reference-commandline-volume_create-index.html # 创建的 volume 将存储到 /var/lib/docker/volumes/ 路径下 volumes: # CA 证书 挂载 certs: driver: local
2、双节点模式部署
一个 master node 一个 work node
docker-compose.yml 文件
version: '3.8' services: my-es-setup: env_file: - .env image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} container_name: my-es-setup volumes: - certs:/usr/share/elasticsearch/config/certs user: "0" command: > bash -c ' if [ x${ELASTIC_PASSWORD} == x ]; then echo "Set the ELASTIC_PASSWORD environment variable in the .env file"; exit 1; elif [ x${KIBANA_PASSWORD} == x ]; then echo "Set the KIBANA_PASSWORD environment variable in the .env file"; exit 1; fi; if [ ! -f config/certs/ca.zip ]; then echo "Creating CA"; bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip; unzip config/certs/ca.zip -d config/certs; fi; if [ ! -f config/certs/certs.zip ]; then echo "Creating certs"; echo -ne \ "instances:\n"\ " - name: my-es-master\n"\ " dns:\n"\ " - my-es-master\n"\ " - localhost\n"\ " ip:\n"\ " - 127.0.0.1\n"\ " - name: my-es-node1\n"\ " dns:\n"\ " - my-es-node1\n"\ " - localhost\n"\ " ip:\n"\ " - 127.0.0.1\n"\ > config/certs/instances.yml; bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key; unzip config/certs/certs.zip -d config/certs; fi; echo "Setting file permissions" chown -R root:root config/certs; find . -type d -exec chmod 750 \{\} \;; find . -type f -exec chmod 640 \{\} \;; echo "Waiting for Elasticsearch availability"; until curl -s --cacert config/certs/ca/ca.crt https://my-es-master:9200 | grep -q "missing authentication credentials"; do sleep 30; done; echo "Setting kibana_system password"; until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://my-es-master:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done; echo "All done!"; ' healthcheck: test: [ "CMD-SHELL", "[ -f config/certs/my-es-master/my-es-master.crt ]" ] interval: 1s timeout: 5s retries: 120 networks: - my-network my-es-master: env_file: - .env depends_on: my-es-setup: condition: service_healthy image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} container_name: my-es-master volumes: - certs:/usr/share/elasticsearch/config/certs - 'pluginis:/usr/share/elasticsearch/plugins' - '${BASE_DIR}/elasticsearch/master-data:/usr/share/elasticsearch/data' - '${BASE_DIR}/elasticsearch/master-logs:/usr/share/elasticsearch/logs' ports: - ${ES_PORT}:9200 - ${TRANSPORT_PORT}:9300 environment: - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - node.name=my-es-master - cluster.name=${CLUSTER_NAME} - cluster.initial_master_nodes=my-es-master,my-es-node1 - discovery.seed_hosts=my-es-node1 - ELASTIC_PASSWORD=${ELASTIC_PASSWORD} - bootstrap.memory_lock=true - xpack.security.enabled=true - xpack.security.http.ssl.enabled=true - xpack.security.http.ssl.key=certs/my-es-master/my-es-master.key - xpack.security.http.ssl.certificate=certs/my-es-master/my-es-master.crt - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt - xpack.security.transport.ssl.enabled=true - xpack.security.transport.ssl.key=certs/my-es-master/my-es-master.key - xpack.security.transport.ssl.certificate=certs/my-es-master/my-es-master.crt - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt - xpack.security.transport.ssl.verification_mode=certificate - xpack.license.self_generated.type=${LICENSE} deploy: resources: limits: memory: ${MEM_LIMIT} # 句柄数配置 ulimits: memlock: soft: -1 hard: -1 nofile: soft: 65536 hard: 65536 healthcheck: test: [ "CMD-SHELL", "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'", ] interval: 10s timeout: 10s retries: 120 networks: - my-network my-es-node1: env_file: - .env depends_on: - my-es-master image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} container_name: my-es-node1 volumes: - 'certs:/usr/share/elasticsearch/config/certs' - 'pluginis:/usr/share/elasticsearch/plugins' - '${BASE_DIR}/elasticsearch/node1-data:/usr/share/elasticsearch/data' - '${BASE_DIR}/elasticsearch/node1-logs:/usr/share/elasticsearch/logs' environment: - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - node.name=my-es-node1 - cluster.name=${CLUSTER_NAME} - cluster.initial_master_nodes=my-es-master,my-es-node1 - discovery.seed_hosts=my-es-master - bootstrap.memory_lock=true - xpack.security.enabled=true - xpack.security.http.ssl.enabled=true - xpack.security.http.ssl.key=certs/my-es-node1/my-es-node1.key - xpack.security.http.ssl.certificate=certs/my-es-node1/my-es-node1.crt - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt - xpack.security.transport.ssl.enabled=true - xpack.security.transport.ssl.key=certs/my-es-node1/my-es-node1.key - xpack.security.transport.ssl.certificate=certs/my-es-node1/my-es-node1.crt - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt - xpack.security.transport.ssl.verification_mode=certificate - xpack.license.self_generated.type=${LICENSE} deploy: resources: limits: memory: ${MEM_LIMIT} # 句柄数配置 ulimits: memlock: soft: -1 hard: -1 nofile: soft: 65536 hard: 65536 healthcheck: test: [ "CMD-SHELL", "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'", ] interval: 10s timeout: 10s retries: 120 networks: - my-network my-kibana: env_file: - .env depends_on: my-es-master: condition: service_healthy my-es-node1: condition: service_healthy image: docker.elastic.co/kibana/kibana:${STACK_VERSION} container_name: my-kibana volumes: - certs:/usr/share/kibana/config/certs - '${BASE_DIR}/elasticsearch/kibana/data:/usr/share/kibana/data' ports: - ${KIBANA_PORT}:5601 environment: - SERVERNAME=kibana - ELASTICSEARCH_HOSTS=https://my-es-master:9200 - ELASTICSEARCH_USERNAME=kibana_system - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD} - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt deploy: resources: limits: memory: ${MEM_LIMIT} healthcheck: test: [ "CMD-SHELL", "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'", ] interval: 10s timeout: 10s retries: 120 networks: - my-network # 自定义网桥 my-network networks: my-network: # 启动时不自动创建网桥,需要提前手动创建 网桥 docker network create -d bridge my-network external: true driver: bridge # https://www.w3cschool.cn/doc_docker_1_11/docker_1_11-engine-reference-commandline-volume_create-index.html # 创建的 volume 将存储到 /var/lib/docker/volumes/ 路径下 volumes: # CA 证书 挂载 certs: driver: local # 插件挂载 pluginis: driver: local
3、集群模式部署
以下示例以 一个 master 两个 work node 为例,实际中,有多个请自行修改扩展(复制修改)
docker-compose.yml 文件
version: '3.8' services: my-es-setup: env_file: - .env image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} container_name: my-es-setup volumes: - certs:/usr/share/elasticsearch/config/certs user: "0" command: > bash -c ' if [ x${ELASTIC_PASSWORD} == x ]; then echo "Set the ELASTIC_PASSWORD environment variable in the .env file"; exit 1; elif [ x${KIBANA_PASSWORD} == x ]; then echo "Set the KIBANA_PASSWORD environment variable in the .env file"; exit 1; fi; if [ ! -f config/certs/ca.zip ]; then echo "Creating CA"; bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip; unzip config/certs/ca.zip -d config/certs; fi; if [ ! -f config/certs/certs.zip ]; then echo "Creating certs"; echo -ne \ "instances:\n"\ " - name: my-es-master\n"\ " dns:\n"\ " - my-es-master\n"\ " - localhost\n"\ " ip:\n"\ " - 127.0.0.1\n"\ " - name: my-es-node1\n"\ " dns:\n"\ " - my-es-node1\n"\ " - localhost\n"\ " ip:\n"\ " - 127.0.0.1\n"\ " - name: my-es-node2\n"\ " dns:\n"\ " - my-es-node2\n"\ " - localhost\n"\ " ip:\n"\ " - 127.0.0.1\n"\ > config/certs/instances.yml; bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key; unzip config/certs/certs.zip -d config/certs; fi; echo "Setting file permissions" chown -R root:root config/certs; find . -type d -exec chmod 750 \{\} \;; find . -type f -exec chmod 640 \{\} \;; echo "Waiting for Elasticsearch availability"; until curl -s --cacert config/certs/ca/ca.crt https://my-es-master:9200 | grep -q "missing authentication credentials"; do sleep 30; done; echo "Setting kibana_system password"; until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://my-es-master:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done; echo "All done!"; ' healthcheck: test: [ "CMD-SHELL", "[ -f config/certs/my-es-master/my-es-master.crt ]" ] interval: 1s timeout: 5s retries: 120 networks: - my-network my-es-master: env_file: - .env depends_on: my-es-setup: condition: service_healthy image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} container_name: my-es-master volumes: - certs:/usr/share/elasticsearch/config/certs - '${BASE_DIR}/elasticsearch/master-data:/usr/share/elasticsearch/data' - '${BASE_DIR}/elasticsearch/master-logs:/usr/share/elasticsearch/logs' ports: - ${ES_PORT}:9200 - ${TRANSPORT_PORT}:9300 environment: - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - node.name=my-es-master - cluster.name=${CLUSTER_NAME} - cluster.initial_master_nodes=my-es-master,my-es-node1,my-es-node2 - discovery.seed_hosts=my-es-node1,my-es-node2 - ELASTIC_PASSWORD=${ELASTIC_PASSWORD} - bootstrap.memory_lock=true - xpack.security.enabled=true - xpack.security.http.ssl.enabled=true - xpack.security.http.ssl.key=certs/my-es-master/my-es-master.key - xpack.security.http.ssl.certificate=certs/my-es-master/my-es-master.crt - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt - xpack.security.transport.ssl.enabled=true - xpack.security.transport.ssl.key=certs/my-es-master/my-es-master.key - xpack.security.transport.ssl.certificate=certs/my-es-master/my-es-master.crt - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt - xpack.security.transport.ssl.verification_mode=certificate - xpack.license.self_generated.type=${LICENSE} deploy: resources: limits: memory: ${MEM_LIMIT} # 句柄数配置 ulimits: memlock: soft: -1 hard: -1 nofile: soft: 65536 hard: 65536 healthcheck: test: [ "CMD-SHELL", "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'", ] interval: 10s timeout: 10s retries: 120 networks: - my-network my-es-node1: env_file: - .env depends_on: - my-es-master image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} container_name: my-es-node1 volumes: - certs:/usr/share/elasticsearch/config/certs - 'pluginis:/usr/share/elasticsearch/plugins' - '${BASE_DIR}/elasticsearch/node1-data:/usr/share/elasticsearch/data' - '${BASE_DIR}/elasticsearch/node1-logs:/usr/share/elasticsearch/logs' environment: - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - node.name=my-es-node1 - cluster.name=${CLUSTER_NAME} - cluster.initial_master_nodes=my-es-master,my-es-node1,my-es-node2 - discovery.seed_hosts=my-es-master,my-es-node2 - bootstrap.memory_lock=true - xpack.security.enabled=true - xpack.security.http.ssl.enabled=true - xpack.security.http.ssl.key=certs/my-es-node1/my-es-node1.key - xpack.security.http.ssl.certificate=certs/my-es-node1/my-es-node1.crt - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt - xpack.security.transport.ssl.enabled=true - xpack.security.transport.ssl.key=certs/my-es-node1/my-es-node1.key - xpack.security.transport.ssl.certificate=certs/my-es-node1/my-es-node1.crt - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt - xpack.security.transport.ssl.verification_mode=certificate - xpack.license.self_generated.type=${LICENSE} deploy: resources: limits: memory: ${MEM_LIMIT} # 句柄数配置 ulimits: memlock: soft: -1 hard: -1 nofile: soft: 65536 hard: 65536 healthcheck: test: [ "CMD-SHELL", "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'", ] interval: 10s timeout: 10s retries: 120 networks: - my-network my-es-node2: env_file: - .env depends_on: - my-es-node1 image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} container_name: my-es-node2 volumes: - certs:/usr/share/elasticsearch/config/certs - 'pluginis:/usr/share/elasticsearch/plugins' - '${BASE_DIR}/elasticsearch/node2-data:/usr/share/elasticsearch/data' - '${BASE_DIR}/elasticsearch/node2-logs:/usr/share/elasticsearch/logs' environment: - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - node.name=my-es-node2 - cluster.name=${CLUSTER_NAME} - cluster.initial_master_nodes=my-es-master,my-es-node1,my-es-node2 - discovery.seed_hosts=my-es-master,my-es-node1 - bootstrap.memory_lock=true - xpack.security.enabled=true - xpack.security.http.ssl.enabled=true - xpack.security.http.ssl.key=certs/my-es-node2/my-es-node2.key - xpack.security.http.ssl.certificate=certs/my-es-node2/my-es-node2.crt - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt - xpack.security.transport.ssl.enabled=true - xpack.security.transport.ssl.key=certs/my-es-node2/my-es-node2.key - xpack.security.transport.ssl.certificate=certs/my-es-node2/my-es-node2.crt - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt - xpack.security.transport.ssl.verification_mode=certificate - xpack.license.self_generated.type=${LICENSE} deploy: resources: limits: memory: ${MEM_LIMIT} # 句柄数配置 ulimits: memlock: soft: -1 hard: -1 nofile: soft: 65536 hard: 65536 healthcheck: test: [ "CMD-SHELL", "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'", ] interval: 10s timeout: 10s retries: 120 networks: - my-network my-kibana: env_file: - .env depends_on: my-es-master: condition: service_healthy my-es-node1: condition: service_healthy my-es-node2: condition: service_healthy image: docker.elastic.co/kibana/kibana:${STACK_VERSION} container_name: my-kibana volumes: - certs:/usr/share/kibana/config/certs - '${BASE_DIR}/elasticsearch/kibana/data:/usr/share/kibana/data' ports: - ${KIBANA_PORT}:5601 environment: - SERVERNAME=kibana - ELASTICSEARCH_HOSTS=https://my-es-master:9200 - ELASTICSEARCH_USERNAME=kibana_system - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD} - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt deploy: resources: limits: memory: ${MEM_LIMIT} healthcheck: test: [ "CMD-SHELL", "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'", ] interval: 10s timeout: 10s retries: 120 networks: - my-network # 自定义网桥 my networks: my-network: # 启动时不自动创建网桥,需要提前手动创建 网桥 docker network create -d bridge my-network external: true driver: bridge # https://www.w3cschool.cn/doc_docker_1_11/docker_1_11-engine-reference-commandline-volume_create-index.html # 创建的 volume 将存储到 /var/lib/docker/volumes/ 路径下 volumes: # 插件挂载 pluginis: driver: local # CA 证书 挂载 certs: driver: local # 声明指令的卷名,compose会自动创建卷名 project_tomcat_volume01;project 为docker-compose所在的目录的名称, # docker volume create certs 提前手动创建定义的数据卷,docker volume create /home/appdata/certs #external: true # master-data: # driver: local # master-logs: # driver: local # # node1-data: # driver: local # node1-logs: # driver: local # # node2-data: # driver: local # node2-logs: # driver: local # # kibana-data: # driver: local
标签:compose,config,ca,certs,elasticsearch,docker,my,Elasticsearch8,es From: https://www.cnblogs.com/Alay/p/17477153.html