首页 > 其他分享 >Elasticsearch8 单机以及集群部署(docker-compose)

Elasticsearch8 单机以及集群部署(docker-compose)

时间:2023-06-13 12:02:33浏览次数:49  
标签:compose config ca certs elasticsearch docker my Elasticsearch8 es

本文以 Elasticsearch8.8.0 为例,介绍一下单机安装 ES ,使用 docker-compose 方式进行便捷管理

需要准本docker 环境:一键安装脚本 https://www.cnblogs.com/Alay/p/15433473.html

需要准备 docker-compose 环境:一键安装脚本 https://www.cnblogs.com/Alay/p/15433907.html

官网阅读参考

ES 的编排:https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html?baymax=rec&rogue=pop-1&elektra=docs

github:https://github.com/elastic/elasticsearch/blob/main/docs/reference/setup/install/docker/docker-compose.yml

**** 以下所有命名 均为  my-...   实际使用中,请自行全局替换修改,如:my-es ,myes 等,自行修改为自己的项目名称

开始正题:

一、介绍:

以下部署分三种模式,单机节点部署,双节点部署,多节点集群部署, 其中单节点,双节点 均由多节点 模式改造而来,  三种模式均 包含 了 kibana 的部署,三种模式均已经测试验证,

部署环境,使用的是 阿里云 ecs  单服务器 8GB 内存 进行的测试部署,三节点服务器要求,单服务 8GB 内存以上才能流畅的测试,否则会在此过程中,部分节点 停机,导致集群不能全部启动

环境说明,本案例使用的 阿里云 ECS 非 root 用户,出于安全考虑,而是购买时直接设置了  ecs-user 用户,所以省去了 新创建  非 root  用户的麻烦,如果是 ECS 使用者也推荐购买时直接选择 ecs-user(非root 用户)

二、常见问题:

1、docker 非 root 用户 无法访问 docker 命令问题 $USER 代表读取当前用户,或者 声明指定 比如  改为  ecs-user

sudo usermod -aG docker $USER 或者 sudo gpasswd -a $USER docker

 

2、非 root 用户常见权限问题:

如: 给 用户 ecs-user 授权  路径  /home/appdata

sudo chown -R ecs-user:docker /home/appdata

sudo chmod -R 775 /home/appdata

 

3、报错:Error: Could not create the Java Virtual Machine.

基本是挂载文件的权限问题,没有权限,比如日志,数据文件挂在路径没有权限,使用上一步的方式给相关的挂载路径赋予权限即可

 

4、报错   vm.max_map_count [65530] is too low

elasticsearch用户拥有的内存权限太小,至少需要262144, 执行

sudo sysctl -w vm.max_map_count=262144

 

以上是我测试中遇到的问题,其他问题没有发生,所以无法给出提示

 

三、环境变量文件准备

.evn 环境变量文件

BASE_DIR=/home/appdata

# Password for the 'elastic' user (at least 6 characters) elastic 用户名的密码
ELASTIC_PASSWORD=myes_7j1TEQyVyoVLJ5G4SXM3NcH6Z

# Password for the 'kibana_system' user (at least 6 characters) kibana 密码
KIBANA_PASSWORD=myes_ZFzBxCF1Hrz5Gp5UAElBLnNFS

# ES 8.x 的版本标识(可根据个人项目需求修改)
STACK_VERSION=8.8.0

# Set the cluster name
CLUSTER_NAME=my-es-cluster

# Set to 'basic' or 'trial' to automatically start the 30-day trial 设置为 “基本” 或 “试用” 以自动开始30天的试用
#LICENSE=trial
LICENSE=basic

# Port to expose Elasticsearch HTTP API to the host
ES_PORT=9200
#ES_PORT=127.0.0.1:9200
# 集群间内部通讯
TRANSPORT_PORT=9300

# Port to expose Kibana to the host
KIBANA_PORT=5601
#KIBANA_PORT=80

# Increase or decrease based on the available host memory (in bytes)
# 1GB
MEM_LIMIT=1073741824

# Project namespace (defaults to the current folder name if not set)项目命名空间 (如果未设置,默认为当前文件夹名称)
COMPOSE_PROJECT_NAME=my-es

四、部署

1、单机节点部署

docker-compose.yml 文件编写

version: '3.8'
services:
  my-es-setup:
    env_file:
      - .env
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    container_name: my-es-setup
    volumes:
      - certs:/usr/share/elasticsearch/config/certs
    user: "0"
    command: >
      bash -c '
        if [ x${ELASTIC_PASSWORD} == x ]; then
          echo "Set the ELASTIC_PASSWORD environment variable in the .env file";
          exit 1;
        elif [ x${KIBANA_PASSWORD} == x ]; then
          echo "Set the KIBANA_PASSWORD environment variable in the .env file";
          exit 1;
        fi;
        if [ ! -f config/certs/ca.zip ]; then
          echo "Creating CA";
          bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
          unzip config/certs/ca.zip -d config/certs;
        fi;
        if [ ! -f config/certs/certs.zip ]; then
          echo "Creating certs";
          echo -ne \
          "instances:\n"\
          "  - name: my-es\n"\
          "    dns:\n"\
          "      - my-es\n"\
          "      - localhost\n"\
          "    ip:\n"\
          "      - 127.0.0.1\n"\
          > config/certs/instances.yml;
          bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
          unzip config/certs/certs.zip -d config/certs;
        fi;
        echo "Setting file permissions"
        chown -R root:root config/certs;
        find . -type d -exec chmod 750 \{\} \;;
        find . -type f -exec chmod 640 \{\} \;;
        echo "Waiting for Elasticsearch availability";
        until curl -s --cacert config/certs/ca/ca.crt https://my-es:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
        echo "Setting kibana_system password";
        until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://my-es:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;
        echo "All done!";
      '
    healthcheck:
      test: ["CMD-SHELL", "[ -f config/certs/my-es/my-es.crt ]"]
      interval: 1s
      timeout: 5s
      retries: 120
    networks:
      - my-network

  my-es:
    env_file:
      - .env
    depends_on:
      my-es-setup:
        condition: service_healthy
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    container_name: my-es
    volumes:
      - certs:/usr/share/elasticsearch/config/certs
      - '${BASE_DIR}/elasticsearch/plugins:/usr/share/elasticsearch/plugins'
      - '${BASE_DIR}/elasticsearch/data:/usr/share/elasticsearch/data'
      - '${BASE_DIR}/elasticsearch/logs:/usr/share/elasticsearch/logs'
    ports:
      - ${ES_PORT}:9200
      - ${TRANSPORT_PORT}:9300
    environment:
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - node.name=my-es
      - cluster.name=${CLUSTER_NAME}
      - cluster.initial_master_nodes=my-es
      - discovery.seed_hosts=my-es
      - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
      - bootstrap.memory_lock=true
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=certs/my-es/my-es.key
      - xpack.security.http.ssl.certificate=certs/my-es/my-es.crt
      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.key=certs/my-es/my-es.key
      - xpack.security.transport.ssl.certificate=certs/my-es/my-es.crt
      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
    deploy:
      resources:
        limits:
          memory: ${MEM_LIMIT}
    # 句柄数配置
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120
    networks:
      - my-network

  my-kibana:
    env_file:
      - .env
    depends_on:
      my-es:
        condition: service_healthy
    image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
    container_name: my-kibana
    volumes:
      - certs:/usr/share/kibana/config/certs
      - '${BASE_DIR}/kibana/data:/usr/share/kibana/data'
    ports:
      - ${KIBANA_PORT}:5601
    environment:
      - SERVERNAME=kibana
      - ELASTICSEARCH_HOSTS=https://my-es:9200
      - ELASTICSEARCH_USERNAME=kibana_system
      - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
      - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
    deploy:
      resources:
        limits:
          memory: ${MEM_LIMIT}
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120
    networks:
      - my-network

# 自定义网桥 my-network
networks:
  my-network:
    # 启动时不自动创建网桥,需要提前手动创建 网桥 docker network create -d bridge my-network
    external: true
    driver: bridge

# https://www.w3cschool.cn/doc_docker_1_11/docker_1_11-engine-reference-commandline-volume_create-index.html
# 创建的 volume 将存储到 /var/lib/docker/volumes/ 路径下
volumes:
  # CA 证书 挂载
  certs:
    driver: local

 

2、双节点模式部署

一个 master node  一个 work node

docker-compose.yml 文件

version: '3.8'

services:
  my-es-setup:
    env_file:
      - .env
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    container_name: my-es-setup
    volumes:
      - certs:/usr/share/elasticsearch/config/certs
    user: "0"
    command: >
      bash -c '
        if [ x${ELASTIC_PASSWORD} == x ]; then
          echo "Set the ELASTIC_PASSWORD environment variable in the .env file";
          exit 1;
        elif [ x${KIBANA_PASSWORD} == x ]; then
          echo "Set the KIBANA_PASSWORD environment variable in the .env file";
          exit 1;
        fi;
        if [ ! -f config/certs/ca.zip ]; then
          echo "Creating CA";
          bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
          unzip config/certs/ca.zip -d config/certs;
        fi;
        if [ ! -f config/certs/certs.zip ]; then
          echo "Creating certs";
          echo -ne \
          "instances:\n"\
          "  - name: my-es-master\n"\
          "    dns:\n"\
          "      - my-es-master\n"\
          "      - localhost\n"\
          "    ip:\n"\
          "      - 127.0.0.1\n"\
          "  - name: my-es-node1\n"\
          "    dns:\n"\
          "      - my-es-node1\n"\
          "      - localhost\n"\
          "    ip:\n"\
          "      - 127.0.0.1\n"\
          > config/certs/instances.yml;
          bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
          unzip config/certs/certs.zip -d config/certs;
        fi;
        echo "Setting file permissions"
        chown -R root:root config/certs;
        find . -type d -exec chmod 750 \{\} \;;
        find . -type f -exec chmod 640 \{\} \;;
        echo "Waiting for Elasticsearch availability";
        until curl -s --cacert config/certs/ca/ca.crt https://my-es-master:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
        echo "Setting kibana_system password";
        until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://my-es-master:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;
        echo "All done!";
      '
    healthcheck:
      test: [ "CMD-SHELL", "[ -f config/certs/my-es-master/my-es-master.crt ]" ]
      interval: 1s
      timeout: 5s
      retries: 120
    networks:
      - my-network

  my-es-master:
    env_file:
      - .env
    depends_on:
      my-es-setup:
        condition: service_healthy
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    container_name: my-es-master
    volumes:
      - certs:/usr/share/elasticsearch/config/certs
      - 'pluginis:/usr/share/elasticsearch/plugins'
      - '${BASE_DIR}/elasticsearch/master-data:/usr/share/elasticsearch/data'
      - '${BASE_DIR}/elasticsearch/master-logs:/usr/share/elasticsearch/logs'
    ports:
      - ${ES_PORT}:9200
      - ${TRANSPORT_PORT}:9300
    environment:
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - node.name=my-es-master
      - cluster.name=${CLUSTER_NAME}
      - cluster.initial_master_nodes=my-es-master,my-es-node1
      - discovery.seed_hosts=my-es-node1
      - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
      - bootstrap.memory_lock=true
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=certs/my-es-master/my-es-master.key
      - xpack.security.http.ssl.certificate=certs/my-es-master/my-es-master.crt
      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.key=certs/my-es-master/my-es-master.key
      - xpack.security.transport.ssl.certificate=certs/my-es-master/my-es-master.crt
      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
    deploy:
      resources:
        limits:
          memory: ${MEM_LIMIT}
    # 句柄数配置
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120
    networks:
      - my-network

  my-es-node1:
    env_file:
      - .env
    depends_on:
      - my-es-master
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    container_name: my-es-node1
    volumes:
      - 'certs:/usr/share/elasticsearch/config/certs'
      - 'pluginis:/usr/share/elasticsearch/plugins'
      - '${BASE_DIR}/elasticsearch/node1-data:/usr/share/elasticsearch/data'
      - '${BASE_DIR}/elasticsearch/node1-logs:/usr/share/elasticsearch/logs'
    environment:
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - node.name=my-es-node1
      - cluster.name=${CLUSTER_NAME}
      - cluster.initial_master_nodes=my-es-master,my-es-node1
      - discovery.seed_hosts=my-es-master
      - bootstrap.memory_lock=true
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=certs/my-es-node1/my-es-node1.key
      - xpack.security.http.ssl.certificate=certs/my-es-node1/my-es-node1.crt
      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.key=certs/my-es-node1/my-es-node1.key
      - xpack.security.transport.ssl.certificate=certs/my-es-node1/my-es-node1.crt
      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
    deploy:
      resources:
        limits:
          memory: ${MEM_LIMIT}
    # 句柄数配置
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120
    networks:
      - my-network

  my-kibana:
    env_file:
      - .env
    depends_on:
      my-es-master:
        condition: service_healthy
      my-es-node1:
        condition: service_healthy
    image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
    container_name: my-kibana
    volumes:
      - certs:/usr/share/kibana/config/certs
      - '${BASE_DIR}/elasticsearch/kibana/data:/usr/share/kibana/data'
    ports:
      - ${KIBANA_PORT}:5601
    environment:
      - SERVERNAME=kibana
      - ELASTICSEARCH_HOSTS=https://my-es-master:9200
      - ELASTICSEARCH_USERNAME=kibana_system
      - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
      - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
    deploy:
      resources:
        limits:
          memory: ${MEM_LIMIT}
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120
    networks:
      - my-network

# 自定义网桥 my-network
networks:
  my-network:
    # 启动时不自动创建网桥,需要提前手动创建 网桥 docker network create -d bridge my-network
    external: true
    driver: bridge

# https://www.w3cschool.cn/doc_docker_1_11/docker_1_11-engine-reference-commandline-volume_create-index.html
# 创建的 volume 将存储到 /var/lib/docker/volumes/ 路径下
volumes:
  # CA 证书 挂载
  certs:
    driver: local

  # 插件挂载
  pluginis:
    driver: local

 

3、集群模式部署

以下示例以  一个 master  两个 work node 为例,实际中,有多个请自行修改扩展(复制修改)

docker-compose.yml 文件

version: '3.8'
services:
  my-es-setup:
    env_file:
      - .env
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    container_name: my-es-setup
    volumes:
      - certs:/usr/share/elasticsearch/config/certs
    user: "0"
    command: >
      bash -c '
        if [ x${ELASTIC_PASSWORD} == x ]; then
          echo "Set the ELASTIC_PASSWORD environment variable in the .env file";
          exit 1;
        elif [ x${KIBANA_PASSWORD} == x ]; then
          echo "Set the KIBANA_PASSWORD environment variable in the .env file";
          exit 1;
        fi;
        if [ ! -f config/certs/ca.zip ]; then
          echo "Creating CA";
          bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
          unzip config/certs/ca.zip -d config/certs;
        fi;
        if [ ! -f config/certs/certs.zip ]; then
          echo "Creating certs";
          echo -ne \
          "instances:\n"\
          "  - name: my-es-master\n"\
          "    dns:\n"\
          "      - my-es-master\n"\
          "      - localhost\n"\
          "    ip:\n"\
          "      - 127.0.0.1\n"\
          "  - name: my-es-node1\n"\
          "    dns:\n"\
          "      - my-es-node1\n"\
          "      - localhost\n"\
          "    ip:\n"\
          "      - 127.0.0.1\n"\
          "  - name: my-es-node2\n"\
          "    dns:\n"\
          "      - my-es-node2\n"\
          "      - localhost\n"\
          "    ip:\n"\
          "      - 127.0.0.1\n"\
          > config/certs/instances.yml;
          bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
          unzip config/certs/certs.zip -d config/certs;
        fi;
        echo "Setting file permissions"
        chown -R root:root config/certs;
        find . -type d -exec chmod 750 \{\} \;;
        find . -type f -exec chmod 640 \{\} \;;
        echo "Waiting for Elasticsearch availability";
        until curl -s --cacert config/certs/ca/ca.crt https://my-es-master:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
        echo "Setting kibana_system password";
        until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://my-es-master:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;
        echo "All done!";
      '
    healthcheck:
      test: [ "CMD-SHELL", "[ -f config/certs/my-es-master/my-es-master.crt ]" ]
      interval: 1s
      timeout: 5s
      retries: 120
    networks:
      - my-network


  my-es-master:
    env_file:
      - .env
    depends_on:
      my-es-setup:
        condition: service_healthy
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    container_name: my-es-master
    volumes:
      - certs:/usr/share/elasticsearch/config/certs
      - '${BASE_DIR}/elasticsearch/master-data:/usr/share/elasticsearch/data'
      - '${BASE_DIR}/elasticsearch/master-logs:/usr/share/elasticsearch/logs'
    ports:
      - ${ES_PORT}:9200
      - ${TRANSPORT_PORT}:9300
    environment:
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - node.name=my-es-master
      - cluster.name=${CLUSTER_NAME}
      - cluster.initial_master_nodes=my-es-master,my-es-node1,my-es-node2
      - discovery.seed_hosts=my-es-node1,my-es-node2
      - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
      - bootstrap.memory_lock=true
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=certs/my-es-master/my-es-master.key
      - xpack.security.http.ssl.certificate=certs/my-es-master/my-es-master.crt
      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.key=certs/my-es-master/my-es-master.key
      - xpack.security.transport.ssl.certificate=certs/my-es-master/my-es-master.crt
      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
    deploy:
      resources:
        limits:
          memory: ${MEM_LIMIT}
    # 句柄数配置
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120
    networks:
      - my-network

  my-es-node1:
    env_file:
      - .env
    depends_on:
      - my-es-master
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    container_name: my-es-node1
    volumes:
      - certs:/usr/share/elasticsearch/config/certs
      - 'pluginis:/usr/share/elasticsearch/plugins'
      - '${BASE_DIR}/elasticsearch/node1-data:/usr/share/elasticsearch/data'
      - '${BASE_DIR}/elasticsearch/node1-logs:/usr/share/elasticsearch/logs'
    environment:
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - node.name=my-es-node1
      - cluster.name=${CLUSTER_NAME}
      - cluster.initial_master_nodes=my-es-master,my-es-node1,my-es-node2
      - discovery.seed_hosts=my-es-master,my-es-node2
      - bootstrap.memory_lock=true
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=certs/my-es-node1/my-es-node1.key
      - xpack.security.http.ssl.certificate=certs/my-es-node1/my-es-node1.crt
      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.key=certs/my-es-node1/my-es-node1.key
      - xpack.security.transport.ssl.certificate=certs/my-es-node1/my-es-node1.crt
      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
    deploy:
      resources:
        limits:
          memory: ${MEM_LIMIT}
    # 句柄数配置
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120
    networks:
      - my-network

  my-es-node2:
    env_file:
      - .env
    depends_on:
      - my-es-node1
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    container_name: my-es-node2
    volumes:
      - certs:/usr/share/elasticsearch/config/certs
      - 'pluginis:/usr/share/elasticsearch/plugins'
      - '${BASE_DIR}/elasticsearch/node2-data:/usr/share/elasticsearch/data'
      - '${BASE_DIR}/elasticsearch/node2-logs:/usr/share/elasticsearch/logs'
    environment:
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - node.name=my-es-node2
      - cluster.name=${CLUSTER_NAME}
      - cluster.initial_master_nodes=my-es-master,my-es-node1,my-es-node2
      - discovery.seed_hosts=my-es-master,my-es-node1
      - bootstrap.memory_lock=true
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=certs/my-es-node2/my-es-node2.key
      - xpack.security.http.ssl.certificate=certs/my-es-node2/my-es-node2.crt
      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.key=certs/my-es-node2/my-es-node2.key
      - xpack.security.transport.ssl.certificate=certs/my-es-node2/my-es-node2.crt
      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
    deploy:
      resources:
        limits:
          memory: ${MEM_LIMIT}
    # 句柄数配置
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120
    networks:
      - my-network

  my-kibana:
    env_file:
      - .env
    depends_on:
      my-es-master:
        condition: service_healthy
      my-es-node1:
        condition: service_healthy
      my-es-node2:
        condition: service_healthy
    image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
    container_name: my-kibana
    volumes:
      - certs:/usr/share/kibana/config/certs
      - '${BASE_DIR}/elasticsearch/kibana/data:/usr/share/kibana/data'
    ports:
      - ${KIBANA_PORT}:5601
    environment:
      - SERVERNAME=kibana
      - ELASTICSEARCH_HOSTS=https://my-es-master:9200
      - ELASTICSEARCH_USERNAME=kibana_system
      - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
      - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
    deploy:
      resources:
        limits:
          memory: ${MEM_LIMIT}
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120
    networks:
      - my-network



# 自定义网桥 my
networks:
  my-network:
    # 启动时不自动创建网桥,需要提前手动创建 网桥 docker network create -d bridge my-network
    external: true
    driver: bridge

# https://www.w3cschool.cn/doc_docker_1_11/docker_1_11-engine-reference-commandline-volume_create-index.html
# 创建的 volume 将存储到 /var/lib/docker/volumes/ 路径下
volumes:
  # 插件挂载
  pluginis:
    driver: local

  # CA 证书 挂载
  certs:
    driver: local
    # 声明指令的卷名,compose会自动创建卷名 project_tomcat_volume01;project 为docker-compose所在的目录的名称,
    # docker volume create certs 提前手动创建定义的数据卷,docker volume create /home/appdata/certs
    #external: true
#  master-data:
#    driver: local
#  master-logs:
#    driver: local
#
#  node1-data:
#    driver: local
#  node1-logs:
#    driver: local
#
#  node2-data:
#    driver: local
#  node2-logs:
#    driver: local
#
#  kibana-data:
#    driver: local

 

标签:compose,config,ca,certs,elasticsearch,docker,my,Elasticsearch8,es
From: https://www.cnblogs.com/Alay/p/17477153.html

相关文章

  • Docker 部署jenkins及项目
    本文主要记录如何通过docker安装jenkins,并且通过jenkins部署项目,最终效果是只要在jenkins对某个项目点击构建,jenkins就会去gitLab上拉取最新项目的最新代码,然后根据你自己项目的pom.xml文件,把项目打包成jar,并且自动把这个最新的jar运行起来,达到一键式构建的目标。1、操作1)服务......
  • window下安装docker并运行angular项目
    window下安装docker并运行angular项目1、使用场景本地有一个node项目,node版本是v16.13.2,在本地安装的angular是15.2.4但是测试服上面的node版本是14.19.3,angular是1.0.0-beta.28.3,会导致angular项目的ngbuild打包不了。但是不能升级版本,因为这个测试服务器上面的东西也......
  • 通过 docker-compose 快速部署 StarRocks 保姆级教程
    目录一、概述二、前期准备1)部署docker2)部署docker-compose三、创建网络四、StarRocks编排部署1)下载StarRocks部署包2)配置3)启动脚本bootstrap.sh4)构建镜像Dockerfile5)编排docker-compose.yaml6)开始部署五、简单测试验证六、常用的StarRocks客户端命令1)服务启停2、查看节......
  • Docker 安装 MySQL8 数据库
    创建数据卷mkdir-p/usr/mysql/conf/usr/mysql/datachmod-R755/usr/mysql/创建配置文件vim/usr/mysql/conf/my.cnf:[client]#socket=/usr/mysql/mysqld.sockdefault-character-set=utf8mb4[mysqld]#pid-file=/var/run/mysqld/mysqld.pid#sock......
  • Docker 安装与升级
    卸载旧版本sudoyumremovedocker\docker-client\docker-client-latest\docker-common\docker-latest\docker-latest-logrotate\docker-logrotate\docker-engine/var/lib/docker/的内容,包括image、container、volumes,andnetworks,将被保留。Docker引擎包现......
  • 在docker环境下配置php以及swole并创建hyperf项目
    在上篇文章中说了在linux环境下安装php8.2以及swoole扩展的问题,只是很多时候我们的环境都是在windows下进行的,但是在windows中安装swoole太麻烦了。这时候就到了我们的docker出场的时候了。首先docker的安装,这个网上到处都是,就不多赘述了,贴一个docker官网地址:https:docker.com,顺......
  • docker安装hbase
    1.拉去镜像拉去前可以使用dockersearchhbase所有你需要的镜像dockerpullharisekhon/hbase2.然后在进行启动dockerrun-d-hhbase\-p2181:2181-p8080:8080-p8085:8085\-p9090:9090-p9095:9095-p16000:16000\-p16010:16010-p16020:16020-p16201:1620......
  • rust Dockerfile
    Dockerfile:ARGBUILD_DIR=/rust/buildFROMrustasbuildARGBUILD_DIRWORKDIR${BUILD_DIR}COPYsrc./srcCOPYRocket.toml.COPYCargo.lock.COPYCargo.toml.RUNcargobuild-rFROMdebianasdeployARGBUILD_DIRWORKDIR/etc/rustRUNmkdirconfig......
  • 安装docker及docker常用的镜像命令
    1、安装docker启动docker 输入sudodockerrunhello-world测试是否成功 查看镜像:输入docker images 查看docker版本:docker --version   2、docker常用的镜像命令(1):列出所有运行的容器:docker ps(2)查看所有本地的主机镜像:docker images REPOSITORY:镜......
  • springboot kettle gralde dockerfile 多阶段构建
    dockerfileFROMopenjdk:8-jdk-alpineASTEMP_BUILD_IMAGEENVENVREFRESH_DATE2023-06-1215:00RUNset-eux&&sed-i's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/g'/etc/apk/repositoriesRUNapkupdate&&apkadd--no-cacheb......