Docker 部署 3 节点 ES 集群

参考: Docker 部署 3 节点 ES 集群 - evescn - 博客园

Docker 部署 3 节点 ES 集群

资源清单
主机 IP
- es-master 10.0.0.1
- es-node1 10.0.0.2
- es-node2 10.0.0.3
软件版本
- docker 20.10.12
- docker-compose 1.23.1
- elasticsearch 7.16.3
- kibana 7.16.3

一、Docker 安装

1. 使用国内 yum 源
# yum install -y yum-utils device-mapper-persistent-data lvm2
# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

2. 卸载旧版本的 docker
## 如果主机上已经有docker存在且不是想要安装的版本，需要先进行卸载。
# yum remove -y docker \
              docker-client \
              docker-client-latest \
              docker-common \
              docker-latest \
              docker-latest-logrotate \
              docker-logrotate \
              docker-selinux \
              docker-engine-selinux \
              docker-engine \
              container*

3. 安装 Docker20.10 版本

# yum -y install docker-ce-20.10.12-3.el7 docker-ce-cli-20.10.12-3.el7
curl -L https://github.com/docker/compose/releases/download/1.27.2/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose

4. 设置镜像加速

# mkdir /etc/docker
# vi /etc/docker/daemon.json

{
  "registry-mirrors": ["https://xxxxxxxxx.mirror.aliyuncs.com"]
}

5. 启动 docker

# systemctl start docker
# systemctl enable docker
# systemctl status docker

二、Docker-compose 安装

github.com 可能访问超时，可以使用下面的获取下载下来后上传服务器即可

curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
curl -k "https://dl.cactifans.com/zabbix_docker/docker-compose" -o /usr/bin/docker-compose
chmod a+x /usr/bin/docker-compose
docker-compose version

三、部署 ES 集群

部署 es-master 节点 10.0.0.1 主机

a | 编辑 docker-compose 文件

version: '3'
services:
  es-master:
    image: elasticsearch:7.16.3
    container_name: es-master
    environment:
      - "ES_JAVA_OPTS=-Xms4096m -Xmx4096m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    volumes:
      - /data/elasticsearch/config/es.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
      - /data/elasticsearch/data:/usr/share/elasticsearch/data:rw
      - /data/elasticsearch/log:/usr/share/elasticsearch/log:rw
    ports:
      - 9200:9200
      - 9300:9300
    extra_hosts:                        # 设置容器 hosts
      - "es-master:10.0.0.1"
      - "es-node1:10.0.0.2"
      - "es-node2:10.0.0.3"
  kibana:
    image: kibana:7.16.3
    container_name: kibana
    restart: always
    environment:
      - TZ="Asia/Shanghai"
    ports:
      - 5601:5601
    volumes:
      - /data/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml:ro
    depends_on:
      - es-master

b | 创建服务挂载目录

##  创建es配置数据日志目录
mkdir /data/elasticsearch/{config,data,log} -pv

## 创建kibana配置目录
mkdir /data/kibana/config -pv

## 修改es目录权限，否则容器启动报错，es容器使用es用户启动，用户id=1000
chown 1000:1000 /data/elasticsearch/* -R

c | 编辑 es.yml 配置文件

# vim /data/elasticsearch/config/es.yml

cluster.name: es-cluster-test
node.name: es-master
node.master: true
node.data: true

#network.host: 0.0.0.0
network.bind_host: 0.0.0.0
network.publish_host: 10.0.0.1
http.port: 9200
transport.tcp.port: 9300
http.cors.enabled: true
http.cors.allow-origin: "*"

discovery.zen.ping.unicast.hosts: ["es-master:9300", "es-node1:9300", "es-node2:9300"]
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping_timeout: 5s

bootstrap.memory_lock: true
action.destructive_requires_name: true
cluster.initial_master_nodes: ["es-master"]

ingest.geoip.downloader.enabled: false

d | 编辑 kibana.yml 配置文件

# vim /data/kibana/config/kibana.yml

server.name: kibana
server.host: "0.0.0.0"
#此处为es的master地址
elasticsearch.hosts: "http://es-master:9200"
xpack.monitoring.ui.container.elasticsearch.enabled: true
i18n.locale: "zh-CN"

e | 启动服务

docker-compose up -d

## ElasticSearch启动报错，bootstrap checks failed 
## max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

echo "vm.max_map_count=655360" >> /etc/sysctl.conf
sysctl -p

2. 部署 es-node1 节点

10.0.0.2 主机

a | 编辑 docker-compose 文件

version: '3'
services:
  es-node1:
    image: elasticsearch:7.16.3
    container_name: es-node1
    environment:
      - "ES_JAVA_OPTS=-Xms4096m -Xmx4096m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    volumes:
      - /data/elasticsearch/config/es.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
      - /data/elasticsearch/data:/usr/share/elasticsearch/data:rw
      - /data/elasticsearch/log:/usr/share/elasticsearch/log:rw
    ports:
      - 9200:9200
      - 9300:9300
    extra_hosts:                        # 设置容器 hosts
      - "es-master:10.0.0.1"
      - "es-node1:10.0.0.2"
      - "es-node2:10.0.0.3"

b | 创建服务挂载目录

##  创建es配置数据日志目录
mkdir /data/elasticsearch/{config,data,log} -pv

## 修改es目录权限，否则容器启动报错，es容器使用es用户启动，用户id=1000
chown 1000:1000 /data/elasticsearch/* -R


## ElasticSearch启动报错，bootstrap checks failed 
## max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]


echo "vm.max_map_count=655360" /etc/sysctl.conf
sysctl -p

c | 编辑 es.yml 配置文件

# vim /data/elasticsearch/config/es.yml

cluster.name: es-cluster-test
node.name: es-node1
node.master: false
node.data: true

network.bind_host: 0.0.0.0
network.publish_host: 10.0.0.2
http.port: 9200
transport.tcp.port: 9300
http.cors.enabled: true
http.cors.allow-origin: "*"

discovery.zen.ping.unicast.hosts: ["es-master:9300", "es-node1:9300", "es-node2:9300"]
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping_timeout: 5s

bootstrap.memory_lock: true
action.destructive_requires_name: true
cluster.initial_master_nodes: ["es-master"]

d | 启动服务

# docker-compose up -d

3. 部署 es-node2 节点

10.0.0.3 主机

a | 编辑 docker-compose 文件

version: '3'
services:
  es-node1:
    image: elasticsearch:7.16.3
    container_name: es-node2
    environment:
      - "ES_JAVA_OPTS=-Xms4096m -Xmx4096m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    volumes:
      - /data/elasticsearch/config/es.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
      - /data/elasticsearch/data:/usr/share/elasticsearch/data:rw
      - /data/elasticsearch/log:/usr/share/elasticsearch/log:rw
    ports:
      - 9200:9200
      - 9300:9300
    extra_hosts:                        # 设置容器 hosts
      - "es-master:10.0.0.1"
      - "es-node1:10.0.0.2"
      - "es-node2:10.0.0.3"

b | 创建服务挂载目录

##  创建es配置数据日志目录
mkdir /data/elasticsearch/{config,data,log} -pv

## 修改es目录权限，否则容器启动报错，es容器使用es用户启动，用户id=1000
chown 1000:1000 /data/elasticsearch/* -R


## ElasticSearch启动报错，bootstrap checks failed 
## max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]


echo "vm.max_map_count=655360" /etc/sysctl.conf
sysctl -p

c | 编辑 es.yml 配置文件

# vim /data/elasticsearch/config/es.yml

cluster.name: es-cluster-test
node.name: es-node1
node.master: false
node.data: true

network.bind_host: 0.0.0.0
network.publish_host: 10.0.0.3
http.port: 9200
transport.tcp.port: 9300
http.cors.enabled: true
http.cors.allow-origin: "*"

discovery.zen.ping.unicast.hosts: ["es-master:9300", "es-node1:9300", "es-node2:9300"]
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping_timeout: 5s

bootstrap.memory_lock: true
action.destructive_requires_name: true
cluster.initial_master_nodes: ["es-master"]

d | 启动服务

docker-compose up -d

4. 启动 es_xpack 认证

集群认证需要首先配置秘钥才行，否则在给内置用户创建秘钥的时候将会报错

a | 生成证书

## 登陆其中一个node节点执行命令，生成完证书传到集群其他节点即可
## 两条命令均一路回车即可，不需要给秘钥再添加密码。
## 证书创建完成之后，默认在es的数据目录，这里统一cp 到宿主机目录中

docker exec -it es-mater bash
/usr/share/elasticsearch/bin/elasticsearch-certutil ca
/usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
mv elastic-* /usr/share/elasticsearch/data/
exit 



## 复制 /data/elasticsearch/data/ 下证书到 config 目录
cd /data/elasticsearch/config/
cp /data/elasticsearch/data/elastic-*  ./
chmod 644 elastic-*
chown 1000:1000 elastic*


## 复制证书文件到其他节点
scp /data/elasticsearch/config/elastic-* 10.0.0.2:/data/elasticsearch/config/
scp /data/elasticsearch/config/elastic-* 10.0.0.3:/data/elasticsearch/config/

b | 新增 es.yml 配置

三台机器新增配置如下：

......
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/elastic-certificates.p12

c | 修改 docker-compose.yml 文件

version: '3'
services:
  es-node1:
    image: elasticsearch:7.16.3
    ......
    volumes:
      - /data/elasticsearch/config/es.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro

      ## 挂载 ssl 证书到容器中
      - /data/elasticsearch/config/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12:ro
      - /data/elasticsearch/config/elastic-stack-ca.p12:/usr/share/elasticsearch/config/elastic-stack-ca.p12:ro
      - /data/elasticsearch/data:/usr/share/elasticsearch/data:rw
      - /data/elasticsearch/log:/usr/share/elasticsearch/log:rw
    ......

d | 创建账户，并为内置账号添加密码

ES 中内置了几个管理其他集成组件的账号即：apm_system, beats_system, elastic, kibana, logstash_system, remote_monitoring_user，使用之前，首先需要添加一下密码。

# docker exec -it es-mater bash
# /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

e | 配置完毕之后，可以通过如下方式访问 es 服务：

curl -XGET -u elastic 'localhost:9200/_xpack/security/user?pretty'

f | kibana 配置文件中，新增 es 账户密码

kibana.yml 文件

elasticsearch.username: "elastic"
elasticsearch.password: "123456"

PreviousELK-Kafka-Filebeat NextElasticSearch Python操作

Last updated 2 years ago