docker installs elasticsearch cluster, kibana, and sets password [note]

Install elasticsearch

  1. Install ElasticSearch cluster based on docker-compose.yml (two nodes per machine)

ElasticSearch is based on java, and the new version needs to support LTS, so you need to install jdk9 or above. Select 11 here

docker pull openjdk:11
  1. vm.max_ map_ The count kernel setting needs to be at least 262144 for production
sysctl -w vm.max_map_count=262144
  1. Create a new directory and create a docker-compose.yml file
    Note that network1 in docker-compose.yml is the network name created in advance. The specific operation instructions are as follows
docker network create -d bridge --subnet --gateway network1

The contents of docker-compose.yml file are as follows

version: '2.2'
    container_name: es01
      - discovery.seed_hosts=es02
      - cluster.initial_master_nodes=es01,es02
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
        soft: -1
        hard: -1
#    volumes:
#      - $HOME/data/docker/es1/data:/usr/share/elasticsearch/data
#      - $HOME/data/docker/es1/config:/usr/share/elasticsearch/config
#      - $HOME/data/docker/es1/logs:/usr/share/elasticsearch/logs
#      - $HOME/data/docker/es1/plugins:/usr/share/elasticsearch/plugins
      - 9200:9200
    container_name: es02
      - discovery.seed_hosts=es01
      - cluster.initial_master_nodes=es01,es02
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
        soft: -1
        hard: -1
#    volumes:
#      - $HOME/data/docker/es2/data:/usr/share/elasticsearch/data
#      - $HOME/data/docker/es2/config:/usr/share/elasticsearch/config
#      - $HOME/data/docker/es2/logs:/usr/share/elasticsearch/logs
#      - $HOME/data/docker/es2/plugins:/usr/share/elasticsearch/plugins

      name: network1
  1. Execute the command docker compose up - D

  2. Copy the configuration file to the mount directory
    docker cp es01:/usr/share/elasticsearch/ $HOME/data/docker/es1/
    docker cp es02:/usr/share/elasticsearch/ $HOME/data/docker/es2/
    If one more layer of elasticsearch path is copied, move all files under elasticsearch to the same level directory, for example mv elasticsearch / *

  3. Stop and delete started containers
    docker stop es01 es02 && docker rm es01 es02

  4. Modify the docker-compose.yml file (open the comment, that is, hang it in the directory)

  5. Re execute docker compose up - D

If you don't need to install x-pach, ignore the next steps. At this time, elastic search can be used normally

  1. Enter the container to generate a certificate
docker exec -it es01 bash
/usr/share/elasticsearch/bin/elasticsearch-certutil ca

Press enter all the way. It is not recommended to enter the password to prevent errors

After execution, the elastic-stack-ca.p12 file will be generated

/usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca /usr/share/elasticsearch/elastic-stack-ca.p12

Press enter all the way. It is not recommended to enter the password to prevent errors
A new file elastic-certificates.p12 is generated

Exit container exit
10. Copy the generated certificate file to the mount directory

docker cp es01:/usr/share/elasticsearch/elastic-stack-ca.p12 $HOME/data/docker/es1/config/
docker cp es01:/usr/share/elasticsearch/elastic-certificates.p12 $HOME/data/docker/es1/config/
  1. Copy the certificate to the configuration file directory of each node
cp $HOME/data/docker/es1/config/*.p12 $HOME/data/docker/es2/config/
  1. Authorize the certificate file separately
    chmod 777 elastic-*.p12
  2. Enter the mount directory of each node,
cd $HOME/data/docker/es1/config
  1. Modify the elasticsearch.yml file under es1 to prepare for the installation of x-pach
    Add content:
# Whether cross domain is supported. The default value is false
http.cors.enabled: true
# Indicates whether this node can act as the master node
node.master: true
# Whether to act as a data node true
# This configuration indicates that the xpack authentication mechanism is enabled and the password is used to log in        true true certificate elastic-certificates.p12 elastic-certificates.p12
  1. Restart the service separately
docker restart es01 es02
  1. Enter the container and set the password respectively
docker exec -it es01 bash
cd /usr/share/elasticsearch/bin
  1. implement
./elasticsearch-setup-passwords interactive

Set the password as prompted
Default account elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
The password is set in the above steps

  1. Restart service
docker restart es01 es02

Install kibana (consistent with es)

  • Pull the same version image
docker pull kibana:7.14.1
  • Create a new directory / root/data/docker/kibana/config to save kibana configuration files
mkdir -p /root/data/docker/kibana/config
  • Create a new kibana.yml configuration file. The input contents are as follows
#Mapping port of Kibana
server.port: 5601
#default gateway ""
#Name of Kibana instance "kibana-"
#The cluster address of Elasticsearch, that is, all cluster IP addresses
elasticsearch.hosts: ["",""]
#Set the page language, Zh CN for Chinese and en for English
i18n.locale: "zh-CN"
xpack.monitoring.ui.container.elasticsearch.enabled: true
elasticsearch.username: "kibana_system"
elasticsearch.password: "Password entered when setting above"
  • Start kibana
docker run -d -p 5601:5601 --network network1 --ip -v $HOME/data/docker/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml  --name kibana kibana:7.14.1

Tags: Docker ElasticSearch kibana

Posted on Mon, 27 Sep 2021 01:09:29 -0400 by hillbilly928