docker部署ElasticSearch

发表于 分类于

本次基于es的7.17.22版本
ES官网下载链接:https://www.elastic.co/downloads/elasticsearch
docker最新版本:https://hub.docker.com/_/elasticsearch?tab=tags&page=1&ordering=last_updated
建议你有自己的nexus,解决各种网络加速问题,参考:Docker部署Nexusnexus配置的一些实践

1.安装启动

1.1 安装es

1
2
3
4
5
6
# 创建一个卷
$ docker volume create vo-es-config;
$ docker volume create vo-es-data;
$ docker volume create vo-es-log;
$ docker pull elasticsearch:7.17.22
$ docker run -dit --name elasticsearch --restart=always -e TZ=Asia/Shanghai -v vo-es-log:/usr/share/elasticsearch/logs/ -v /etc/localtime:/etc/localtime:ro -v vo-es-config:/usr/share/elasticsearch/config/ -v vo-es-data:/usr/share/elasticsearch/data/ -p 9200:9200 -p 9300:9300 -e ES_JAVA_OPTS="-Xms4096m -Xmx4096m" -e "discovery.type=single-node" elasticsearch:7.17.22

浏览器方案ip:9200,可得到如下信息:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
{
  "name" : "6941d90b4d79",
  "cluster_name" : "docker-cluster",
  "cluster_uuid" : "axs648aaSzWinLJgvsCbOA",
  "version" : {
    "number" : "7.17.22",
    "build_flavor" : "default",
    "build_type" : "docker",
    "build_hash" : "6bc13727ce758c0e943c3c21653b3da82f627f75",
    "build_date" : "2021-09-15T10:18:09.722761972Z",
    "build_snapshot" : false,
    "lucene_version" : "8.9.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

1.2 安装分词器

分词插件官网:https://infinilabs.com/
对应的release页面:https://release.infinilabs.com/analysis-ik/stable/
github页面:https://github.com/infinilabs/analysis-ik
未安装时,测试下效果:

1
2
3
curl --location --request POST 'http://127.0.0.1:9200/_analyze' \
 --header 'Content-Type: application/json' \
 -d '{"analyzer":"ik_max_word","text":"美国国歌"}'

会报错:

1
{"error":{"root_cause":[{"type":"illegal_argument_exception","reason":"failed to find global analyzer [ik_max_word]"}],"type":"illegal_argument_exception","reason":"failed to find global analyzer [ik_max_word]"},"status":400}%

进入容器并安装

1
2
3
4
5
6
7
8
9
# 在线安装
$ docker exec -it elasticsearch bash
$ /usr/share/elasticsearch/bin/elasticsearch-plugin install https://release.infinilabs.com/analysis-ik/stable/elasticsearch-analysis-ik-7.17.22.zip

# 离线安装,如果下载太慢,可以通过别的渠道下载在将文件cp进去,再进入容器
$ curl -L -x "http://<你的代理>"  https://release.infinilabs.com/analysis-ik/stable/elasticsearch-analysis-ik-7.17.22.zip -O
$ docker cp /tmp/elasticsearch-analysis-ik-7.17.22.zip elasticsearch:/tmp/elasticsearch-analysis-ik-7.17.22.zip
$ docker exec -it elasticsearch bash
$ /usr/share/elasticsearch/bin/elasticsearch-plugin install file:///tmp/elasticsearch-analysis-ik-7.17.22.zip

安装完成之后,重启es

1
$ docker restart elasticsearch

再进行测试,效果如下:

1
{"tokens":[{"token":"美国","start_offset":0,"end_offset":2,"type":"CN_WORD","position":0},{"token":"国歌","start_offset":2,"end_offset":4,"type":"CN_WORD","position":1}]}

1.3 设置认证

进入容器,并编辑:

1
2
3
4
5
6
7
$ vi /usr/share/elasticsearch/config/elasticsearch.yml
# 新增如下内容
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true

保存后,重启容器。
再次进入容器即可设置账号密码:

1
2
3
4
5
6
7
8
$ elasticsearch-setup-passwords interactive
# 分别会设置如下五类的密码
elastic
apm_system
kibana
logstash_system
beats_system
remote_monitoring_user

2.安装可视化插件 kibana

2.1 安装

1
2
3
4
5
# 创建一个卷
$ docker volume create vo-kibana-config;
$ docker volume create vo-kibana-data;
$ docker pull kibana:7.17.22
$ docker run --name kibana -dit --restart=always -e TZ=Asia/Shanghai -v vo-kibana-config:/usr/share/kibana/config -v vo-kibana-data:/usr/share/kibana/data -v /etc/localtime:/etc/localtime:ro -e ELASTICSEARCH_URL=http://es.alnk.top:9200 -p 15601:5601 kibana:7.17.22

2.2 接入es的认证

1
2
3
4
5
6
7
8
# 进入容器
$ docker exec -it kibana bash
$ vi config/kibana.yml
# 添加一行:
elasticsearch.username: "elastic"
elasticsearch.password: "你的elastic密码"
# 如果你通过nginx进行了代理,这里再输入你的kibana的完整url
server.publicBaseUrl: "https://你的kibana.com"

再重启容器即可登录kibana了,账号是elastic,密码是elastic的密码

3.集群

3.1 准备

1
2
3
4
5
vim /etc/sysctl.conf
#末尾添加
vm.max_map_count=262144
#检查下效果
sysctl -p

3.1 部署

假设集群ip为:192.168.1.1、192.168.1.2、192.168.1.3

1
2
3
4
5
docker run  --name elasticsearch --restart=always -e TZ=Asia/Shanghai -v /etc/localtime:/etc/localtime:ro -v vo-es-log:/usr/share/elasticsearch/logs/ -v vo-es-config:/usr/share/elasticsearch/config/ -v vo-es-data:/usr/share/elasticsearch/data/ -p 9200:9200 -p 9300:9300 -e node.name='node-1' -e network.publish_host=192.168.1.1 -e network.host=0.0.0.0 -e discovery.seed_hosts=192.168.1.1,192.168.1.2,192.168.1.3 -e cluster.initial_master_nodes=192.168.1.1,192.168.1.2,192.168.1.3 -e cluster.name=es-cluster -e ES_JAVA_OPTS="-Xms8g -Xmx8g"  -dit elasticsearch:7.17.22

docker run  --name elasticsearch --restart=always -v vo-es-log:/usr/share/elasticsearch/logs/ -v vo-es-config:/usr/share/elasticsearch/config/ -v vo-es-data:/usr/share/elasticsearch/data/ -p 9200:9200 -p 9300:9300 -e node.name='node-2' -e network.publish_host=192.168.1.2 -e network.host=0.0.0.0 -e discovery.seed_hosts=192.168.1.1,192.168.1.2,192.168.1.3 -e cluster.initial_master_nodes=192.168.1.1,192.168.1.2,192.168.1.3 -e cluster.name=es-cluster -e ES_JAVA_OPTS="-Xms8g -Xmx8g"  -dit elasticsearch:7.17.22

docker run  --name elasticsearch --restart=always -v vo-es-log:/usr/share/elasticsearch/logs/ -v vo-es-config:/usr/share/elasticsearch/config/ -v vo-es-data:/usr/share/elasticsearch/data/ -p 9200:9200 -p 9300:9300 -e node.name='node-3' -e network.publish_host=192.168.1.3 -e network.host=0.0.0.0 -e discovery.seed_hosts=192.168.1.1,192.168.1.2,192.168.1.3 -e cluster.initial_master_nodes=192.168.1.1,192.168.1.2,192.168.1.3 -e cluster.name=es-cluster -e ES_JAVA_OPTS="-Xms8g -Xmx8g"  -dit elasticsearch:7.17.22

几个要点:
每个集群只修改node.namenetwork.publish_host,另外,节点内存应小于等于服务器最大内存的一半

3.2 证书配置

参考官方文档:https://www.elastic.co/guide/en/elasticsearch/reference/current/security-basic-setup.html#generate-certificates

3.2.1 基础配置

每个节点都需要这么配置。

1
2
3
4
5
6
7
8
9
10
11
12
# 找到你的elasticsearch.yml配置文件
vim /mnt/disk2/volumes/vo-es-config/_data/elasticsearch.yml
# 新增如下配置
http.cors.enabled: true
http.cors.allow-origin: '*'
http.cors.allow-headers: Authorization
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

3.2.2 生成证书

在主节点操作

1
2
3
4
5
6
7
8
9
10
11
docker exec -it elasticsearch bash
#生成根证书
elasticsearch-certutil ca
#根据提示,输入路径
config/elastic-stack-ca.p12
#然后设置完成密码
#根据根证书,生成节点证书,文件名和基础配置保持一致
elasticsearch-certutil cert --ca config/elastic-stack-ca.p12
#根据提示,输入路径
config/elastic-certificates.p12
#然后设置完成密码

3.2.3 导入证书

每个节点都需要操作
将config/elastic-certificates.p12复制到每个服务器的节点,并设置读写权限

1
2
chmod 755 你的路径/elastic-certificates.p12
chmod 755 你的路径/elastic-stack-ca.p12

进入容器,并将证书导入到ES,如果你没有设置证书密码,就不需要这一步:

1
2
3
docker exec -it elasticsearch bash
elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password

最后,重启每个节点的容器即可