Blog · TrumanWong
Docker安装Elasticsearch + Kibana
-
在
Linux环境中使用Elasticsearch还需要修改一些系统限制。修改步骤如下:
# 修改/etc/sysctl.conf文件
# max_map_count文件包含限制一个进程可以拥有的VMA(虚拟内存区域)的数量。虚拟内存区域是一个连续的虚拟地址空间区域。在进程的生命周期中,每当程序尝试在内存中映射文件,链接到共享内存段,或者分配堆空间的时候,这些区域将被创建。调优这个值将限制进程可拥有VMA的数量。限制一个进程拥有VMA的总数可能导致应用程序出错,因为当进程达到了VMA上线但又只能释放少量的内存给其他的内核进程使用时,操作系统会抛出内存不足的错误。如果你的操作系统在NORMAL区域仅占用少量的内存,那么调低这个值可以帮助释放内存给内核用。
vm.max_map_count=262144
# fs.file-max决定了系统级别所有进程可以打开的文件描述符的数量限制,如果内核中遇到VFS: file-max limit <number> reached的信息,那么就提高这个值。
fs.file-max = 6815744
-
下面开始写配置文件
在
yourpath目录下创建.env、docker-compose.yml、es01.yml三个文件version: "2.2" services: setup: container_name: es_setup image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} volumes: - /yourpath/certs:/usr/share/elasticsearch/config/certs user: "0" command: > bash -c ' if [ x${ELASTIC_PASSWORD} == x ]; then echo "Set the ELASTIC_PASSWORD environment variable in the .env file"; exit 1; elif [ x${KIBANA_PASSWORD} == x ]; then echo "Set the KIBANA_PASSWORD environment variable in the .env file"; exit 1; fi; if [ ! -f config/certs/ca.zip ]; then echo "Creating CA"; bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip; unzip config/certs/ca.zip -d config/certs; fi; if [ ! -f config/certs/certs.zip ]; then echo "Creating certs"; echo -ne \ "instances:\n"\ " - name: es01\n"\ " dns:\n"\ " - es01\n"\ " - localhost\n"\ " ip:\n"\ " - 127.0.0.1\n"\ > config/certs/instances.yml; bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key; unzip config/certs/certs.zip -d config/certs; fi; echo "Setting file permissions" chown -R root:root config/certs; find . -type d -exec chmod 750 \{\} \;; find . -type f -exec chmod 640 \{\} \;; echo "All done!"; ' networks: - elastic healthcheck: test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"] interval: 1s timeout: 5s retries: 120 es01: container_name: es01 depends_on: setup: condition: service_healthy image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} volumes: - /yourpath/certs:/usr/share/elasticsearch/config/certs - /yourpath/esdata01:/usr/share/elasticsearch/data - /yourpath/logs:/usr/share/elasticsearch/logs - /yourpath/plugins:/usr/share/elasticsearch/plugins - /yourpath/es01.yml:/usr/share/elasticsearch/config/elasticsearch.yml ports: - ${ES_PORT}:9200 - ${ES_TCP_PORT}:9300 mem_limit: ${MEM_LIMIT} ulimits: memlock: soft: -1 hard: -1 networks: - elastic healthcheck: test: [ "CMD-SHELL", "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'", ] interval: 10s timeout: 10s retries: 120 kibana: container_name: kibana depends_on: es01: condition: service_healthy image: docker.elastic.co/kibana/kibana:${STACK_VERSION} volumes: - /yourpath/certs:/usr/share/kibana/config/certs - /yourpath/kibanadata:/usr/share/kibana/data ports: - ${KIBANA_PORT}:5601 environment: - SERVERNAME=kibana - ELASTICSEARCH_URL=https://es01:9200 - ELASTICSEARCH_HOSTS=https://es01:9200 - ELASTICSEARCH_USERNAME=kibana_system - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD} - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt mem_limit: ${MEM_LIMIT} networks: - elastic healthcheck: test: [ "CMD-SHELL", "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'", ] interval: 10s timeout: 10s retries: 120 networks: elastic: driver: bridge# 配置Elasticsearch的集群名称,默认是Elasticsearch,建议修改成一个有意义的名称 cluster.name: es-docker-cluster # Elasticsearch节点名称,Elasticsearch默认会随机指定一个名字,建议指定一个有意义的名称,方便管理 node.name: es01 #discovery.seed_hosts: es02,es03 cluster.initial_master_nodes: es01 #,es02,es0 # 允许外部网络访问 network.host: 0.0.0.0 #支持跨域 http.cors.enabled: true #支持所有域名 http.cors.allow-origin: "*" http.cors.allow-headers: Authorization ES_JAVA_OPTS: "-Xms512m -Xmx512m" # 开启xpack安全校验,在kibana中使用就需要输入账号密码 bootstrap.memory_lock: true xpack.security.enabled: true xpack.security.http.ssl.enabled: true xpack.security.http.ssl.key: certs/es01/es01.key xpack.security.http.ssl.certificate: certs/es01/es01.crt xpack.security.http.ssl.certificate_authorities: certs/ca/ca.crt xpack.security.http.ssl.verification_mode: certificate xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.key: certs/es01/es01.key xpack.security.transport.ssl.certificate: certs/es01/es01.crt xpack.security.transport.ssl.certificate_authorities: certs/ca/ca.crt xpack.security.transport.ssl.verification_mode: certificate xpack.license.self_generated.type: basic -
执行
docker-compose up -d,然后执行docker exec -it elastic /bin/bash进入容器内部,执行elasticsearch-setup-passwords interactive设置密码:# elasticsearch-setup-passwords interactive Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user. You will be prompted to enter passwords as the process progresses. Please confirm that you would like to continue [y/N]y Enter password for [elastic]: Reenter password for [elastic]: Enter password for [apm_system]: Reenter password for [apm_system]: Enter password for [kibana_system]: Reenter password for [kibana_system]: Enter password for [logstash_system]: Reenter password for [logstash_system]: Enter password for [beats_system]: Reenter password for [beats_system]: Enter password for [remote_monitoring_user]: Reenter password for [remote_monitoring_user]: Passwords do not match. Try again. Enter password for [remote_monitoring_user]: Reenter password for [remote_monitoring_user]: Changed password for user [apm_system] Changed password for user [kibana_system] Changed password for user [kibana] Changed password for user [logstash_system] Changed password for user [beats_system] Changed password for user [remote_monitoring_user] Changed password for user [elastic]重置密码后,将
kibana.yml、.env的kibana_system密码修改为充值后的密码,然后执行docker-compose up -d。
文中代码已上传github。


