docker部署es集群
1.服务器 192.168.1.240 es1 192.168.1.125 es2 192.168.1.141 es3 2.es镜像自行下载 3.es配置文件 #es1 [root@wx-host-0029 config]# cat elasticsearch.yml # 集群名称 cluster.name: qz-escluster # 集群初始化 选择该节点为主节点 master cluster.initial_master_nodes : "es1" # 节点名称 node.name: es1 # 是否允许该节点参加master 选举 node.master: true # 允许该节点存储数据(默认开启) node.data: true # 默认情况下,ElasticSearch使用0.0.0.0地址,并为http传输开启9200-9300端口,为节点到节点的通信开启9300-9400端口,也可以自行设置IP地址 network.host: 0.0.0.0 # publish_host设置其他节点连接此节点的地址,如果不设置的话,则自动获取,publish_host的地址必须为真实地址 network.publish_host: 192.168.1.240 # 该节点与其他节点交互的端口 transport.tcp.port: 29300 # Http传输监听端口 http.port: 29200 # 是否支持跨域,默认为false http.cors.enabled: true # 当设置允许跨域,默认为*,表示支持所有域名 http.cors.allow-origin: "*" # 跨域允许设置的头信息 http.cors.allow-headers: Authorization # 节点内部通信地址 9200 是默认端口 ,如有修改则补全端口号 discovery.zen.ping.unicast.hosts: ["192.168.1.240:29300","192.168.1.125:29300","192.168.1.141:29300"] discovery.zen.minimum_master_nodes: 2 discovery.zen.ping_timeout: 5s #cluster.initial_master_nodes: ["192.168.1.240:29300","192.168.1.125:29300","192.168.1.141:29300"] # 最大子查询个数 ,默认1024 目前系统是以相机为主要检索 如果超过 1024个相机 将会检索不到结果 indices.query.bool.max_clause_count: 10240 #es2 [root@wx-host-0030 config]# cat elasticsearch.yml # 集群名称 cluster.name: qz-escluster # 集群初始化 选择该节点为主节点 master #cluster.initial_master_nodes : "es1" # 节点名称 node.name: es2 # 是否允许该节点参加master 选举 node.master: true # 允许该节点存储数据(默认开启) node.data: true # 默认情况下,ElasticSearch使用0.0.0.0地址,并为http传输开启9200-9300端口,为节点到节点的通信开启9300-9400端口,也可以自行设置IP地址 network.host: 0.0.0.0 # publish_host设置其他节点连接此节点的地址,如果不设置的话,则自动获取,publish_host的地址必须为真实地址 network.publish_host: 192.168.1.125 # 该节点与其他节点交互的端口 transport.tcp.port: 29300 # Http传输监听端口 http.port: 29200 # 是否支持跨域,默认为false http.cors.enabled: true # 当设置允许跨域,默认为*,表示支持所有域名 http.cors.allow-origin: "*" # 跨域允许设置的头信息 http.cors.allow-headers: Authorization # 节点内部通信地址 9200 是默认端口 ,如有修改则补全端口号 discovery.zen.ping.unicast.hosts: ["192.168.1.240:29300","192.168.1.125:29300","192.168.1.141:29300"] discovery.zen.minimum_master_nodes: 2 discovery.zen.ping_timeout: 5s # 最大子查询个数 ,默认1024 目前系统是以相机为主要检索 如果超过 1024个相机 将会检索不到结果 indices.query.bool.max_clause_count: 10240 #es3 [root@wx-host-0031 config]# cat elasticsearch.yml # 集群名称 cluster.name: qz-escluster # 集群初始化 选择该节点为主节点 master #cluster.initial_master_nodes : "es1" # 节点名称 node.name: es3 # 是否允许该节点参加master 选举 node.master: true # 允许该节点存储数据(默认开启) node.data: true # 默认情况下,ElasticSearch使用0.0.0.0地址,并为http传输开启9200-9300端口,为节点到节点的通信开启9300-9400端口,也可以自行设置IP地址 network.host: 0.0.0.0 # publish_host设置其他节点连接此节点的地址,如果不设置的话,则自动获取,publish_host的地址必须为真实地址 network.publish_host: 192.168.1.141 # 该节点与其他节点交互的端口 transport.tcp.port: 29300 # Http传输监听端口 http.port: 29200 # 是否支持跨域,默认为false http.cors.enabled: true # 当设置允许跨域,默认为*,表示支持所有域名 http.cors.allow-origin: "*" # 跨域允许设置的头信息 http.cors.allow-headers: Authorization # 节点内部通信地址 9200 是默认端口 ,如有修改则补全端口号 discovery.zen.ping.unicast.hosts: ["192.168.1.240:29300","192.168.1.125:29300","192.168.1.141:29300"] discovery.zen.minimum_master_nodes: 2 discovery.zen.ping_timeout: 5s # 最大子查询个数 ,默认1024 目前系统是以相机为主要检索 如果超过 1024个相机 将会检索不到结果 indices.query.bool.max_clause_count: 10240 4.docker-compose启动es #es1 [root@wx-host-0029 elastic]# cat docker-compose.yaml version: '3.9' services: es1: image: 192.168.1.1:8090/public/elastic:7.1.1 restart: always deploy: resources: limits: memory: '4G' reservations: memory: '3G' container_name: es1 environment: - TZ=Asia/Shanghai - ELASTIC_PASSWORD=ytx@1234 ulimits: memlock: soft: -1 hard: -1 nofile: soft: 65536 hard: 65536 volumes: - /etc/localtime:/etc/localtime:ro - /data/aibox-common/elastic/data:/usr/share/elasticsearch/data - /data/aibox-common/elastic/config:/usr/share/elasticsearch/config - /data/elasticsearch/log:/usr/share/elasticsearch/log ports: - 29200:29200 - 29300:29300 network_mode: "host" #es2 [root@wx-host-0030 elastic]# cat docker-compose.yaml version: '3.9' services: es2: image: 192.168.1.1:8090/public/elastic:7.1.1 restart: always deploy: resources: limits: memory: '4G' reservations: memory: '3G' container_name: es2 environment: - TZ=Asia/Shanghai - ELASTIC_PASSWORD=ytx@1234 ulimits: memlock: soft: -1 hard: -1 nofile: soft: 65536 hard: 65536 volumes: - /etc/localtime:/etc/localtime:ro - /data/aibox-common/elastic/data:/usr/share/elasticsearch/data - /data/aibox-common/elastic/config:/usr/share/elasticsearch/config - /data/elasticsearch/log:/usr/share/elasticsearch/log ports: - 29200:29200 - 29300:29300 network_mode: "host" #es3 [root@wx-host-0031 elastic]# cat docker-compose.yaml version: '3.9' services: es3: image: 192.168.1.1:8090/public/elastic:7.1.1 restart: always deploy: resources: limits: memory: '4G' reservations: memory: '3G' container_name: es3 environment: - TZ=Asia/Shanghai - ELASTIC_PASSWORD=ytx@1234 ulimits: memlock: soft: -1 hard: -1 nofile: soft: 65536 hard: 65536 volumes: - /etc/localtime:/etc/localtime:ro - /data/aibox-common/elastic/data:/usr/share/elasticsearch/data - /data/aibox-common/elastic/config:/usr/share/elasticsearch/config - /data/elasticsearch/log:/usr/share/elasticsearch/log ports: - 29200:29200 - 29300:29300 network_mode: "host" 5.证书创建
##(0)下载工具包
https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.8.6.tar.gz ##(1)创建证书 $ pwd /alidata1/admin/tools/elasticsearch-6.8.6 $ ./bin/elasticsearch-certutil ca --pem --out ca.zip --days 36500 -s ## 会生成ca.zip文件 $ unzip ca.zip $ openssl x509 -in ca/ca.crt -noout -dates ## 查看证书有效期 notBefore=Jun 9 02:15:46 2020 GMT notAfter=May 16 02:15:46 2120 GMT $ ./bin/elasticsearch-certutil cert --ca-cert ca/ca.crt --ca-key ca/ca.key --pem --name ks-es --out ks-es.zip --days 36500 -s ## 会生成ks-es.zip文件 $ unzip ks-es.zip $ openssl x509 -in ks-es/ks-es.crt -noout -dates ## 查看证书有效期 notBefore=Jun 9 02:24:27 2020 GMT notAfter=May 16 02:24:27 2120 GMT ##(2)将证书拷贝到对应目录 $ mkdir config/certs $ cp ca/* ks-es/* config/certs #(3)将新证书拷贝到集群所有机器 $ scp config/certs/* xxxx #(3)修改配置 ...
# ssl xpack.security.transport.ssl.enabled: true xpack.security.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.key: certs/ks-es.key xpack.security.transport.ssl.certificate: certs/ks-es.crt xpack.security.transport.ssl.certificate_authorities: certs/ca.crt 6.常用命令
(1)查看es节点个数
curl -XGET -uelastic:123456 "http://192.168.1.240:29200/_cat/nodes?v"
(2)查看es集群状态
curl -XGET -uelastic:123456 "http://192.168.1.240:29200/_cluster/health?pretty"