elasticsearch6.8版本docker部署配置xpack认证
1、docker-compose.yml
这里的volume挂载中config的挂载挂载方式:
先#注释掉config的挂载,然后启动es,将config整个目录copy到宿主机的config目录中,修改文件权限。然后去掉注释,重新启动就可以成功挂载
version: '3' services: elasticsearch6_n0: image: elasticsearch:6.8.10 container_name: elasticsearch6_n0 privileged: true environment: - cluster.name=elasticsearch6-cluster - node.name=node0 - node.master=true - node.data=true - bootstrap.memory_lock=true - http.cors.enabled=true - http.cors.allow-origin=* - "ES_JAVA_OPTS=-Xms6g -Xmx6g" - "discovery.zen.ping.unicast.hosts=elasticsearch6_n0,elasticsearch6_n1,elasticsearch6_n2" - "discovery.zen.minimum_master_nodes=2" ulimits: memlock: soft: -1 hard: -1 volumes: - ./data/node0:/usr/share/elasticsearch/data - ./logs/node0:/usr/share/elasticsearch/logs - ./config:/usr/share/elasticsearch/config ports: - 9200:9200 networks: - esnet elasticsearch6_n1: image: elasticsearch:6.8.10 container_name: elasticsearch6_n1 privileged: true environment: - cluster.name=elasticsearch6-cluster - node.name=node1 - node.master=true - node.data=true - bootstrap.memory_lock=true - http.cors.enabled=true - http.cors.allow-origin=* - "ES_JAVA_OPTS=-Xms6g -Xmx6g" - "discovery.zen.ping.unicast.hosts=elasticsearch6_n0,elasticsearch6_n1,elasticsearch6_n2" - "discovery.zen.minimum_master_nodes=2" ulimits: memlock: soft: -1 hard: -1 volumes: - ./data/node1:/usr/share/elasticsearch/data - ./logs/node1:/usr/share/elasticsearch/logs - ./config:/usr/share/elasticsearch/config ports: - 9201:9200 networks: - esnet elasticsearch6_n2: image: elasticsearch:6.8.10 container_name: elasticsearch6_n2 privileged: true environment: - cluster.name=elasticsearch6-cluster - node.name=node1 - node.master=true - node.data=true - bootstrap.memory_lock=true - http.cors.enabled=true - http.cors.allow-origin=* - "ES_JAVA_OPTS=-Xms6g -Xmx6g" - "discovery.zen.ping.unicast.hosts=elasticsearch6_n0,elasticsearch6_n1,elasticsearch6_n2" - "discovery.zen.minimum_master_nodes=2" ulimits: memlock: soft: -1 hard: -1 volumes: - ./data/node2:/usr/share/elasticsearch/data - ./logs/node2:/usr/share/elasticsearch/logs - ./config:/usr/share/elasticsearch/config ports: - 9202:9200 networks: - esnet kibana: image: kibana:6.8.10 container_name: kibana6 environment: - ELASTICSEARCH_HOSTS=http://elasticsearch6_n0:9200 volumes: - ./kibana/config:/usr/share/kibana/config ports: - 5602:5601 networks: - esnet networks: esnet: driver: bridge
2、elasticsearch.yml
cluster.name: "docker-cluster" network.host: 0.0.0.0 xpack.security.transport.ssl.keystore.type: PKCS12 xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.type: PKCS12 xpack.security.audit.enabled: true xpack.security.enabled: true xpack.security.transport.ssl.enabled: true
3、kibana.yml
# # ** THIS IS AN AUTO-GENERATED FILE ** # # Default Kibana configuration for docker target server.name: kibana server.host: "0" elasticsearch.hosts: [ "http://elasticsearch:9200" ] xpack.monitoring.ui.container.elasticsearch.enabled: true elasticsearch.username: "kibana" elasticsearch.password: "xxxxxxxx" #输入你自己的密码
4、生成ca证书
docker-compose启动docker
docker exec进入其中一个节点容器之后
执行./bin/elasticsearch-certutil ca命令生成ca证书: elastic-stack-ca.p12
执行./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12生成cert: elastic-certificates.p12
通过docker cp将elastic-certificates.p12拷贝到容器外挂载的config目录,用于认证
5、重启es集群然后设置密码
docker-compose重启docker
./bin/elasticsearch-setup-passwords interactive命令进行密码设置
至此完成设置,此时打开kibana,可看到需要输入用户名密码,建议用elastic用户登录
