# Docker Compose+Dockerfile搭建elasticsearch7.8.0与kibana ### 环境介绍 - Ubuntu-20.04 LTS - elasticsearch-7.8.0 - kibana-7.8.0 - Docker version 23.0.0 - Docker Compose version v2.15.1 ### 安装之前 修改`vm.max_map_count`, 打开配置文件 ```sh vim /etc/sysctl.conf ``` 最后添加`vm.max_map_count=655360` ### 编写配置 >`/data/elasticsearch/`: elasticsearch数据和配置文件文件夹 > >`/data/kibana/`: kibana数据和配置文件文件夹 > >`/data/dockers/`: docker-compose配置文件文件夹 #### 1.创建elasticsearch数据文件夹与配置文件 创建文件夹 ```sh mkdir -p /data/elasticsearch/data mkdir -p /data/elasticsearch/logs mkdir -p /data/elasticsearch/config mkdir -p /data/elasticsearch/plugins ``` 编写`elasticsearch`配置文件 ```sh vim /data/elasticsearch/config/elasticsearch.yml ``` 配置内容如下: ```yml #cluster.name: my-application node.name: node-1 #node.attr.rack: r1 path.data: /usr/share/elasticsearch/data path.logs: /usr/share/elasticsearch/logs #bootstrap.memory_lock: true network.host: 0.0.0.0 http.port: 9200 #discovery.seed_hosts: ["host1", "host2"] cluster.initial_master_nodes: ["node-1"] #gateway.recover_after_nodes: 3 #action.destructive_requires_name: true http.cors.enabled: true http.cors.allow-origin: "*" http.cors.allow-headers: Authorization xpack.security.enabled: true xpack.security.transport.ssl.enabled: true xpack.security.audit.enabled: true xpack.license.self_generated.type: basic xpack.security.transport.ssl.keystore.type: PKCS12 xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.type: PKCS12 ``` #### 2.创建kibana数据文件夹与配置文件 创建文件夹 ```sh mkdir -p /data/kibana/config ``` 创建`kibana`配置文件 ```sh vim /data/kibana/config/kibana.yml ``` 配置内容如下: ```yml server.port: 5601 server.host: "0.0.0.0" elasticsearch.hosts: ["http://elasticsearch:9200"] elasticsearch.username: "elastic" elasticsearch.password: "w12345" # elastic用户密码,如果在网页中修改了,这里也要修改 i18n.locale: "zh-CN" ``` #### 3.创建docker-compose.yml和Dockerfile 创建文件夹 ```sh mkdir -p /data/dockers/elasticsearch cd /data/dockers/elasticsearch ``` 编写`docker-compose.yml` ```sh vim /data/dockers/elasticsearch/docker-compose.yml ``` 配置内容如下: ```yml version: '3' services: elasticsearch: image: elasticsearch build: context: . dockerfile: ES-Dockerfile container_name: elasticsearch restart: always volumes: - /data/elasticsearch/data:/usr/share/elasticsearch/data:rw - /data/elasticsearch/logs:/usr/share/elasticsearch/logs:rw - /data/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:rw - /data/elasticsearch/plugis:/usr/share/elasticsearch/plugis:rw environment: - "ES_JAVA_OPTS=-Xms1024m -Xmx1024m" hostname: elasticsearch ulimits: memlock: soft: -1 hard: -1 ports: - "9201:9200" networks: - esnet kibana: image: docker.io/kibana:7.8.0 container_name: kibana ports: - 5602:5601 volumes: - /data/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml:rw networks: - esnet networks: esnet: ``` 创建`ES-Dockerfile` ```sh vim /data/dockers/elasticsearch/ES-Dockerfile ``` 配置内容如下: ```sh FROM elasticsearch:7.8.0 USER elasticsearch #生成证书,密码可自己配置,与kibana.yml中一致 RUN bin/elasticsearch-certutil ca --out config/elastic-stack-ca.p12 --pass w12345 #生成证书,密码可自己配置,与kibana.yml中一致 RUN bin/elasticsearch-certutil cert --ca config/elastic-stack-ca.p12 --ca-pass w12345 --out config/elastic-certificates.p12 --pass w12345 #创建keystore RUN bin/elasticsearch-keystore create #将密码添加至keystore RUN sh -c '/bin/echo -e "w12345" | sh bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password' RUN sh -c '/bin/echo -e "w12345" | sh bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password' #文件赋权限 RUN chmod 777 /usr/share/elasticsearch/config/elastic-certificates.p12 RUN chmod 777 /usr/share/elasticsearch/config/elastic-stack-ca.p12 ``` ### 创建用户及授权 - 添加启动用户 添加用户`elasticsearch` ```sh adduser elasticsearch ``` 创建用户密码 ```sh passwd elasticsearch ``` 授权 ```sh cd /data/ chown -R elasticsearch elasticsearch cd dockers/ chown -R elasticsearch elasticsearch chmod 777 -R elasticsearch /data/ ``` - 将`elasticsearch`用户添加至`docker`用户组 加入`docker`用户组 ```sh usermod -G docker elasticsearch ``` 重启`docker`服务 ```sh systemctl restart docker ``` ### 启动容器 1. 切换用户 ```sh su elasticsearch ``` 2. 构建 ```sh cd /data/dockers/elasticsearch/ ``` ```sh docker compose build ``` 3. 启动 应先前台启动,查询是否有异常、报错 ```sh docker compose up ``` 再开一个窗口进入`elasticsearch docker`设置密码(docker容器): ```sh docker exec -it elasticsearch /bin/bash ``` 执行 ```sh ./bin/elasticsearch-setup-passwords interactive --verbose ``` 按提示信息输入密码`w12345` > 此处密码需与`kibana.yml`中相同。