多节点 docker 部署 elastic 集群

参考

Install Elasticsearch with Docker
Images

环境

docker

# docker version
Client: Docker Engine - Community
 Version:           24.0.7
 API version:       1.43
 Go version:        go1.20.10
 Git commit:        afdd53b
 Built:             Thu Oct 26 09:08:01 2023
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          24.0.7
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.20.10
  Git commit:       311b9ff
  Built:            Thu Oct 26 09:08:01 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.26
  GitCommit:        3dd1e886e55dd695541fdcd67420c2888645a495
 runc:
  Version:          1.1.10
  GitCommit:        v1.1.10-0-g18a0cb0
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
# docker compose version
Docker Compose version v2.21.0

images

image tag
docker.elastic.co/kibana/kibana 8.11.2-amd64
docker.elastic.co/elasticsearch/elasticsearch 8.11.2-amd64

环境

node role MountPoint
172.22.175.110 es01
kibana
/opt/data/es01
/opt/data/kibana
172.22.175.111 es02 /opt/data/es02
172.22.175.112 es03 /opt/data/es03
  • /etc/hosts
127.0.0.1 localhost
172.22.175.110 es01
172.22.175.111 es02
172.22.175.112 es03
  • sysctl
# echo "vm.max_map_count=262144" >>/etc/sysctl.conf
# sysctl -p

部署

es01

  • 挂载目录准备
# mkdir -p /opt/data/{es01,kibana}
### container 中使用非 root 运行的 es 和 kibana, 他们账户的 id 是 1000
# chown -R 1000:1000 /opt/data/{es01,kibana}
  • .env
# Password for the 'elastic' user (at least 6 characters)
ELASTIC_PASSWORD=1qazXSW@

# Password for the 'kibana_system' user (at least 6 characters)
KIBANA_PASSWORD=1qazXSW@

# Version of Elastic products
STACK_VERSION=8.11.2-amd64

# Set the cluster name
CLUSTER_NAME=bj-es-docker

# Set to 'basic' or 'trial' to automatically start the 30-day trial
LICENSE=basic
#LICENSE=trial

# Port to expose Elasticsearch HTTP API to the host
ES_PORT=9200
#ES_PORT=127.0.0.1:9200

# Port to expose Kibana to the host
KIBANA_PORT=5601
#KIBANA_PORT=80

# Increase or decrease based on the available host memory (in bytes)
MEM_LIMIT=17179869184

# Project namespace (defaults to the current folder name if not set)
#COMPOSE_PROJECT_NAME=myproject

  • docker-compose.yaml
version: "3"

services:
  setup:
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    volumes:
      - ./certs:/usr/share/elasticsearch/config/certs
    user: "0"
    command: >
      bash -c '
        if [ x${ELASTIC_PASSWORD} == x ]; then
          echo "Set the ELASTIC_PASSWORD environment variable in the .env file";
          exit 1;
        elif [ x${KIBANA_PASSWORD} == x ]; then
          echo "Set the KIBANA_PASSWORD environment variable in the .env file";
          exit 1;
        fi;
        if [ ! -f config/certs/ca.zip ]; then
          echo "Creating CA";
          bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
          unzip config/certs/ca.zip -d config/certs;
        fi;
        if [ ! -f config/certs/certs.zip ]; then
          echo "Creating certs";
          echo -ne \
          "instances:\n"\
          "  - name: es01\n"\
          "    dns:\n"\
          "      - es01\n"\
          "    ip:\n"\
          "      - 172.22.175.110\n"\
          "  - name: es02\n"\
          "    dns:\n"\
          "      - es02\n"\
          "    ip:\n"\
          "      - 172.22.175.111\n"\
          "  - name: es03\n"\
          "    dns:\n"\
          "      - es03\n"\
          "    ip:\n"\
          "      - 172.22.175.112\n"\
          > config/certs/instances.yml;
          bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
          unzip config/certs/certs.zip -d config/certs;
        fi;
        echo "Setting file permissions"
        chown -R root:root config/certs;
        find . -type d -exec chmod 750 \{\} \;;
        find . -type f -exec chmod 640 \{\} \;;
        echo "Waiting for Elasticsearch availability";
        until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
        echo "Setting kibana_system password";
        until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;
        echo "All done!";
      '
    healthcheck:
      test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"]
      interval: 1s
      timeout: 5s
      retries: 120

  es01:
    depends_on:
      setup:
        condition: service_healthy
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    volumes:
      - ./certs:/usr/share/elasticsearch/config/certs
      - /opt/data/es01:/usr/share/elasticsearch/data
    environment:
      - node.name=es01
      - cluster.name=${CLUSTER_NAME}
      - cluster.initial_master_nodes=es01,es02,es03
      - discovery.seed_hosts=es02,es03
      - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
      - bootstrap.memory_lock=true
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=certs/es01/es01.key
      - xpack.security.http.ssl.certificate=certs/es01/es01.crt
      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.key=certs/es01/es01.key
      - xpack.security.transport.ssl.certificate=certs/es01/es01.crt
      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
    restart: always
    network_mode: host
    ulimits:
      memlock:
        soft: -1
        hard: -1
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s -k --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120

  kibana:
    depends_on:
      es01:
        condition: service_healthy
    image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
    volumes:
      - ./certs:/usr/share/kibana/config/certs
      - /opt/data/kibana:/usr/share/kibana/data
    environment:
      - SERVERNAME=kibana
      - ELASTICSEARCH_HOSTS=https://es01:9200
      - ELASTICSEARCH_USERNAME=kibana_system
      - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
      - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
    restart: always
    network_mode: host
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -k -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120
  • 启动
# docker compose up -d
[+] Running 4/4
 ✔ Network es_default     Created                                                                             0.2s
 ✔ Container es-setup-1   Healthy                                                                             0.4s
 ✔ Container es-es01-1    Healthy                                                                             0.1s
 ✔ Container es-kibana-1  Started                                                                             0.1s

  • 同步 certs 和 .env 到其他节点
# scp -r certs/ .env  es02:/opt/compose/es/
ca.crt                                                                                                                                                                                                100% 1200   899.3KB/s   00:00
ca.key                                                                                                                                                                                                100% 1675     1.4MB/s   00:00
certs.zip                                                                                                                                                                                             100% 7615     6.8MB/s   00:00
ca.zip                                                                                                                                                                                                100% 2515     2.5MB/s   00:00
es03.crt                                                                                                                                                                                              100% 1176     1.3MB/s   00:00
es03.key                                                                                                                                                                                              100% 1675     1.8MB/s   00:00
instances.yml                                                                                                                                                                                         100%  230   228.9KB/s   00:00
es01.crt                                                                                                                                                                                              100% 1176     1.2MB/s   00:00
es01.key                                                                                                                                                                                              100% 1675     1.7MB/s   00:00
es02.key                                                                                                                                                                                              100% 1675     1.2MB/s   00:00
es02.crt                                                                                                                                                                                              100% 1172     1.1MB/s   00:00
.env                                
# scp -r certs/ .env  es03:/opt/compose/es/
ca.crt                                                                                                                                                                                                100% 1200   197.9KB/s   00:00
ca.key                                                                                                                                                                                                100% 1675   849.8KB/s   00:00
certs.zip                                                                                                                                                                                             100% 7615     3.3MB/s   00:00
ca.zip                                                                                                                                                                                                100% 2515     1.5MB/s   00:00
es03.crt                                                                                                                                                                                              100% 1176   604.2KB/s   00:00
es03.key                                                                                                                                                                                              100% 1675   932.1KB/s   00:00
instances.yml                                                                                                                                                                                         100%  230   140.3KB/s   00:00
es01.crt                                                                                                                                                                                              100% 1176   652.2KB/s   00:00
es01.key                                                                                                                                                                                              100% 1675     1.2MB/s   00:00
es02.key                                                                                                                                                                                              100% 1675   672.5KB/s   00:00
es02.crt                                                                                                                                                                                              100% 1172   844.9KB/s   00:00
.env                          

es02

  • 挂载目录准备
# mkdir -p /opt/data/es02
# chown -R 1000:1000 /opt/data/es02
  • .env
    同 es01
  • docker-compose.yaml
version: '3'
services:
  es02:
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    volumes:
      - ./certs:/usr/share/elasticsearch/config/certs
      - /opt/data/es02/:/usr/share/elasticsearch/data
    environment:
      - node.name=es02
      - cluster.name=${CLUSTER_NAME}
      - cluster.initial_master_nodes=es01,es02,es03
      - discovery.seed_hosts=es01,es03
      - bootstrap.memory_lock=true
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=certs/es02/es02.key
      - xpack.security.http.ssl.certificate=certs/es02/es02.crt
      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.key=certs/es02/es02.key
      - xpack.security.transport.ssl.certificate=certs/es02/es02.crt
      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
    restart: always
    network_mode: host
    ulimits:
      memlock:
        soft: -1
        hard: -1
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s -k --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120

  • 启动
# docker compose up -d
[+] Running 1/1
 ✔ Container es-es02-1  Started    
### 等一会儿,等 health 变成 healthy
# docker compose ps
NAME        IMAGE                                                        COMMAND                                                        SERVICE   CREATED          STATUS                             PORTS
es-es02-1   docker.elastic.co/elasticsearch/elasticsearch:8.11.2-amd64   "/bin/tini -- /usr/local/bin/docker-entrypoint.sh eswrapper"   es02      12 seconds ago   Up 10 seconds (health: starting)
。。。
# docker compose ps
NAME        IMAGE                                                        COMMAND                                                        SERVICE   CREATED         STATUS                   PORTS
es-es02-1   docker.elastic.co/elasticsearch/elasticsearch:8.11.2-amd64   "/bin/tini -- /usr/local/bin/docker-entrypoint.sh eswrapper"   es02      3 minutes ago   Up 3 minutes (healthy)

es03

  • 挂载目录准备
# mkdir -p /opt/data/es03
# chown -R 1000:1000 /opt/data/es03
  • .env
    同 es01
  • docker-compose.yaml
version: '3'
services:
  es03:
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    volumes:
      - ./certs:/usr/share/elasticsearch/config/certs
      - /opt/data/es03:/usr/share/elasticsearch/data
    environment:
      - node.name=es03
      - cluster.name=${CLUSTER_NAME}
      - cluster.initial_master_nodes=es01,es02,es03
      - discovery.seed_hosts=es01,es02
      - bootstrap.memory_lock=true
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=certs/es03/es03.key
      - xpack.security.http.ssl.certificate=certs/es03/es03.crt
      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.key=certs/es03/es03.key
      - xpack.security.transport.ssl.certificate=certs/es03/es03.crt
      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
    restart: always
    network_mode: host
    ulimits:
      memlock:
        soft: -1
        hard: -1
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s -k --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120

  • 启动
s# docker compose up -d
[+] Running 1/1
 ✔ Container es-es03-1  Started   
### 等一会儿,等 health 变成 healthy
# docker compose ps
NAME        IMAGE                                                        COMMAND                                                        SERVICE   CREATED          STATUS                             PORTS
es-es03-1   docker.elastic.co/elasticsearch/elasticsearch:8.11.2-amd64   "/bin/tini -- /usr/local/bin/docker-entrypoint.sh eswrapper"   es03      12 seconds ago   Up 11 seconds (health: starting)
。。。
# docker compose ps
NAME        IMAGE                                                        COMMAND                                                        SERVICE   CREATED              STATUS                        PORTS
es-es03-1   docker.elastic.co/elasticsearch/elasticsearch:8.11.2-amd64   "/bin/tini -- /usr/local/bin/docker-entrypoint.sh eswrapper"   es03      About a minute ago   Up About a minute (healthy)

验证

# curl --user "elastic:1qazXSW@" -k https://172.22.175.110:9200/_cat/nodes?v
ip             heap.percent ram.percent cpu load_1m load_5m load_15m node.role   master name
172.22.175.111            6          67   1    0.31    0.83     0.54 cdfhilmrstw *      es02
172.22.175.112           10          65   2    1.58    0.80     0.31 cdfhilmrstw -      es03
172.22.175.110           12          90   2    0.67    0.82     0.88 cdfhilmrstw -      es01
# curl --user "elastic:1qazXSW@" -k https://172.22.175.110:9200/_cat/health?v
epoch      timestamp cluster      status node.total node.data shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent
1705029621 03:20:21  bj-es-docker green           3         3     61  30    0    0        0             0                  -                100.0%
### PS: kibana 也能通过浏览器访问和使用

总结

官网的例子是在 1 个节点上通过 docker-compose 跑起来的 3 个实例,不符合需求,故将官方的 docker-compose.yml 进行拆分加上适当的调整来满足需求;因犯懒癌,所以将网络都设置为 host 模式,避免网络问题去 troubleshooting 半天,从而运气不错,一次性搞定。

你可能感兴趣的:(elk,docker,容器,elk,运维,linux)