docker+es8+kibana单机及集群安装

安装过程遇到很多坑，涉及云服务器连接、配置等，这里把过程记录一下。

1.es 及 kibana的版本最好一致

es: 
    docker pull docker.elastic.co/elasticsearch/elasticsearch:8.11.3

kibana: 
    docker pull docker.elastic.co/elasticsearch/elasticsearch:8.11.3

2.放开防火墙9200,9300端口，如果是云服务器集群搭建，记得设置服务器之间安全组放开这两个端口，否则会出现无法加入集群的情况。

3.创建docker网络，如果是集群搭建，记得每个机器上都要执行

docker network create es-net

4.首先创建临时节点，后续集群以此为基础。

4.1创建es配置目录

mkdir -p /usr/local/docker/elasticsearch

4.2创建临时es节点，拷贝配置到指定目录

docker run -d --name es -e "ES_JAVA_OPTS=-Xms512m -Xmx512m" -e "discovery.type=single-node" -p 9200:9200 -p 9300:9300 docker.elastic.co/elasticsearch/elasticsearch:8.11.3

4.3拷贝临时es节点配置

docker cp -a es:/usr/share/elasticsearch/config/ /usr/local/docker/elasticsearch/config
docker cp -a es:/usr/share/elasticsearch/data/ /usr/local/docker/elasticsearch/data
docker cp -a es:/usr/share/elasticsearch/logs/ /usr/local/docker/elasticsearch/logs
docker cp -a es:/usr/share/elasticsearch/plugins/ /usr/local/docker/elasticsearch/plugins

前面是es节点中的地址，后面是服务器上的地址。拷贝完成后删除临时节点。

docker stop es
docker rm es

4.4修改es配置

cd /usr/local/docker/elasticsearch/config
vim elasticsearch.yml

elasticsearch.yml配置如下：

#集群搭建可参考，单机搭建只需要修改原文件的xpack.security.http.ssl为false
#集群搭建注意cluster.name保持一致
cluster.name: "es-cluster"
network.host: 0.0.0.0
node.name: es-node1
#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically      
# generated to configure Elasticsearch security features on 18-09-2024 06:43:10
#
# --------------------------------------------------------------------------------

#当前机器ip地址
network.publish_host: 111.333.355.337
# 集群节点配置，注意逗号后有空格
discovery.seed_hosts: ["121.123.125.337:9300", "121.133.232.333:9300", "111.122.222.122:9300"]
# 主节点候选，注意逗号后有空格
cluster.initial_master_nodes: ["es-node1", "es-node2", "es-node3"]

# Enable security features
xpack.security.enabled: true

xpack.security.enrollment.enabled: true

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
#单机搭建只需要把这里修改成false，否则需要https访问es
xpack.security.http.ssl:
  enabled: false
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
#----------------------- END SECURITY AUTO CONFIGURATION -------------------------

5.启动es

5.1.1单机搭建启动es

docker run -d --name es-node1 -e "ES_JAVA_OPTS=-Xms2048m -Xmx2048m" -e "discovery.type=single-node" -v /usr/local/docker/elasticsearch/config/:/usr/share/elasticsearch/config -v /usr/local/docker/elasticsearch/data:/usr/share/elasticsearch/data -v /usr/local/docker/elasticsearch/logs:/usr/share/elasticsearch/logs -v /usr/local/docker/elasticsearch/plugins:/usr/share/elasticsearch/plugins --privileged --network es-net -p 9200:9200 -p 9300:9300 docker.elastic.co/elasticsearch/elasticsearch:8.11.3

5.2.1集群启动方式

注意需要删除data文件夹中的数据，否则无法加入集群

cd /usr/local/docker/elasticsearch/data
rm -rf *
cd /usr/local/docker/elasticsearch/logs
rm -rf *

创建es容器

docker run -d --name es-node1   -e "ES_JAVA_OPTS=-Xms2048m -Xmx2048m"    -v /usr/local/docker/elasticsearch/config/:/usr/share/elasticsearch/config -v /usr/local/docker/elasticsearch/data:/usr/share/elasticsearch/data  -v /usr/local/docker/elasticsearch/logs:/usr/share/elasticsearch/logs   -v /usr/local/docker/elasticsearch/plugins:/usr/share/elasticsearch/plugins   --privileged    --network es-net    -p 9200:9200     -p 9300:9300 docker.elastic.co/elasticsearch/elasticsearch:8.11.3

6.添加es用户密码

进入es容器
docker exec -it es-node1 /bin/bash
添加kibana用户
./bin/elasticsearch-users useradd kibana_login
./bin/elasticsearch-users roles -a kibana_system kibana_login
添加es访问用户
./bin/elasticsearch-users useradd es_login
./bin/elasticsearch-users roles -a superuser es_login

如果es启动错误，可以用docker logs -f es查看日志，如果错误是：
max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

则需要编辑/etc/sysctl.conf
vim /etc/sysctl.conf
添加一行：
vm.max_map_count = 262144

保存，执行
sysctl -p

7.运行kibana容器

7.1创建kibana配置目录

mkdir /usr/local/docker/elasticsearch/kibana

7.2运行临时kibana容器，拷贝配置到服务器

docker run -d --name kibana -p 5601:5601  docker.elastic.co/kibana/kibana:8.11.3

docker cp -a kibana:/usr/share/kibana/config/ /usr/local/docker/elasticsearch/kibana

拷贝后删除
docker stop kibana

docker rm kibana

7.3修改kibana配置

--单机

#
# ** THIS IS AN AUTO-GENERATED FILE **
#

# Default Kibana configuration for docker target
server.host: "0.0.0.0"
server.shutdownTimeout: "5s"
elasticsearch.hosts: [ "http://elasticsearch:9200" ]
# es登录账号
elasticsearch.username: kibana_login
# es登录密码
elasticsearch.password: 123456
# 关闭浏览器端配置
xpack.screenshotting.browser.chromium.disableSandbox: true

monitoring.ui.container.elasticsearch.enabled: true

--集群

#
# ** THIS IS AN AUTO-GENERATED FILE **
#

# Default Kibana configuration for docker target
server.host: "0.0.0.0"
server.shutdownTimeout: "5s"
monitoring.ui.container.elasticsearch.enabled: true
# 汉化
i18n.locale: zh-CN
#云服务器注意，kibana与es这台机器的ip需要用内网地址，否则kibana无法启动
elasticsearch.hosts: ['http://112.111.81.111:9200', 'http://111.111.231.111:9200', 'http://111.131.211.111:9200']
elasticsearch.username: kibana_login
elasticsearch.password: 2T1111111%AH6

7.4启动kibana容器

docker run -d --name kibana  -v /usr/local/docker/elasticsearch/kibana/config:/usr/share/kibana/config --network=es-net -p 5601:5601  docker.elastic.co/kibana/kibana:8.11.3

docker + es + kibana单机搭建到此结束。

集群环境可重复上面集群搭建步骤，只是有一点需要注意，新机器的/usr/local/docker/elasticsearch/data文件夹里的配置需要用第一个机器的/usr/local/docker/elasticsearch/data中的文件完全覆盖，否则可能无法加入集群，出现集群uuid不一致的情况。