文章
文章用户商铺快讯网址导航

小知识:docker安装Elasticsearch7.6集群并设置密码

elasticsearch从6.8开始, 允许免费用户使用x-pack的安全功能, 以前安装es都是裸奔。接下来记录配置安全认证的方法。

为了简化物理安装过程,我们将使用docker安装我们的服务。

一些基础配置

es需要修改linux的一些参数。

设置vm.max_map_count=262144

?
1
2
sudo vim /etc/sysctl.conf
vm.max_map_count=262144

不重启, 直接生效当前的命令

?
1
sysctl -w vm.max_map_count=262144

es的data和logs目录需要给1000的用户授权, 我们假设安装3个实力的es集群,先创建对应的数据存储文件

?
1
2
3
4
5
6
7
8
9
mkdir -p es01/data
mkdir -p es01/logs
mkdir -p es02/data
mkdir -p es02/logs
mkdir -p es03/data
mkdir -p es03/logs
## es的用户id为1000,这里暂且授权给所有人好了
sudo chmod 777 es* -r

关于版本和docker镜像

elasticsearch分几种licenses,其中open source和basic是免费的, 而在6.8之后安全功能才开始集成在es的basic授权上。

%小知识:docker安装Elasticsearch7.6集群并设置密码-猿站网-插图

basic对应docker镜像为

?
1
docker pull docker.elastic.co/elasticsearch/elasticsearch:7.6.2

同时dockerhub同步为elasticsearch. 我们直接拉取elasticsearch:7.6.2就好。

开始

安装文件均放在github: https://github.com/ryan-miao/docker-china-source/tree/master/docker-elasticsearch

首先,创建docker-compose.yml

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
version: 2.2
services:
es01:
image: elasticsearch:7.6.2
container_name: es01
environment:
– node.name=es01
– cluster.name=es-docker-cluster
– discovery.seed_hosts=es02,es03
– cluster.initial_master_nodes=es01,es02,es03
– bootstrap.memory_lock=true
– “es_java_opts=-xms512m -xmx512m”
ulimits:
memlock:
soft: -1
hard: -1
volumes:
– ./es01/data:/usr/share/elasticsearch/data
– ./es01/logs:/usr/share/elasticsearch/logs
– ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
– ./elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
ports:
– 9200:9200
networks:
– elastic
es02:
image: elasticsearch:7.6.2
container_name: es02
environment:
– node.name=es02
– cluster.name=es-docker-cluster
– discovery.seed_hosts=es01,es03
– cluster.initial_master_nodes=es01,es02,es03
– bootstrap.memory_lock=true
– “es_java_opts=-xms512m -xmx512m”
ulimits:
memlock:
soft: -1
hard: -1
volumes:
– ./es02/data:/usr/share/elasticsearch/data
– ./es02/logs:/usr/share/elasticsearch/logs
– ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
– ./elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
ports:
– 9201:9200
networks:
– elastic
es03:
image: elasticsearch:7.6.2
container_name: es03
environment:
– node.name=es03
– cluster.name=es-docker-cluster
– discovery.seed_hosts=es01,es02
– cluster.initial_master_nodes=es01,es02,es03
– bootstrap.memory_lock=true
– “es_java_opts=-xms512m -xmx512m”
ulimits:
memlock:
soft: -1
hard: -1
volumes:
– ./es03/data:/usr/share/elasticsearch/data
– ./es03/logs:/usr/share/elasticsearch/logs
– ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
– ./elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
ports:
– 9202:9200
networks:
– elastic
kib01:
depends_on:
– es01
image: kibana:7.6.2
container_name: kib01
ports:
– 5601:5601
environment:
elasticsearch_url: http://es01:9200
elasticsearch_hosts: http://es01:9200
volumes:
– ./kibana.yml:/usr/share/kibana/config/kibana.yml
networks:
– elastic
networks:
elastic:
driver: bridge

关于elasticsearch.yml

内容如下

?
1
2
3
4
5
6
7
8
9
10
network.host: 0.0.0.0
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.keystore.type: pkcs12
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.type: pkcs12
xpack.security.audit.enabled: true
network.host 设置允许其他ip访问,解除ip绑定 xpack.security 则是安全相关配置,其中ssl的证书需要自己生成

关于证书elastic-certificates.p12

es提供了生成证书的工具elasticsearch-certutil,我们可以在docker实例中生成它,然后复制出来,后面统一使用。

首先运行es实例

?
1
sudo docker run -dit –name=es elasticsearch:7.6.2 /bin/bash

进入实例内部

?
1
sudo docker exec -it es /bin/bash

生成ca: elastic-stack-ca.p12

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
[root@25dee1848942 elasticsearch]# ./bin/elasticsearch-certutil ca
this tool assists you in the generation of x.509 certificates and certificate
signing requests for use with ssl/tls in the elastic stack.
the ca mode generates a new certificate authority
this will create a new x.509 certificate and private key that can be used
to sign certificate when running in cert mode.
use the ca-dn option if you wish to configure the distinguished name
of the certificate authority
by default the ca mode produces a single pkcs#12 output file which holds:
* the ca certificate
* the cas private key
if you elect to generate pem format certificates (the -pem option), then the output will
be a zip file containing individual files for the ca certificate and private key
please enter the desired output file [elastic-stack-ca.p12]:
enter password for elastic-stack-ca.p12 :

再生成cert: elastic-certificates.p12

?
1
2
3
4
5
[root@25dee1848942 elasticsearch]# ./bin/elasticsearch-certutil cert –ca elastic-stack-ca.p12
this tool assists you in the generation of x.509 certificates and certificate
signing requests for use with ssl/tls in the elastic stack.
the cert mode generates x.509 certificate and private keys.

这个生成elastic-certificates.p12 就是我们需要使用的。

复制出证书, ctrl+d退出容器内部

?
1
2
3
4
sudo docker cp es:/usr/share/elasticsearch/elastic-certificates.p12 .
# 关闭这个容器
sudo docker kill es
sudo docker rm es

如此获取了证书。

生成密码

我们首先要启动es集群,去里面生成密码。

?
1
sudo docker-compose up

然后进入其中一台

?
1
sudo docker exec -it es01 /bin/bash

生成密码用auto, 自己设置用 interactive

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
[root@cfeeab4bb0eb elasticsearch]# ./bin/elasticsearch-setup-passwords -h
sets the passwords for reserved users
commands
——–
auto – uses randomly generated passwords
interactive – uses passwords entered by a user
non-option arguments:
command      
option       description   
——       ———–   
-e <keyvaluepair> configure a setting
-h, –help     show help    
-s, –silent    show minimal output
-v, –verbose   show verbose output
[root@cfeeab4bb0eb elasticsearch]# ./bin/elasticsearch-setup-passwords auto
initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
the passwords will be randomly generated and printed to the console.
please confirm that you would like to continue [y/n]y
changed password for user apm_system
password apm_system = yxvzet9b2jedujyp66ws
changed password for user kibana
password kibana = 8nnthbj0n02idatghidu
changed password for user logstash_system
password logstash_system = 9nidge7ksv8sqidsk8dj
changed password for user beats_system
password beats_system = qeuvaf1vealpjhfeuojj
changed password for user remote_monitoring_user
password remote_monitoring_user = dtzcrckvtzsinrn3tw3d
changed password for user elastic
password elastic = q5f2qnfujqyvzpiz57mz

使用密码

浏览器访问localhost:9200/9201/9202 需要输入账号

输入对应的elastic/password就好

浏览器访问localhost:5601

%小知识:docker安装Elasticsearch7.6集群并设置密码-1猿站网-插图

忘记密码

如果生成后忘记密码了怎么办, 可以进入机器去修改。

进入es的机器

?
1
sudo docker exec -it es01 /bin/bash

创建一个临时的超级用户ryanmiao

?
1
2
3
4
5
6
./bin/elasticsearch-users useradd ryan -r superuser
enter new password:
error: invalid password…passwords must be at least [6] characters long
[root@cfeeab4bb0eb elasticsearch]# ./bin/elasticsearch-users useradd ryan -r superuser
enter new password:
retype new password:

用这个用户去修改elastic的密码:

?
1
2
3
4
curl -xput -u ryan:ryan123 http://localhost:9200/_xpack/security/user/elastic/_password -h “content-type: application/json” -d
{
“password”: “q5f2qnfujqyvzpiz57mz”
}

参考

http://codingfundas.com/setting-up-elasticsearch-6-8-with-kibana-and-x-pack-security-enabled/index.html

到此这篇关于docker安装elasticsearch7.6集群并设置密码的文章就介绍到这了,更多相关docker安装elasticsearch集群内容请搜索服务器之家以前的文章或继续浏览下面的相关文章希望大家以后多多支持服务器之家!

原文链接:https://www.cnblogs.com/woshimrf/p/docker-es7.html

声明: 猿站网有关资源均来自网络搜集与网友提供,任何涉及商业盈利目的的均不得使用,否则产生的一切后果将由您自己承担! 本平台资源仅供个人学习交流、测试使用 所有内容请在下载后24小时内删除,制止非法恶意传播,不对任何下载或转载者造成的危害负任何法律责任!也请大家支持、购置正版! 。本站一律禁止以任何方式发布或转载任何违法的相关信息访客发现请向站长举报,会员发帖仅代表会员个人观点,并不代表本站赞同其观点和对其真实性负责。本网站的资源部分来源于网络,如有侵权烦请发送邮件至:2697268773@qq.com进行处理。
esmaxvm
建站知识

小知识:Linux十个新手命令分享

2023-3-30 8:44:38

建站知识

小知识:VMware安装ubuntu 20.04操作系统的教程图解

2023-3-30 10:07:14

猜你喜欢
0 条回复 A文章作者 M管理员
    暂无讨论,说说你的看法吧
个人中心
购物车
优惠劵
今日签到
有新私信 私信列表
搜索

  • 扫码打开当前页

返回顶部