该步骤仅需要在任意一台服务器上执行一次
mkdir -p /usr/local/elasticsearch/config/certs # 运行容器 docker run -it --rm -v /usr/local/elasticsearch/config/certs:/usr/share/elasticsearch/config/certs elasticsearch:6.8.13 bash # 进入证书保存目录 cd config/certs elasticsearch-certutil ca # 有输入的地方直接回车即可 elasticsearch-certutil cert --ca elastic-stack-ca.p12 # 有输入的地方还是直接回车 # 退出容器 exit # 进入宿主机证书保存目录 cd /usr/local/elasticsearch/config/certs/ # 压缩生成的证书,这个证书需要同步给所有服务器 tar -zcvf certs.tar.gz *2、证书配置
mkdir -p /usr/local/elasticsearch/config/certs/ # 将第一步生成的certs.tar.gz上传到服务器/usr/local/elasticsearch/config/certs/目录下 tar -xvf certs.tar.gz3、准备配置文件elasticsearch.yml
配置文件需要修改
node.name: 节点名称,不同的节点使用不同的名称
discovery.zen.ping.unicast.hosts: 多个节点的ip列表
mkdir -p /usr/local/elasticsearch/config/ cat <4、启动镜像 docker run -d --name elasticsearch -v /usr/local/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml -v /usr/local/elasticsearch/config/certs:/usr/share/elasticsearch/config/certs -v /usr/local/elasticsearch/plugins:/usr/share/elasticsearch/plugins -v /usr/local/elasticsearch/data:/usr/share/elasticsearch/data -v /etc/localtime:/etc/localtime -e ES_JAVA_OPTS="-Xms1G -Xmx1G" --restart=always --net host elasticsearch:6.8.135、在需要部署的服务器上重复上面的步骤 6、配置密码ES_JAVA_OPTS="-Xms1G -Xmx1G" 配置elasticsearch的运行内存
登录任意一台服务器
docker exec -it elasticsearch bash elasticsearch-setup-passwords interactive # 按提示重复输入你需要设置的密码需要注意,集群添加认证后,java客户端连接时也需要配置证书
public class EsConfig { private String userPassword; private String clusterName; private String isCluster; private String host; private int port; @Bean public TransportClient transportClient() throws UnknownHostException { // 解决netty-transport版本冲突 System.setProperty("es.set.netty.runtime.available.processors", "false"); Settings.Builder builder = Settings.builder() .put("xpack.security.user", userPassword) .put("cluster.name", clusterName); // 如果连接的ES集群,需要添加的配置 if ("true".equals(isCluster)) { log.info("===> use ssl connection"); builder.put("xpack.security.transport.ssl.enabled", true) .put("xpack.security.transport.ssl.verification_mode", "certificate") .put("xpack.security.transport.ssl.keystore.path", "certs/elastic-certificates.p12") .put("xpack.security.transport.ssl.truststore.path", "certs/elastic-certificates.p12"); } return new PreBuiltXPackTransportClient(builder.build()) .addTransportAddress(new TransportAddress(InetAddress.getByName(host), port)); } }至此,es集群搭建就完成了
