docker-elastic7.9.3集群搭建并开启用户验证

【一】docker es 7.9.3 集群搭建
1.1 首先准备3台机器，确认master 节点机器。
192.168.30.1 （master）
192.168.30.2
192.168.30.3
1.2 编写每个node 节点的 elasticsearch.yml
node1:
vim /data/elasticsearch/config/es1.yml

cluster.name: "docker-cluster"
network.host: 0.0.0.0
node.name: es-node-1
network.bind_host: 0.0.0.0
network.publish_host: 192.168.30.1
http.port: 9200
transport.tcp.port: 9300
http.cors.enabled: true
http.cors.allow-origin: "*"
#master 节点配置
node.master: true
node.data: true
#设置master节点,用户认证需要配置识别master
cluster.initial_master_nodes: ["es-node-1"]
discovery.zen.ping.unicast.hosts: ["192.168.30.1:9300","192.168.30.2:9300","192.168.30.3:9300"]
discovery.zen.minimum_master_nodes: 2
indices.query.bool.max_clause_count: 10240
#开启安全认证
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
#节点数分片最大数限制
cluster.max_shards_per_node: 100000
#集群证书配置
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12

node2:
vim /data/elasticsearch/config/es2.yml

cluster.name: "docker-cluster"
network.host: 0.0.0.0
node.name: es-node-1
network.bind_host: 0.0.0.0
network.publish_host: 192.168.30.2
http.port: 9200
transport.tcp.port: 9300
http.cors.enabled: true
http.cors.allow-origin: "*"
#从节点配置
node.master: false
node.data: true
discovery.zen.ping.unicast.hosts: ["192.168.30.1:9300","192.168.30.2:9300","192.168.30.3:9300"]
discovery.zen.minimum_master_nodes: 2
indices.query.bool.max_clause_count: 10240
#开启安全认证
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
#节点数分片最大数限制
cluster.max_shards_per_node: 100000
#集群证书配置
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12

node3:
vim /data/elasticsearch/config/es3.yml

cluster.name: "docker-cluster"
network.host: 0.0.0.0
node.name: es-node-1
network.bind_host: 0.0.0.0
network.publish_host: 192.168.30.3
http.port: 9200
transport.tcp.port: 9300
http.cors.enabled: true
http.cors.allow-origin: "*"
#从节点配置
node.master: false
node.data: true
discovery.zen.ping.unicast.hosts: ["192.168.30.1:9300","192.168.30.2:9300","192.168.30.3:9300"]
discovery.zen.minimum_master_nodes: 2
indices.query.bool.max_clause_count: 10240
#开启安全认证
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
#节点数分片最大数限制
cluster.max_shards_per_node: 100000
#集群证书配置
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12

1.3 调整node 主机 vm.max_map_count
vm.max_map_count文件包含限制一个进程可以拥有的VMA(虚拟内存区域)的数量
vim /etc/sysctl.conf

vm.max_map_count = 655360

sysctl -p
1.5 启动es 集群
node1 :

 docker run -d --name elastic -p 9200:9200 -p 9300:9300 -v /data/elasticsearch/config/es1.yml:/usr/share/elasticsearch/config/elasticsearch.yml  -v /etc/localtime:/etc/localtime elasticsearch:7.9.3

node2 :

 docker run -d --name elastic -p 9200:9200 -p 9300:9300 -v /data/elasticsearch/config/es1.yml:/usr/share/elasticsearch/config/elasticsearch.yml  -v /etc/localtime:/etc/localtime elasticsearch:7.9.3

node3 :

 docker run -d --name elastic -p 9200:9200 -p 9300:9300 -v /data/elasticsearch/config/es3.yml:/usr/share/elasticsearch/config/elasticsearch.yml  -v /etc/localtime:/etc/localtime elasticsearch:7.9.3

【二】开启集群用户验证
2.1 进入容器内部，在master 节点即node1 节点，生成ca 证书
docker exec -it elastic bash

#建立证书夹路径
mkidr /usr/share/elasticsearch/config/certs/ 
cd /usr/share/elasticsearch/config/certs/ 
#证书生成，可以跳过配置密码，默认直接回车下一行生成证书
./bin/elasticsearch-certutil ca
bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

elastic-certificates.p12
elastic-stack-ca.p12
将配置的证书夹certs拷贝，并同步至其他node 节点上，重启elastic即可
为了避免权限问题，记得赋权。
chown -R elasticsearch ./*
2.2 master 节点配置登录密码
docker exec -it elastic bash

#需要6次密码认证，按照提示进行即可
./bin/elasticsearch-setup-passwords interactive

重启master节点docker，验证即可。

curl -X GET '127.0.0.1:9200/' --user elastic:passwad