-
docker-compose deploy 高可用 elasticsearch TLS
1.sysctl
[root@github es_tls]# cat /etc/sysctl.conf # sysctl settings are defined through files in # /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/. # # Vendors settings live in /usr/lib/sysctl.d/. # To override a whole file, create a new file with the same in # /etc/sysctl.d/ and put new settings there. To override # only specific settings, add a file with a lexically later # name in /etc/sysctl.d/ and put new settings there. # # For more information, see sysctl.conf(5) and sysctl.d(5). net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.netfilter.nf_conntrack_max = 262144 net.nf_conntrack_max = 262144 fs.aio-max-nr = 1065535 kernel.pid_max = 600000 net.ipv4.tcp_max_syn_backlog = 30000 net.core.somaxconn = 65535 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_timestamps = 1 net.ipv4.ip_forward = 1 net.ipv4.ip_local_reserved_ports = 30000-32767 net.ipv4.ip_local_port_range = 1024 65000 net.core.netdev_max_backlog = 300000 net.ipv4.tcp_rmem = 4096 87380 134217728 net.ipv4.tcp_wmem = 4096 87380 134217728 net.ipv4.tcp_sack = 0 net.ipv4.tcp_fin_timeout = 20 net.ipv6.conf.default.forwarding = 1 net.ipv6.conf.all.forwarding = 1 net.ipv6.route.max_size = 2147483647 net.ipv6.conf.all.accept_redirects = 0 net.ipv6.conf.default.accept_redirects = 0 vm.swappiness = 0 vm.max_map_count = 262144 fs.inotify.max_user_watches=1048576- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
2. swap
swapoff -a- 1
3. hosts
echo "10.253.219.1 es01 es02 es03 kib01" >> /etc/hosts- 1
4. 配置 instances.yaml
$ vim instances.yaml instances: - name: es01 dns: - es01 ip: - 10.253.219.1 - name: es02 dns: - es02 ip: - 10.253.219.1 - name: es03 dns: - es03 ip: - 10.253.219.1 - name: 'kib01' dns: - kib01 ip: - 10.253.219.1 $ cat .env COMPOSE_PROJECT_NAME=es CERTS_DIR=/usr/share/elasticsearch/config/certificates VERSION=7.17.6 $ mkdir -p /usr/share/elasticsearch/config/certificates- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
5. 创建证书
$ sudo docker-compose -f create-certs.yml run --rm create_certs [+] Creating 1/0 ✔ Volume "es_certs" Created 0.0s Archive: /certs/bundle.zip creating: /certs/ca/ inflating: /certs/ca/ca.crt creating: /certs/es01/ inflating: /certs/es01/es01.crt inflating: /certs/es01/es01.key creating: /certs/es02/ inflating: /certs/es02/es02.crt inflating: /certs/es02/es02.key creating: /certs/es03/ inflating: /certs/es03/es03.crt inflating: /certs/es03/es03.key creating: /certs/kib01/ inflating: /certs/kib01/kib01.crt inflating: /certs/kib01/kib01.key $ sudo docker volume ls|grep es local es_certs $ sudo ls /apps/data/docker/volumes/es_certs/_data bundle.zip ca es01 es02 es03 kib01- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
6. 部署
$ sudo docker-compose up -d [+] Running 7/7 ✔ Volume "es_data03" Created 0.0s ✔ Volume "es_data01" Created 0.0s ✔ Volume "es_data02" Created 0.0s ✔ Container es02 Started 10.8s ✔ Container es01 Healthy 43.9s ✔ Container es03 Started 10.8s ✔ Container kib01 Started 40.6s $ sudo docker-compose ps NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS es01 docker.elastic.co/elasticsearch/elasticsearch:7.17.6 "/bin/tini -- /usr/l…" es01 53 seconds ago Up 42 seconds (healthy) 0.0.0.0:9200->9200/tcp, 9300/tcp es02 docker.elastic.co/elasticsearch/elasticsearch:7.17.6 "/bin/tini -- /usr/l…" es02 53 seconds ago Up 42 seconds 9200/tcp, 9300/tcp es03 docker.elastic.co/elasticsearch/elasticsearch:7.17.6 "/bin/tini -- /usr/l…" es03 53 seconds ago Up 42 seconds 9200/tcp, 9300/tcp kib01 docker.elastic.co/kibana/kibana:7.17.6 "/bin/tini -- /usr/l…" kib01 46 seconds ago Up 6 seconds 0.0.0.0:5601->5601/tcp $ sudo docker exec es01 /bin/bash -c "bin/elasticsearch-setup-passwords auto --batch --url https://es01:9200" Changed password for user apm_system PASSWORD apm_system = 6Je1ftTgEv7DrFzhNMDf Changed password for user kibana_system PASSWORD kibana_system = ZYbQBQXHHPYJvq6r2RVM Changed password for user kibana PASSWORD kibana = ZYbQBQXHHPYJvq6r2RVM Changed password for user logstash_system PASSWORD logstash_system = e7a3mdoDvEstm74ym4SK Changed password for user beats_system PASSWORD beats_system = SkNQ624TS29y5EAD9bXP Changed password for user remote_monitoring_user PASSWORD remote_monitoring_user = D965EMle8bVNHh17dl2K Changed password for user elastic PASSWORD elastic = fQkkGPlAaQld61gRr8GK- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
测试
$ sudo curl --cacert /apps/data/docker/volumes/es_certs/_data/ca/ca.crt -u elastic:fQkkGPlAaQld61gRr8GK https://10.253.219.1:9200/_cat/nodes?v ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name 172.22.0.2 6 76 19 19.73 19.07 19.65 cdfhilmrstw - es01 172.22.0.4 14 76 19 19.73 19.07 19.65 cdfhilmrstw - es02 172.22.0.3 12 76 19 19.73 19.07 19.65 cdfhilmrstw * es03- 1
- 2
- 3
- 4
- 5
- 6
7. 修改 kibanna 密码
修改
docker-compose.yaml...... ELASTICSEARCH_PASSWORD: ZYbQBQXHHPYJvq6r2RVM .....- 1
- 2
- 3
重启
$ sudo docker-compose stop [+] Stopping 4/4 ✔ Container es02 Stopped 1.8s ✔ Container kib01 Stopped 2.0s ✔ Container es03 Stopped 1.8s ✔ Container es01 Stopped $ sudo docker-compose up -d [+] Running 4/4 ✔ Container es03 Started 6.6s ✔ Container es01 Healthy 38.1s ✔ Container es02 Started 6.6s ✔ Container kib01 Started $ sudo docker-compose ps NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS es01 docker.elastic.co/elasticsearch/elasticsearch:7.17.6 "/bin/tini -- /usr/l…" es01 About an hour ago Up About a minute (healthy) 0.0.0.0:9200->9200/tcp, 9300/tcp es02 docker.elastic.co/elasticsearch/elasticsearch:7.17.6 "/bin/tini -- /usr/l…" es02 About an hour ago Up About a minute 9200/tcp, 9300/tcp es03 docker.elastic.co/elasticsearch/elasticsearch:7.17.6 "/bin/tini -- /usr/l…" es03 About an hour ago Up About a minute 9200/tcp, 9300/tcp kib01 docker.elastic.co/kibana/kibana:7.17.6 "/bin/tini -- /usr/l…" kib01 About a minute ago Up 30 seconds 0.0.0.0:5601->5601/tcp- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
sudo curl --cacert /apps/data/docker/volumes/es_certs/_data/ca/ca.crt -u kibana_system:ZYbQBQXHHPYJvq6r2RVM https://10.253.219.1:5601- 1
8. 清理
docker-compose stop docker-compose rm- 1
- 2
清理容器卷
$ sudo cat /etc/systemd/system/docker.service.d/docker-options.conf [Service] Environment="DOCKER_OPTS= --insecure-registry=0.0.0.0/0 --data-root=/apps/data/docker --log-opt max-size=50m --log-opt max-file=5 --live-restore=true --pidfile=/apps/run/docker/docker.pid --iptables=true" $ sudo ls /apps/data/docker/volumes/es_certs/_data/ bundle.zip ca es01 es02 es03 kib01 $ sudo docker volume ls|grep es local es_certs local es_data01 local es_data02 local es_data03 sudo docker volume rm es_certs sudo docker volume rm es_data01 sudo docker volume rm es_data02 sudo docker volume rm es_data03 $ sudo ls /apps/data/docker/volumes/es_certs/_data/ ls: cannot access /apps/data/docker/volumes/es_certs/_data/: No such file or directory- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
参考:
-
相关阅读:
基于SSM技术的医院在线预约诊疗系统设计与实现 毕业设计-附源码011130
dojo中的类
RK3568-drm框架
XML概念
过滤器的说明》
使用Docker创建并运行一个create-react-app应用(超简单)
深入理解Spring Boot Controller层的作用与搭建过程
软件测试——用例篇
数据结构和算法:分治
More effective C++:条款3.绝对不要以多态方式处理数组及条款4:非必要不提供default construcor
- 原文地址:https://blog.csdn.net/xixihahalelehehe/article/details/132764490
