官网https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html
pull images
docker pull docker.elastic.co/elasticsearch/elasticsearch:8.3.3
1.Create a new docker network for Elasticsearch and Kibana
docker network create elastic
2.Start Elasticsearch in Docker. A password is generated for the elastic user and output to the terminal, plus an enrollment token for enrolling Kibana.
docker run -it --name es01 --net elastic -p 9200:9200 -p 9300:9300 -e ES_JAVA_OPTS="-Xms384m -Xmx384m" -v /opt/services/es/logs:/usr/share/elasticsearch/logs -v /opt/services/es/data:/usr/share/elasticsearch/data docker.elastic.co/elasticsearch/elasticsearch:8.3.3
退出时要 CTRL+P+Q 不要ctrl+c就会保持后台运行
有可能报错
bootstrap check failure [1] of [1]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
需修改
vi /etc/sysctl.conf
vm.max_map_count=262144
并执行命令
sysctl -p
还报错
Error opening log file ‘logs/gc.log’: Permission denied
执行cd /opt/services/es
chmod 777 -R ./logs
还报
maybe these locations are not writable or multiple nodes were started on the same data path?
chmod 777 -R ./data
3.Copy the generated password and enrollment token and save them in a secure location. These values are shown only when you start Elasticsearch for the first time.
If you need to reset the password for the elastic user or other built-in users, run the elasticsearch-reset-password tool. This tool is available in the Elasticsearch /bin directory of the Docker container. For example:
docker exec -it es01 /usr/share/elasticsearch/bin/elasticsearch-reset-password
4.Copy the http_ca.crt security certificate from your Docker container to your local machine.
docker cp es01:/usr/share/elasticsearch/config/certs/http_ca.crt /opt/services/es/
5.Open a new terminal and verify that you can connect to your Elasticsearch cluster by making an authenticated call, using the http_ca.crt file that you copied from your Docker container. Enter the password for the elastic user when prompted.
curl --cacert /opt/services/es/http_ca.crt -u elastic https://localhost:9200
创建API Key
除了账号密码,ES还提供了一种安全的访问方式:API Key,java应用持有es签发的API Key也能顺利发送指令到es,接下来咱们先生成API Key,再在应用中使用此API Key
上面咱们将自签证书从容器中复制出来了,现在在证书所在目录执行以下命令,注意参数expiration代表这个ApiKey的有效期,我这里随意设置为10天
curl -X POST "https://localhost:9200/_security/api_key?pretty" \
--cacert http_ca.crt \
-u elastic:123456 \
-H 'Content-Type: application/json' \
-d'
{
"name": "my-api-key-1000d",
"expiration": "1000d"
}
'
会收到以下响应,其中的encoded字段就是API Key
{
"id" : "2jVFgYIBH2sSqXqF4JAi",
"name" : "my-api-key-1000d",
"expiration" : 1746426216484,
"api_key" : "wFD-DvY5R1OYWDAXGpW87Q",
"encoded" : "MmpWRmdZSUJIMnNTcVhxRjRKQWk6d0ZELUR2WTVSMU9ZV0RBWEdwVzg3UQ=="
}
—es8现在用的少,要集成skywalking,而docker的skywalking现在还不支持es8,所以安装一下es7
https://www.elastic.co/guide/en/elasticsearch/reference/7.5/docker.html
docker pull elasticsearch:7.17.4
单节点运行
docker run -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" elasticsearch:7.17.4
docker run -it --name es701 --net elastic -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -e ES_JAVA_OPTS="-Xms384m -Xmx384m" -v /opt/services/es7/logs:/usr/share/elasticsearch/logs -v /opt/services/es7/data:/usr/share/elasticsearch/data elasticsearch:7.17.4