开发 Docker ES Linux 离线部署Docker、Elasticsearch 莫已诺 2024-05-16 2024-06-04 软件版本
Docker: 26.1.2
Docker Compose: 2.27.0
Elasticsearch: 8.13.4
Kibana: 8.13.4
Docker下载地址: https://download.docker.com/linux/static/stable/x86_64/docker-26.1.2.tgz https://github.com/docker/compose/releases (根据系统下载对应的版本)
部署 Docker 服务器准备
1 2 3 4 5 6 7 8 # 查看防火墙状态 systemctl status firewalld.service # 关闭防火墙 systemctl stop firewalld.service # 设置开机不启动 systemctl disable firewalld.service # 查看是否成功 systemctl is-enabled firewalld.service
设置 vim /etc/security/limits.conf
1 2 3 4 5 * soft nofile 65536 * hard nofile 65536 * soft nproc 131072 * hard nproc 131072
重启 reboot 后查看
查看 ulimit -Sn 、 ulimit -Hn
开启IP转发
查看是否开启 cat /proc/sys/net/ipv4/ip_forward,如果该值为0则需要配置其开启
临时开启IP转发: 要临时开启IP转发,可以运行以下命令:
1 sysctl -w net.ipv4.ip_forward=1
永久开启IP转发: 要永久开启IP转发,你需要编辑/etc/sysctl.conf文件。打开文件并添加或确保以下行存在:
1 2 echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf sysctl -p
在docker 部署后 外网死活无法访问到容器映射的服务,后面排查了半天才发现这个问题。
解压安装包 1 2 tar -zxvf docker-26.1.2.tgz cp docker/* /usr/bin/
新建docker.service 1 vim /etc/systemd/system/docker.service
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 [Unit] Description =Docker Application Container Engine Documentation =https://docs.docker.com After=network-on line.target firewalld.service Wants =network-on line.target[Service] Type =notify ExecStart =/usr/bin/dockerdExecReload =/bin/kill -s HUP $MAINPID LimitNOFILE =infinityLimitNPROC =infinity TimeoutStartSec =0 Delegate =yes KillMode =process Restart =on -failureStartLimitBurst =3 StartLimitInterval =60 s[Install] WantedBy =multi-user.target
docker.service 文件是用于管理Docker守护进程(即Docker服务)的Systemd单元配置。它的作用在于定义服务启动、停止和重启的规则,使得Systemd能有效地控制Docker。编写这个文件是为了自定义Docker的行为,以适应系统环境或特定需求。开启服务 :sudo systemctl start docker关闭服务 :sudo systemctl stop docker重启服务 :sudo systemctl restart docker检查服务状态 :sudo systemctl status docker
启动docker 1 2 3 chmod +x /etc/systemd/system/docker.service systemctl daemon-reload systemctl enable docker.service systemctl start docker
安装docker-compose 1 2 3 4 5 mv docker-compose-linux-x86_64 docker-compose cp docker-compose /usr/local/bin/ sudo chmod +x /usr/local/bin/docker-compose sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose docker-compose --version
导出本地镜像 导入服务器上 从Windows环境导出镜像
指令: docker save -o <保存路径>/<镜像名>_<版本>.tar <镜像名>:<版本>
1 2 docker save -o E:\Docker\APP\ES\image\elasticsearch_8.13.4.tar docker.elastic.co/elasticsearch/elasticsearch:8.13.4 docker save -o E:\Docker\APP\ES\image\kibana_8.13.4.tar docker.elastic.co/kibana/kibana:8.13.4
上述命令将会把Elasticsearch 8.13.4版和Kibana 8.13.4版的镜像分别保存为elasticsearch_8.13.4.tar和kibana_8.13.4.tar文件,存放于指定的Windows路径下。
1 2 docker load -i /data/docker/ES/image/elasticsearch_8.13.4.tar docker load -i /data/docker/ES/image/kibana_8.13.4.tar
部署Elasticsearch 创建目录 1 2 mkdir -p /data/docker/ES mkdir -p /data/docker/ES/data
创建Dockers-Compose文件 cd /data/docker/ES
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 version: "3" services: setup: image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} volumes: - /data/docker/ES/data/certs:/usr/share/elasticsearch/config/certs user: "0" command: > bash -c ' if [ x${ELASTIC_PASSWORD} == x ]; then echo "Set the ELASTIC_PASSWORD environment variable in the .env file"; exit 1; elif [ x${KIBANA_PASSWORD} == x ]; then echo "Set the KIBANA_PASSWORD environment variable in the .env file"; exit 1; fi; if [ ! -f config/certs/ca.zip ]; then echo "Creating CA"; bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip; unzip config/certs/ca.zip -d config/certs; fi; if [ ! -f config/certs/certs.zip ]; then echo "Creating certs"; echo -ne \ "instances:\n"\ " - name: es01\n"\ " dns:\n"\ " - es01\n"\ " - localhost\n"\ " ip:\n"\ " - 127.0.0.1\n"\ > config/certs/instances.yml; bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key; unzip config/certs/certs.zip -d config/certs; fi; echo "Setting file permissions" chown -R root:root config/certs; find . -type d -exec chmod 750 \{\} \;; find . -type f -exec chmod 640 \{\} \;; echo "Waiting for Elasticsearch availability"; until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done; echo "Setting kibana_system password"; until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done; echo "All done!"; ' healthcheck: test: ["CMD-SHELL" , "[ -f config/certs/es01/es01.crt ]" ] interval: 1s timeout: 5s retries: 120 es01: depends_on: setup: condition: service_healthy image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} volumes: - /data/docker/ES/data/certs:/usr/share/elasticsearch/config/certs - /data/docker/ES/data/esdata01:/usr/share/elasticsearch/data ports: - ${ES_PORT}:9200 environment: - node.name=es01 - cluster.name=${CLUSTER_NAME} - ELASTIC_PASSWORD=${ELASTIC_PASSWORD} - cluster.initial_master_nodes=es01 - discovery.seed_hosts=es01 - bootstrap.memory_lock=true - xpack.security.enabled=true - xpack.security.http.ssl.enabled=true - xpack.security.http.ssl.key=certs/es01/es01.key - xpack.security.http.ssl.certificate=certs/es01/es01.crt - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt - xpack.security.http.ssl.verification_mode=certificate - xpack.security.transport.ssl.enabled=true - xpack.security.transport.ssl.key=certs/es01/es01.key - xpack.security.transport.ssl.certificate=certs/es01/es01.crt - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt - xpack.security.transport.ssl.verification_mode=certificate - xpack.license.self_generated.type=${LICENSE} mem_limit: ${MEM_LIMIT} ulimits: memlock: soft: -1 hard: -1 healthcheck: test: [ "CMD-SHELL" , "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'" , ] interval: 10s timeout: 10s retries: 120 kibana: depends_on: es01: condition: service_healthy image: docker.elastic.co/kibana/kibana:${STACK_VERSION} volumes: - /data/docker/ES/data/certs:/usr/share/kibana/config/certs - /data/docker/ES/data/kibanadata:/usr/share/kibana/data ports: - ${KIBANA_PORT}:5601 environment: - SERVERNAME=kibana - ELASTICSEARCH_HOSTS=https://es01:9200 - ELASTICSEARCH_USERNAME=kibana_system - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD} - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt - I18N_LOCALE=zh-CN mem_limit: ${MEM_LIMIT} healthcheck: test: [ "CMD-SHELL" , "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'" , ] interval: 10s timeout: 10s retries: 120 volumes: certs: driver: local esdata01: driver: local kibanadata: driver: local
创建 .env文件 在docker-compose.yml同级目录下创建.env文件,并添加以下内容:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 # elastic账号的密码 (至少六个字符) ELASTIC_PASSWORD=123456 # kibana_system账号的密码 (至少六个字符),该账号仅用于一些kibana的内部设置,不能用来查询es KIBANA_PASSWORD=abcdef # es和kibana的版本 STACK_VERSION=8.13.4 # 集群名字 CLUSTER_NAME=docker-cluster # x-pack安全设置,这里选择basic,基础设置,如果选择了trail,则会在30天后到期 LICENSE=basic # LICENSE=trial # es映射到宿主机的的端口 ES_PORT=9200 # kibana映射到宿主机的的端口 KIBANA_PORT=5601 # es容器的内存大小,请根据自己硬件情况调整 MEM_LIMT=1073741824 # 命名空间,会体现在容器名的前缀上 COMPOSE_PROJECT_NAME=es
启动命令 首次启动建议去掉-d, 此为后台启动,第一次启动肯定会遇到各种各样的问题,建议先在控制台打印成功的标志后,再使用-d在后台启动
FAQ:
出现 "error.message":"failed to obtain node locks, tried [/usr/share/elasticsearch/data]; maybe these locations are not writable or multiple nodes were started on the same data path?" ?
修改挂载盘的权限 chmod -R 777 /data/docker/ES/data
验证 访问自己的域名,端口5601,如果自己设置了端口映射,根据自己的设置的进行调整
