Shulou(Shulou.com)06/03 Report--

This article mainly introduces "what is the method of docker installing Elasticsearch7.6 cluster and setting password". In daily operation, I believe that many people have doubts about the method of installing Elasticsearch7.6 cluster and setting password in docker. Xiaobian consulted all kinds of materials and sorted out a simple and easy-to-use method of operation. I hope it will be helpful to answer the question of "what is the method of docker installing Elasticsearch7.6 cluster and setting password". Next, please follow the editor to study!

Catalogue

Some basic configurations

About versions and docker images

Start

About elasticsearch.yml

About Certificate elastic-certificates.p12

Generate password

Use password

Forget the password.

Elasticsearch, which allows free users to use the security features of X-Pack from 6.8, used to install es streaking. Next, record the method of configuring security authentication.

To simplify the physical installation process, we will install our service using docker.

Some basic configurations

Es needs to modify some parameters of linux.

Set up vm.max_map_count=262144

Sudo vim / etc/sysctl.confvm.max_map_count=262144

Do not restart, directly take effect of the current command

Sysctl-w vm.max_map_count=262144

The data and logs directories of es need to authorize 1000 users. We assume that three powerful es clusters are installed, and the corresponding data storage files are created first.

The user id of mkdir-p es01/datamkdir-p es01/logsmkdir-p es02/datamkdir-p es02/logsmkdir-p es03/datamkdir-p es03/logs## es is 1000, which is temporarily granted to everyone. Sudo chmod 777 es*-R is about version and docker image.

There are several types of licenses for Elasticsearch, of which Open Source and Basic are free, but security features are not integrated into es's Basic license until after 6.8.

The corresponding docker image of Basic is

Docker pull docker.elastic.co/elasticsearch/elasticsearch:7.6.2

At the same time, dockerhub synchronization is elasticsearch. Let's just pull the elasticsearch:7.6.2.

Start

First, create a docker-compose.yml

Version: '2.2'services: es01: image: elasticsearch:7.6.2 container_name: es01 environment:-node.name=es01-cluster.name=es-docker-cluster-discovery.seed_hosts=es02,es03-cluster.initial_master_nodes=es01,es02 Es03-bootstrap.memory_lock=true-"ES_JAVA_OPTS=-Xms512m-Xmx512m" ulimits: memlock: soft:-1 hard:-1 volumes: -. / es01/data:/usr/share/elasticsearch/data -. / es01/logs:/usr/share/elasticsearch/logs -. / elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml- . / elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12 ports:-9200 elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12 ports 9200 networks:-elastic es02: image: elasticsearch:7.6.2 container_name: es02 environment:-node.name=es02-cluster.name=es-docker-cluster-discovery.seed_hosts=es01 Es03-cluster.initial_master_nodes=es01,es02 Es03-bootstrap.memory_lock=true-"ES_JAVA_OPTS=-Xms512m-Xmx512m" ulimits: memlock: soft:-1 hard:-1 volumes: -. / es02/data:/usr/share/elasticsearch/data -. / es02/logs:/usr/share/elasticsearch/logs -. / elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml- . / elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12 ports:-9201 image 9200 networks:-elastic es03: image: elasticsearch:7.6.2 container_name: es03 environment:-node.name=es03-cluster.name=es-docker-cluster-discovery.seed_hosts=es01 Es02-cluster.initial_master_nodes=es01,es02 Es03-bootstrap.memory_lock=true-"ES_JAVA_OPTS=-Xms512m-Xmx512m" ulimits: memlock: soft:-1 hard:-1 volumes: -. / es03/data:/usr/share/elasticsearch/data -. / es03/logs:/usr/share/elasticsearch/logs -. / elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml- / elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12 ports:-9202 networks 9200 networks:-elastic kib01: depends_on:-es01 image: kibana:7.6.2 container_name: kib01 ports:-5601 networks: ELASTICSEARCH_URL: http://es01:9200 ELASTICSEARCH_HOSTS: http://es01:9200 volumes: -. / kibana.yml:/usr/share/kibana/config/kibana.yml networks:-elasticnetworks: elastic: driver: bridge about elasticsearch.yml

The contents are as follows

Network.host: 0.0.0.0xpack.security.enabled: truexpack.security.transport.ssl.enabled: truexpack.security.transport.ssl.keystore.type: PKCS12xpack.security.transport.ssl.verification_mode: certificatexpack.security.transport.ssl.keystore.path: elastic-certificates.p12xpack.security.transport.ssl.truststore.path: elastic-certificates.p12xpack.security.transport.ssl.truststore.type: PKCS12xpack.security.audit.enabled: true

Network.host setting allows other ip access, unbinding ip

Xpack.security is a security-related configuration, in which the certificate of ssl needs to be generated by itself

About Certificate elastic-certificates.p12

Es provides a tool for generating certificates, elasticsearch-certutil, which we can generate in an docker instance, then copy it, and then use it uniformly later.

First run the es instance

Sudo docker run-dit-- name=es elasticsearch:7.6.2 / bin/bash

Enter inside the instance

Sudo docker exec-it es / bin/bash

Generate ca: elastic-stack-ca.p12

[root@25dee1848942 elasticsearch] #. / bin/elasticsearch-certutil caThis tool assists you in the generation of X.509 certificates and certificatesigning requests for use with SSL/TLS in the Elastic stack.The 'ca' mode generates a new' certificate authority'This will create a new X.509 certificate and private key that can be usedto sign certificate when running in 'cert' mode.Use the' ca-dn' option if you wish to configure the 'distinguished name'of the certificate authorityBy default the' ca' mode produces a single PKCS#12 output file which holds: * The CA certificate * The CA's private keyIf you elect to generate PEM format certificates (the-pem option) Then the output willbe a zip file containing individual files for the CA certificate and private keyPlease enter the desired output file [elastic-stack-ca.p12]: Enter password for elastic-stack-ca.p12:

Regenerated into cert: elastic-certificates.p12

[root@25dee1848942 elasticsearch] #. / bin/elasticsearch-certutil cert-- ca elastic-stack-ca.p12This tool assists you in the generation of X.509 certificates and certificatesigning requests for use with SSL/TLS in the Elastic stack.The 'cert' mode generates X.509 certificate and private keys.

This generation elastic-certificates.p12 is exactly what we need to use.

Copy out the certificate, and ctrl+d exits inside the container

Sudo docker cp es:/usr/share/elasticsearch/elastic-certificates.p12. # close this container sudo docker kill essudo docker rm es

In this way, the certificate was obtained.

Generate password

First of all, we need to start the es cluster and go inside to generate the password.

Sudo docker-compose up

And then enter one of them.

Sudo docker exec-it es01 / bin/bash

Generate the password with auto, and set it with interactive by yourself.

[root@cfeeab4bb0eb elasticsearch] # / bin/elasticsearch-setup-passwords-hSets the passwords for reserved usersCommands-auto-Uses randomly generated passwordsinteractive-Uses passwords entered by a userNon-option arguments:command Option Description-E Configure a setting-h,-- help Show help-s -silent Show minimal output-v,-verbose Show verbose output [root@cfeeab4bb0eb elasticsearch] #. / bin/elasticsearch-setup-passwords autoInitiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system Remote_monitoring_user.The passwords will be randomly generated and printed to the console.Please confirm that you would like to continue [DtZCrCkVTZsinRn3tW3DChanged password for user elasticPASSWORD elastic N] yChanged password for user apm_systemPASSWORD apm_system = YxVzeT9B2jEDUjYp66WsChanged password for user kibanaPASSWORD kibana = 8NnThbj0N02iDaTGhidUChanged password for user logstash_systemPASSWORD logstash_system = 9nIDGe7KSV8SQidSk8DjChanged password for user beats_systemPASSWORD beats_system = qeuVaf1VEALpJHfEUOjJChanged password for user remote_monitoring_userPASSWORD remote_monitoring_user = DtZCrCkVTZsinRn3tW3DChanged password for user elasticPASSWORD elastic = q5f2qNfUJQyvZPIz57MZ use password

The browser needs to enter an account number to access localhost:9200/9201/9202

Just enter the corresponding elastic/password

Browsers access localhost:5601

Forget the password.

If you forget your password after generation, you can go to the machine to modify it.

Access to the es machine

Sudo docker exec-it es01 / bin/bash

Create a temporary superuser RyanMiao

. / bin/elasticsearch-users useradd ryan-r superuserEnter new password: ERROR: Invalid password...passwords must be at least [6] characters long [root@cfeeab4bb0eb elasticsearch] #. / bin/elasticsearch-users useradd ryan-r superuserEnter new password: Retype new password:

Use this user to change the elastic password:

Curl-XPUT-u ryan:ryan123 http://localhost:9200/_xpack/security/user/elastic/_password-H "Content-Type: application/json"-d'{"password": "q5f2qNfUJQyvZPIz57MZ"} 'this is the end of the study on "how docker installs the Elasticsearch7.6 cluster and sets the password", hoping to solve everyone's doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.