ES默认裸奔模式,还是设置个密码吧

设置VM空间

vi /etc/sysctl.conf

# 添加如下命令
vm.max_map_count=262144

sysctl - p

或者

sysctl  -w vm.max_map_count=262144

docker配置

docker-compose.yml

version: '2.2'
services:
  es01:
    image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_STACK_VERSION}
    container_name: es01
    environment:
      - node.name=es01
      - discovery.seed_hosts=es02
      - cluster.initial_master_nodes=es01,es02
      - cluster.name=docker-cluster
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - http.max_content_length=200mb 
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ./data/es01:/usr/share/elasticsearch/data
      - ./config/es01:/usr/share/elasticsearch/config
    ports:
      - 9200:9200
    networks:
      - esnet
  es02:
    image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_STACK_VERSION}
    container_name: es02
    environment:
      - node.name=es02
      - discovery.seed_hosts=es01
      - cluster.initial_master_nodes=es01,es02
      - cluster.name=docker-cluster
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - http.max_content_length=200mb 
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ./data/es02:/usr/share/elasticsearch/data
      - ./config/es02:/usr/share/elasticsearch/config
    networks:
      - esnet
 
  kibana:
    image: docker.elastic.co/kibana/kibana:${ELASTIC_STACK_VERSION}
    container_name: kibana
    ports: ['5601:5601']    
    networks: ['esnet']
    environment:
      - SERVER_NAME=kibana.localhost
      - ELASTICSEARCH_HOSTS=http://es01:9200
      - I18N_LOCALE=zh-CN
      - ELASTICSEARCH_USERNAME=elastic
      - ELASTICSEARCH_PASSWORD=qazWSXQwe
    depends_on: ['es01'] 
    # volumes:
    #   - ./kibana.yml:/usr/share/kibana/config/kibana.yml 
#volumes:
#  esdata01:
#    driver: local
#  esdata02:
#    driver: local
 
networks:
  esnet:

容器设置

进入容器

docker-compose  exec es01 sh

修改 elasticsearch.yml

cd config

新增如下配置

xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true

构建秘钥

进入bin路径

cd ./bin

./elasticsearch-certutil ca -out config/elastic-certificates.p12

复制到其他节点,建议先复制配置到宿主机，然后挂载

相关命令

宿主机下执行,需要和docker-compose.yml同级别

docker cp 容器1ID:/usr/share/elasticsearch/config .config/es01/
docker cp 容器2ID:/usr/share/elasticsearch/config .config/es02/

或者

docker-compose cp 容器1ID:/usr/share/elasticsearch/config .config/es01/
docker-compose cp 容器2ID:/usr/share/elasticsearch/config .config/es02/

docker-compose stop 
docker-compose up -d

设置密码

./elasticsearch-setup-passwords interactive

# 依次输入密码

重启验证

注意

修改 docker-compose.yml里kibana环境变量的用户名密码为上面设置的密码,否则无法启动

#停止
docker-compose stop 

#重新加载启动
docker-compose up -d

## 修改密码
curl -XPOST -u elastic "127.0.0.1:9200/_security/user/elastic/_password" -H 'Content-Type: application/json' -d'{"password" : "elastic123456"}'

# 验证登录
curl -u  elastic  http://localhost:9200/_security/_authenticat

#查看ES信息
curl -u  elastic  http://localhost:9200/