其他分享
首页 > 其他分享> > Rancher搭建ES容器集群

Rancher搭建ES容器集群

作者:互联网

ES集群效果

     

     检查集群状况

     

  

 集群搭建步骤

FROM 192.168.30.113/library/java:latest
ENV TZ=Asia/Shanghai
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo '$TZ' > /etc/timezone
COPY elasticsearch  /elasticsearch
RUN adduser elasticsearch
RUN chown -R elasticsearch:elasticsearch /elasticsearch
ENTRYPOINT ["/bin/bash","/elasticsearch/bin/start-escluster.sh"]
Dockerfile
#!/bin/bash

#change es config
ordinal=`env | grep podname | cut -d"=" -f2 | cut -d"-" -f2`
hostip=`env | grep hostip | cut -d"=" -f2`
seed_hosts=`env | grep seed_hosts | cut -d"=" -f2`
let severid=$ordinal+1
let hport=9700+$ordinal
let tport=9800+$ordinal
#sed -i "s/network.publish_host:.*/network.publish_host: $hostip/g" /elasticsearch/config/elasticsearch.yml
sed -i "s/discovery.seed_hosts:.*/discovery.seed_hosts: $seed_hosts/g" /elasticsearch/config/elasticsearch.yml
if [ $ordinal -eq 0 ];
then
   sed -i "s/node.data:.*/node.data: false/g" /elasticsearch/config/elasticsearch.yml
else
   sed -i "s/node.name:.*/node.name: node$severid/g" /elasticsearch/config/elasticsearch.yml
   #sed -i "s/http.port:.*/http.port: $hport/g" /elasticsearch/config/elasticsearch.yml
   #sed -i "s/transport.tcp.port:.*/transport.tcp.port: $tport/g" /elasticsearch/config/elasticsearch.yml
   sed -i "s/node.data:.*/node.data: true/g" /elasticsearch/config/elasticsearch.yml
fi

# start es cluster
echo "start es cluster........"
su - elasticsearch -c /elasticsearch/bin/elasticsearch
start-escluster.sh

   

     启动pod的时候传递根据需要创建pod的数量传递对应的环境变量参数

   

   把master的pod映射到主机进行访问

       1.创建一个DNS记录

       

       

        2.通过主机浏览器访问ES集群

         

ES集群证书生成

      1.添加卷映射

       

 

     2.生成证书和密码

            ./elasticsearch-certutil cert --ip 192.168.30.106 --out /elasticsearch/config/certs/elastic-stack-ca.zip --pem

           ./elasticsearch-setup-passwords interactive --batch --url https://192.168.30.106:39200

           

 

      3.修改elastic的配置yml文件,添加certs证书认证

cluster.name: "taishi-escluster"
node.name: node1
network.host: 0.0.0.0
http.port: 9200
transport.tcp.port: 9300
bootstrap.memory_lock: false
cluster.initial_master_nodes: [ "node1" ]
http.cors.enabled: true
http.cors.allow-origin: "*"
node.master: true
node.data: false
discovery.seed_hosts: ["127.0.0.1:9300"]
xpack.license.self_generated.type: basic
xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /elasticsearch/config/certs/instance/instance.key
xpack.security.http.ssl.certificate: /elasticsearch/config/certs/instance/instance.crt
xpack.security.http.ssl.certificate_authorities: /elasticsearch/config/certs/ca/ca.crt
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /elasticsearch/config/certs/instance/instance.key
xpack.security.transport.ssl.certificate: /elasticsearch/config/certs/instance/instance.crt
xpack.security.transport.ssl.certificate_authorities: /elasticsearch/config/certs/ca/ca.crt
elasticsearch.yml

      4.验证https登录es

      

 

    5.集群https访问成功

      

标签:node,xpack,elasticsearch,Rancher,集群,security,config,yml,ES
来源: https://www.cnblogs.com/yxh168/p/14376291.html