1、启动好es
2、进入es容器
docker exec -it es /bin/bash
3、生成ca证书
./bin/elasticsearch-certutil ca
注:两个红方框位置直接回车
4、生成cert证书
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
注:前两个红框直接回车,第三个红框可以直接回车,也可以输入证书密码
5、查看证书
ls
6、拷贝es容器的证书
-
# 进入es的config文件夹
-
# 拷贝容器证书
-
docker cp es:/usr/share/elasticsearch/elastic-certificates.p12 ./
-
# 授权证书
-
chmod 777 elastic-certificates.p12
7、添加配置文档
vi elasticsearch.yml
network.host: 0.0.0.0
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.keystore.type: PKCS12
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.type: PKCS12xpack.security.audit.enabled: true
8、修改docker-compose.yml文件
services:es:image: harbor-operation.maas.com.cn/library/elasticsearch:8.6.0container_name: esenvironment:- bootstrap.memory_lock=true- xpack.security.enabled=true- "ES_JAVA_OPTS=-Xms512m -Xmx512m"ulimits:memlock:soft: -1hard: -1volumes:- ./config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml- ./data:/usr/share/elasticsearch/data- ./log:/usr/share/elasticsearch/log- ./plugins:/usr/share/elasticsearch/plugins- /home/clouduser/cxb/efk/config/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12- /home/clouduser/cxb/efk/config/elastic-stack-ca.p12:/usr/share/elasticsearch/config/elastic-stack-ca.p12ports:- "9200:9200"- "9300:9300"networks:- docker-common-netnetworks:docker-common-net:external: true9、重启es容器
# docker-compose关闭es容器
docker-compose down
# docker-compose开启es容器
docker-compose up -d
10、设置账号密码
# 进入es容器
docker exec -it es /bin/bash
# 设置密码(账号默认为 elastic)
./bin/elasticsearch-setup-passwords interactive
11、创建新用户
因为es 不允许使用elastic用户登录kibana,所以这里需要创建一个自定义用户。
进入es容器,docker exec -it es bash,执行bin/elasticsearch-users useradd test
添加了用户,并需要给这个用户添加角色不然会报错
角色授权
bin/elasticsearch-users roles -a superuser test
bin/elasticsearch-users roles -a kibana_system test
12、ip+9200 验证
使用默认账户elastic登录或者使用自定义的账号登录
13、遇到的问题
ERROR: Elasticsearch did not exit normally - check the logs at /usr/share/elasticsearch/logs/docker-cluster.log
max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
es | bootstrap check failure [2] of [2]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured
上面的问题解决方案就是14,配置对应的yml解决
14、配套能启动es的yml
elasticsearch.yml
http.host: 0.0.0.0xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.keystore.type: PKCS12
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.type: PKCS12xpack.security.audit.enabled: true证书
15、kibana
services:kibana:image: harbor-operation.maas.com.cn/library/kibana:8.6.0restart: alwayscontainer_name: kibanaenvironment:- TZ=Asia/Shanghaivolumes:- ./kibana.yml:/usr/share/kibana/config/kibana.ymlports:- "5601:5601"networks:- docker-common-netnetworks:docker-common-net:external: truekibana.yml
i18n.locale: zh-CN
server.host: "0.0.0.0"
server.shutdownTimeout: "5s"
elasticsearch.hosts: [ "http://es:9200" ]
elasticsearch.username: "root"
elasticsearch.password: "123456"验证,输入上面的账号密码,登录成功。
![[cg] 使用snapgragon 对UE5.3抓帧](https://i-blog.csdnimg.cn/direct/387924ffc839478bb6e5968cf2aaf1e8.png)
