概述
- es/kibana 7.4.2
- enable security
- docker 19.x.y
requirment
#resource limits
/etc/security/limits.d/20-nproc.conf
#* soft nproc 4096
root soft nproc unlimited
#add es
* soft nproc 102400
* hard nproc 102400
* soft nofile 102400
* hard nofile 102400
* soft memlock unlimited
* hard memlock unlimited
#disable swap
swapoff -a
/etc/fstab
mount -a
#kernel
tee >/etc/sysctl.d/es.conf <<EOF
vm.max_map_count=262144
EOF
sysctl --system
#users
useradd -u 1000 elasticsearch
elasticsearh
#network
docker network create esnetwork --driver=bridge --subnet "10.10.0.0/16"
#lcoal data
mkdir -p /opt/es_single/es_data
#cat /opt/es_single/9200.yml
cluster.name: es-bang
node.name: es-single
network.host: 0.0.0.0
http.port: 9200
transport.port: 9300
discovery.type: single-node
#discovery.seed_hosts: [es01,es02,es03]
#cluster.initial_master_nodes: [es01,es02,es03]
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.monitoring.enabled: true
xpack.monitoring.collection.enabled: true
#start
chown -R elasticsearch: /opt/es_single //privileges
docker run -d --name es --network esnetwork --restart=unless-stopped
-p 9200:9200 -p 9300:9300
-v /opt/es_single/es_data:/usr/share/elasticsearch/data
-v /opt/es_single/9200.yml:/usr/share/elasticsearch/config/elasticsearch.yml
-e "ES_JAVA_OPTS=-Xms256m -Xmx256m" elasticsearch:7.4.2
#set passwd
docker exec -it es bash
elasticsearch-setup-passwords auto //y
#modify passwd
curl -XPOST -H 'Content-type: application/json' -u elastic:xxxx 'http://172.24.100.5:9200/_xpack/security/user/kibana/_password?pretty' -d '{
"password": "123456"}'
heap 请根据对应数据量做对应的调整
kibana
#start
docker run -d --name kibana --network esnetwork --restart=unless-stopped
-p 5601:5601
-e "ELASTICSEARCH_HOSTS=http://es:9200"
-e "ELASTICSEARCH_USERNAME=elastic" -e "ELASTICSEARCH_PASSWORD=xxxx" kibana:7.4.2
testing
http://ip:5601/