一、环境准备

  • 系统:CentOS Linux release 7.9.2009 (Core)

  • docker:20.10.12

  • readonlyrest 插件: readonlyrest-1.43.0_es8.4.1

1、插件下载

下载地址:https://readonlyrest.com/download/

免费版本,可以指定你需要的版本,我这里选择的是最新 8.4.1,输入一个邮箱地址,点击GET IT NOW,就会收到一封邮件。

image-20220916111446804

选择Download 直接下载即可。

image-20220916111627059

2、文件准备

目录结构

1
2
3
4
5
6
7
[root@/data/elasticsearch]# tree
.
├── Dockerfile
├── readonlyrest-1.43.0_es8.4.1.zip
└── readonlyrest.yml

0 directories, 3 files

Dockerfile

1
2
3
4
5
6
FROM elasticsearch:8.4.1
 
COPY readonlyrest-1.43.0_es8.4.1.zip /plugins/readonlyrest-1.43.0_es8.4.1.zip
 
RUN sh -c 'echo -e "y" | /usr/share/elasticsearch/bin/elasticsearch-plugin install -b file:///plugins/readonlyrest-1.43.0_es8.4.1.zip'
COPY readonlyrest.yml /usr/share/elasticsearch/config/readonlyrest.yml

readonlyrest.yml

1
2
3
4
5
readonlyrest:
    access_control_rules:
    - name: "Require HTTP Basic Auth"
      type: allow
      auth_key: admin:elasticsearchPass

二、构建镜像

1
docker build -t elasticsearch:security-8.4.1 .

image-20220916112430748

三、部署Elasticsearch

参考官方文档:https://www.elastic.co/guide/en/elasticsearch/reference/7.12/docker.html

修改文件 /etc/sysctl.conf

增加一行

1
vm.max_map_count=262144

刷新参数

1
sysctl -p

启动Elasticsearch

1
2
3
4
5
6
docker run -d --name=elasticsearch \
  -p 9200:9200 -p 9300:9300 \
  -e "discovery.type=single-node" \
  -e "xpack.security.enabled=false" \
  -e "TZ=Asia/Shanghai" \
  elasticsearch:security-8.4.1

注意:启动时,一定要设置 xpack.security.enabled=false,否则启动会报错

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
uncaught exception in thread [main]
java.lang.IllegalArgumentException: Cannot have more than one plugin implementing a REST wrapper
    at org.elasticsearch.action.ActionModule.<init>(ActionModule.java:448)
    at org.elasticsearch.node.Node.<init>(Node.java:575)
    at org.elasticsearch.node.Node.<init>(Node.java:278)
    at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:217)
    at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:217)
    at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:397)
    at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159)
    at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150)
    at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:75)
    at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:116)
    at org.elasticsearch.cli.Command.main(Command.java:79)
    at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115)
    at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:81)
For complete error details, refer to the log at /usr/share/elasticsearch/logs/docker-cluster.log

持久化存储的文件夹

1
2
3
4
mkdir -p /data/elasticsearch/data
docker cp elasticsearch:/usr/share/elasticsearch/ /data/elasticsearch/data
chmod g+rwx -R /data/elasticsearch
chgrp 1000 -R /data/elasticsearch

注意:由于docker运行中的elasticsearch用户id是1000,所以这里也设置1000

删除elasticsearch

1
docker rm -f elasticsearch

挂载目录方式启动

1
2
3
4
5
6
7
8
docker run -d --name=elasticsearch \
  -p 9200:9200 -p 9300:9300 \
  -e "discovery.type=single-node" \
  -e "xpack.security.enabled=false" \
  -e "TZ=Asia/Shanghai" \
  -v /usr/share/elasticsearch:/data/elasticsearch/data \
  -e "ES_JAVA_OPTS=-Xms512m -Xmx512m" \
  elasticsearch:security-8.4.1

注意:关于ES_JAVA_OPTS参数,堆内存一般设置为内存的一半,请根据实际情况修改。

验证权限

不使用账号密码请求 API,请求失败

1
2
[root@centos7 ~]# curl 127.0.0.1:9200/_cat/nodes
{"error":{"root_cause":[{"reason":"forbidden","due_to":["OPERATION_NOT_ALLOWED"]}],"reason":"forbidden","due_to":["OPERATION_NOT_ALLOWED"],"status":401}}

使用账号密码请求 API,请求成功

1
2
[root@centos7 ~]# curl -u admin:Passw0rd 127.0.0.1:9200/_cat/nodes
172.17.0.2 20 93 0 0.00 0.01 0.05 cdfhilmrstw * f74fd2ea4785

补充知识点

Kibana 连接 Elasticsearch

1
2
3
4
5
6
7
8
docker run -d \
 --name kibana \
 --link elasticsearch:elasticsearch \
 -e "ELASTICSEARCH_USERNAME=admin" \
 -e "ELASTICSEARCH_PASSWORD=Passw0rd" \
 -e "TZ=Asia/Shanghai" \
 -p 5601:5601 \
 kibana:7.12.1