环境准备

内核参数优化

1
echo "vm.max_map_count=655360" >> /etc/sysctl.conf && sysctl -p

环境说明

  • OS: CentOS Linux release 7.9.2009 (Core)
  • Docker: 20.10.12
  • Elasticsearch:8.4.1
  • Kibana: 8.3.3

运行 Elasticsearch

创建网络和运行容器

使用 Docker 安装 Elastic Stack 8.x 并开始使用

1
2
3
docker network create elastic
docker pull docker.elastic.co/elasticsearch/elasticsearch:8.4.1
docker run -d --net elastic -p 9200:9200 -p 9300:9300 docker.elastic.co/elasticsearch/elasticsearch:8.4.1

获取秘钥

从 Elasticsearch 8.0 开始,当第一次启动 Elasticsearch 时,安全功能被默认启用和配置,在启动时,Elasticsearch 8.0 会生成注册令牌,你可以用它来连接 Kibana 实例或在安全的 Elasticsearch 集群中注册其他节点,而无需生成安全证书或更新 YAML 配置文件。只需在启动新节点或 Kibana 实例时使用生成的注册令牌,Elastic Stack 就会为你处理所有安全配置。

在日志中查看秘钥相关信息

1
docker logs 86d458a59452

秘钥信息

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
------------------------------------------------------------------------------------------------------------

-> Elasticsearch security features have been automatically configured!
-> Authentication is enabled and cluster connections are encrypted.

->  Password for the elastic user (reset with `bin/elasticsearch-reset-password -u elastic`):
  u8XQQ7GfBJ2+3u1sdtqK

->  HTTP CA certificate SHA-256 fingerprint:
  a144fde302e1849152b849d34fae5ca5b902b12ade0be05b195747e76151b55e

->  Configure Kibana to use this cluster:

* Run Kibana and click the configuration link in the terminal when Kibana starts.
* Copy the following enrollment token and paste it into Kibana in your browser (valid for the next 30 minutes):
  eyJ2ZXIiOiI4LjQuMSIsImFkciI6WyIxNzIuMTguMC4yOjkyMDAiXSwiZmdyIjoiYTE0NGZkZTMwMmUxODQ5MTUyYjg0OWQzNGZhZTVjYTViOTAyYjEyYWRlMGJlMDViMTk1NzQ3ZTc2MTUxYjU1ZSIsImtleSI6IllVTkJSWU1CSUxXcGp5WVJSNlpwOmg4bFFRcV9IUVV5WUoyeVJNUGZKalEifQ==

-> Configure other nodes to join this cluster:

* Copy the following enrollment token and start new Elasticsearch nodes with `bin/elasticsearch --enrollment-token <token>` (valid for the next 30 minutes):
  eyJ2ZXIiOiI4LjQuMSIsImFkciI6WyIxNzIuMTguMC4yOjkyMDAiXSwiZmdyIjoiYTE0NGZkZTMwMmUxODQ5MTUyYjg0OWQzNGZhZTVjYTViOTAyYjEyYWRlMGJlMDViMTk1NzQ3ZTc2MTUxYjU1ZSIsImtleSI6IlkwTkJSWU1CSUxXcGp5WVJSNlpyOmVOdXozY29TUW5tS3FyMU9IOEk0X0EifQ==

  If you're running in Docker, copy the enrollment token and run:
  `docker run -e "ENROLLMENT_TOKEN=<token>" docker.elastic.co/elasticsearch/elasticsearch:8.4.1`

------------------------------------------------------------------------------------------------------------

运行 Kibana

要使用直观的 UI 分析、可视化和管理 Elasticsearch 数据,请安装 Kibana。

拉取镜像,运行kibana

1
2
docker pull kibana:8.4.1
docker run -d --net elastic -p 5601:5601 kibana:8.4.1

注意net 的名字要和elasticsearch一致。

当我们上面的命令成功运行后,我们可以看到如下的输出:

1
docker logs dc193006af2b

image-20220916161958062

访问kibana

访问kiana,输入上面elasticsearch 日志的令牌信息 “Configure Kibana to use this cluster:”

1
http://x.x.x.x:5601/?code=891150

image-20220916160904398

如果无法跳转登录界面,需要输入验证码,查看 kibana的日志

image-20220916160959953

![image-20220916161332524](/Users/serven/Library/Application Support/typora-user-images/image-20220916161332524.png)

输入Elasticsearch 日志看到的elastic信息

image-20220916162828315

image-20220916161545692

这样我们就成功地进入到 Kibana 界面了, 至此,我们已经成功地通过 docker 启动了 Elasticsearch 及 Kibana。