Docker installs Elasticsearch7.6 cluster and sets password

Starting from Elasticsearch 6.8, free users are allowed to use the security features of X-Pack. Previously, installing es was a naked process. Next, we will record how to configure security authentication.

To simplify the physical installation process, we will use docker to install our service.

Some basic configuration

es needs to modify some parameters of linux.

Set vm.max_map_count=262144

sudo vim /etc/sysctl.conf
vm.max_map_count=262144

Do not restart, directly take effect of the current command

sysctl -w vm.max_map_count=262144

The data and logs directories of es need to be authorized to 1000 users. We assume that three es clusters are installed and create the corresponding data storage files first.

mkdir -p es01/data
mkdir -p es01/logs
mkdir -p es02/data
mkdir -p es02/logs
mkdir -p es03/data
mkdir -p es03/logs

## es's user ID is 1000, so let's temporarily authorize it to everyone sudo chmod 777 es* -R

About versions and docker images

Elasticsearch has several licenses, of which Open Source and Basic are free. Security features were only integrated into the Basic license after version 6.8.

The corresponding docker image of Basic is

docker pull docker.elastic.co/elasticsearch/elasticsearch:7.6.2

At the same time, Dockerhub is synchronized to elasticsearch. We can directly pull elasticsearch:7.6.2 .

start

The installation files are all on GitHub: https://github.com/Ryan-Miao/docker-china-source/tree/master/docker-elasticsearch

First, create docker-compose.yml

version: '2.2'
services:
 es01:
  image: elasticsearch:7.6.2
  container_name: es01
  environment:
   - node.name=es01
   - cluster.name=es-docker-cluster
   - discovery.seed_hosts=es02,es03
   - cluster.initial_master_nodes=es01,es02,es03
   - bootstrap.memory_lock=true
   - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
  ulimits:
   memlock:
    soft: -1
    hard: -1
  volumes:
   - ./es01/data:/usr/share/elasticsearch/data
   - ./es01/logs:/usr/share/elasticsearch/logs
   - ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
   - ./elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
  ports:
   - 9200:9200
  networks:
   - elastic

 es02:
  image: elasticsearch:7.6.2
  container_name: es02
  environment:
   - node.name=es02
   - cluster.name=es-docker-cluster
   - discovery.seed_hosts=es01,es03
   - cluster.initial_master_nodes=es01,es02,es03
   - bootstrap.memory_lock=true
   - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
  ulimits:
   memlock:
    soft: -1
    hard: -1
  volumes:
   - ./es02/data:/usr/share/elasticsearch/data
   - ./es02/logs:/usr/share/elasticsearch/logs
   - ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
   - ./elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
  ports:
   - 9201:9200
  networks:
   - elastic

 es03:
  image: elasticsearch:7.6.2
  container_name: es03
  environment:
   - node.name=es03
   - cluster.name=es-docker-cluster
   - discovery.seed_hosts=es01,es02
   - cluster.initial_master_nodes=es01,es02,es03
   - bootstrap.memory_lock=true
   - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
  ulimits:
   memlock:
    soft: -1
    hard: -1
  volumes:
   - ./es03/data:/usr/share/elasticsearch/data
   - ./es03/logs:/usr/share/elasticsearch/logs
   - ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
   - ./elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
  ports:
   - 9202:9200
  networks:
   - elastic

 kib01:
  depends_on: 
   -es01
  image: kibana:7.6.2
  container_name: kib01
  ports:
   -5601:5601
  environment:
   ELASTICSEARCH_URL: http://es01:9200
   ELASTICSEARCH_HOSTS: http://es01:9200
  volumes:
   - ./kibana.yml:/usr/share/kibana/config/kibana.yml
  networks:
   - elastic

networks:
 elastic:
  driver: bridge

About elasticsearch.yml

The content is as follows

network.host: 0.0.0.0
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.keystore.type: PKCS12
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.type: PKCS12

xpack.security.audit.enabled: true

network.host setting allows other IPs to access and releases IP binding
xpack.security is a security-related configuration, in which the SSL certificate needs to be generated by yourself

About the certificate elastic-certificates.p12

es provides a tool for generating certificates elasticsearch-certutil , which we can generate in the docker instance, copy out, and use uniformly later.

First run the es instance

sudo docker run -dit --name=es elasticsearch:7.6.2 /bin/bash

Enter the instance

sudo docker exec -it es /bin/bash

Generate ca: elastic-stack-ca.p12

[root@25dee1848942 elasticsearch]# ./bin/elasticsearch-certutil ca
This tool assists you in the generation of X.509 certificates and certificate
signing requests for use with SSL/TLS in the Elastic stack.

The 'ca' mode generates a new 'certificate authority'
This will create a new X.509 certificate and private key that can be used
to sign certificate when running in 'cert' mode.

Use the 'ca-dn' option if you wish to configure the 'distinguished name'
of the certificate authority

By default the 'ca' mode produces a single PKCS#12 output file which holds:
  * The CA certificate
  * The CA's private key

If you elect to generate PEM format certificates (the -pem option), then the output will
be a zip file containing individual files for the CA certificate and private key

Please enter the desired output file [elastic-stack-ca.p12]: 
Enter password for elastic-stack-ca.p12 :

Regenerate cert: elastic-certificates.p12

[root@25dee1848942 elasticsearch]# ./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
This tool assists you in the generation of X.509 certificates and certificate
signing requests for use with SSL/TLS in the Elastic stack.

The 'cert' mode generates X.509 certificate and private keys.

The elastic-certificates.p12 generated is what we need to use.

Copy the certificate and press ctrl+d to exit the container.

sudo docker cp es:/usr/share/elasticsearch/elastic-certificates.p12 .
# Close this container sudo docker kill es
sudo docker rm es

The certificate is thus obtained.

Generate Password

We first need to start the es cluster and generate a password in it.

sudo docker-compose up

Then enter one of

sudo docker exec -it es01 /bin/bash

Use auto to generate passwords and interactive to set them yourself

[root@cfeeab4bb0eb elasticsearch]# ./bin/elasticsearch-setup-passwords -h
Sets the passwords for reserved users

Commands
--------
auto - Uses randomly generated passwords
interactive - Uses passwords entered by a user

Non-option arguments:
command       

Option Description    
------ -----------    
-E <KeyValuePair> Configure a setting
-h, --help Show help     
-s, --silent Show minimal output
-v, --verbose Show verbose output



[root@cfeeab4bb0eb elasticsearch]# ./bin/elasticsearch-setup-passwords auto
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
The passwords will be randomly generated and printed to the console.
Please confirm that you would like to continue [y/N]y


Changed password for user apm_system
PASSWORD apm_system = YxVzeT9B2jEDUjYp66Ws

Changed password for user kibana
PASSWORD kibana = 8NnThbj0N02iDaTGhidU

Changed password for user logstash_system
PASSWORD logstash_system = 9nIDGe7KSV8SQidSk8Dj

Changed password for user beats_system
PASSWORD beats_system = qeuVaf1VEALpJHfEUOjJ

Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = DtZCrCkVTZsinRn3tW3D

Changed password for user elastic
PASSWORD elastic = q5f2qNfUJQyvZPIz57MZ

Use password

The browser accesses localhost:9200/9201/9202 and needs to enter the account

Just enter the corresponding elastic/password

Browse to localhost:5601

forget the password

What if you forget the password after generating it? You can log into the machine to modify it.

Enter the es machine

sudo docker exec -it es01 /bin/bash

Create a temporary superuser RyanMiao

./bin/elasticsearch-users useradd ryan -r superuser
Enter new password: 
ERROR: Invalid password...passwords must be at least [6] characters long
[root@cfeeab4bb0eb elasticsearch]# ./bin/elasticsearch-users useradd ryan -r superuser
Enter new password: 
Retype new password:

Use this user to change the password of elastic:

curl -XPUT -u ryan:ryan123 http://localhost:9200/_xpack/security/user/elastic/_password -H "Content-Type: application/json" -d '
{
 "password": "q5f2qNfUJQyvZPIz57MZ"
}'

refer to

http://codingfundas.com/setting-up-elasticsearch-6-8-with-kibana-and-x-pack-security-enabled/index.html

This is the end of this article about installing Elasticsearch 7.6 cluster with docker and setting passwords. For more information about installing Elasticsearch cluster with docker, please search for previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope you will support 123WORDPRESS.COM in the future!

You may also be interested in:

Tutorial on installing Elasticsearch 7.6.2 in Docker
Insufficient memory problem and solution when docker starts elasticsearch
How to install elasticsearch and kibana in docker
Sample code for installing ElasticSearch and Kibana under Docker
How to deploy ElasticSearch in Docker
Detailed explanation of using Elasticsearch visualization Kibana under Docker
How to install ElasticSearch on Docker in one article

<<: Detailed explanation of the use of Arguments object in JavaScript

>>: Problems with using multiple single quotes and triple quotes in MySQL concat

How to install MySQL 8.0 database on M1 chip (picture and text)

Docker installs Elasticsearch7.6 cluster and sets password

How to install MySQL 8.0 database on M1 chip (picture and text)

Vue+element implements drop-down menu with local search function example

MYSQL custom function to determine whether it is a positive integer example code

HTML+CSS box model example (circle, semicircle, etc.) "border-radius" is simple and easy to use

How to use React slots

How to represent various MOUSE shapes

A brief discussion on DDL and DML in MySQL

MySQL 8.0.12 Simple Installation Tutorial

MySQL Community Server 5.6 installation and configuration tutorial under Windows 8

Solve the problem of docker container exiting immediately after starting

Recommend

CSS to achieve single-select folding menu function

Vue+echarts realizes progress bar histogram

Vue project configures webpack-obfuscator to implement code encryption and obfuscation

The difference between ID and Name attributes of HTML elements

How to open a page in an iframe

Instances of excluding certain libraries when backing up the database with mysqldump

MySQL full-text search usage examples

Detailed examples of the difference between methods watch and computed in Vue.js

An article teaches you how to use js to achieve the barrage effect

Detailed explanation of HTML area tag

What is Software 404 and 404 Error and what is the difference between them

Solve nginx "504 Gateway Time-out" error

Detailed explanation of lazy loading and preloading of webpack

Excel export always fails in docker environment

Understand the principles of MySQL persistence and rollback in one article