elasticsearch,Docker,Authentication,elasticsearch" /> elasticsearch,Docker,Authentication,elasticsearch" />
Fatal编程技术网
  • docker/
  • 部署了docker、ansible和身份验证的Elasticsearch群集

部署了docker、ansible和身份验证的Elasticsearch群集

docker authentication

部署了docker、ansible和身份验证的Elasticsearch群集,docker,authentication,elasticsearch,Docker,Authentication,elasticsearch,这将是一个奇怪的帖子,它是多么的基本,但我被卡住了。我已将此docker compose文件转换为一个ansible作业,用于启动集群: version: '2.2' services: es01: image: docker.elastic.co/elasticsearch/elasticsearch:7.9.2 container_name: es01 environment: - node.name=es01 - cluster.name

这将是一个奇怪的帖子,它是多么的基本,但我被卡住了。我已将此docker compose文件转换为一个ansible作业,用于启动集群:

version: '2.2'
services:
  es01:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.9.2
    container_name: es01
    environment:
      - node.name=es01
      - cluster.name=es-docker-cluster
      - discovery.seed_hosts=es02,es03
      - cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - data01:/usr/share/elasticsearch/data
    ports:
      - 9200:9200
    networks:
      - elastic
  es02:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.9.2
    container_name: es02
    environment:
      - node.name=es02
      - cluster.name=es-docker-cluster
      - discovery.seed_hosts=es01,es03
      - cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - data02:/usr/share/elasticsearch/data
    networks:
      - elastic
  es03:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.9.2
    container_name: es03
    environment:
      - node.name=es03
      - cluster.name=es-docker-cluster
      - discovery.seed_hosts=es01,es02
      - cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - data03:/usr/share/elasticsearch/data
    networks:
      - elastic

volumes:
  data01:
    driver: local
  data02:
    driver: local
  data03:
    driver: local

networks:
  elastic:
    driver: bridge
问题是,当我向集群添加安全性时,集群返回一个master\u not\u discovered\u异常。我在es01中添加的所有额外内容都是
xpack.security.enabled:true
ELASTIC\u密码:“PASSWORD”
xpack.security.transport.ssl.enabled:true

知道从这里到哪里去吗?

添加

xpack.security.transport.ssl.enabled: true
要求您首先生成证书并将其添加到服务中,以便加密节点间通信。有几个步骤要做:

  • 获取一些证书,至少自己生成SSL证书
  • 通过卷将证书分发到所有节点
  • 通过密钥库配置证书和密码
    • 请先看一下的一般文档,然后再看您需要的

    对于您不想加密节点间通信,而是要加密http端点(RESTAPI)的情况,就是这样

    xpack.security.http.ssl.enabled: true
    这是为你而做的。实现此功能的过程与前一个过程非常相似,并包含在上述文档中。

    您可以共享elasticsearch日志吗?