From 3e44987ee516e22ed64e83303ac41af0f171de07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=90=8C=E6=A3=AE?= Date: Wed, 31 Jan 2024 18:29:02 +0800 Subject: [PATCH] Add elastic elasticsearch and kibana --- apps/elastic/8.12-cluster/scripts/init.sh | 23 -- apps/elastic/8.12-node/data.yml | 60 ---- apps/elastic/8.12-node/docker-compose.yml | 45 --- apps/elastic/8.12-node/scripts/init.sh | 23 -- apps/elastic/8.12.0-cluster/data.yml | 104 +++++++ .../docker-compose-template.yml | 281 ++++++++++++++++++ .../docker-compose.yml | 94 +++++- .../8.12.0-cluster/scripts/elasticsearch.yml | 2 + apps/elastic/8.12.0-cluster/scripts/init.sh | 77 +++++ .../elastic/8.12.0-cluster/scripts/kibana.yml | 4 + .../8.12.0-cluster/scripts/uninstall.sh | 21 ++ apps/elastic/8.12.0-node/data.yml | 98 ++++++ apps/elastic/8.12.0-node/docker-compose.yml | 84 ++++++ apps/elastic/8.12.0-node/scripts/init.sh | 31 ++ .../{8.12-cluster => 8.12.0-single}/data.yml | 57 +++- apps/elastic/8.12.0-single/docker-compose.yml | 145 +++++++++ .../8.12.0-single/scripts/elasticsearch.yml | 2 + apps/elastic/8.12.0-single/scripts/init.sh | 57 ++++ apps/elastic/8.12.0-single/scripts/kibana.yml | 4 + .../8.12.0-single/scripts/uninstall.sh | 21 ++ apps/elastic/README.md | 79 +++-- 21 files changed, 1114 insertions(+), 198 deletions(-) delete mode 100644 apps/elastic/8.12-cluster/scripts/init.sh delete mode 100644 apps/elastic/8.12-node/data.yml delete mode 100644 apps/elastic/8.12-node/docker-compose.yml delete mode 100644 apps/elastic/8.12-node/scripts/init.sh create mode 100644 apps/elastic/8.12.0-cluster/data.yml create mode 100644 apps/elastic/8.12.0-cluster/docker-compose-template.yml rename apps/elastic/{8.12-cluster => 8.12.0-cluster}/docker-compose.yml (69%) create mode 100644 apps/elastic/8.12.0-cluster/scripts/elasticsearch.yml create mode 100644 apps/elastic/8.12.0-cluster/scripts/init.sh create mode 100644 apps/elastic/8.12.0-cluster/scripts/kibana.yml create mode 100644 apps/elastic/8.12.0-cluster/scripts/uninstall.sh create mode 100644 apps/elastic/8.12.0-node/data.yml create mode 100644 apps/elastic/8.12.0-node/docker-compose.yml create mode 100644 apps/elastic/8.12.0-node/scripts/init.sh rename apps/elastic/{8.12-cluster => 8.12.0-single}/data.yml (50%) create mode 100644 apps/elastic/8.12.0-single/docker-compose.yml create mode 100644 apps/elastic/8.12.0-single/scripts/elasticsearch.yml create mode 100644 apps/elastic/8.12.0-single/scripts/init.sh create mode 100644 apps/elastic/8.12.0-single/scripts/kibana.yml create mode 100644 apps/elastic/8.12.0-single/scripts/uninstall.sh diff --git a/apps/elastic/8.12-cluster/scripts/init.sh b/apps/elastic/8.12-cluster/scripts/init.sh deleted file mode 100644 index 145cd9e5..00000000 --- a/apps/elastic/8.12-cluster/scripts/init.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash - -# 检查 .env 文件是否存在 -if [ -f .env ]; then - # 导入 .env 文件中的变量 - source .env - - # 创建并设置权限 - mkdir -p "$ES_ROOT_PATH" - mkdir -p "$ES_ROOT_PATH/certs" - mkdir -p "$ES_ROOT_PATH/es01/data" - mkdir -p "$ES_ROOT_PATH/es02/data" - mkdir -p "$ES_ROOT_PATH/es03/data" - mkdir -p "$ES_ROOT_PATH/kibana/data" - - chmod -R 777 "$ES_ROOT_PATH" - - echo "Directories and permissions set successfully." - -else - echo "Error: .env file not found." - exit 1 -fi diff --git a/apps/elastic/8.12-node/data.yml b/apps/elastic/8.12-node/data.yml deleted file mode 100644 index 81c8b949..00000000 --- a/apps/elastic/8.12-node/data.yml +++ /dev/null @@ -1,60 +0,0 @@ -additionalProperties: - formFields: - - default: "docker-cluster" - edit: true - envKey: CLUSTER_NAME - labelEn: cluster name - labelZh: 集群名称 - required: true - type: text - - default: "" - edit: true - envKey: ELASTIC_PASSWORD - labelEn: Password for the 'elastic' user, Numbers and letters - labelZh: “elastic”用户的密码 数字与字母组合 - required: true - type: password - - default: "" - edit: true - envKey: KIBANA_PASSWORD - labelEn: Password for the 'kibana_system' user, Numbers and letters - labelZh: “kibana_system”用户的密码 数字与字母组合 - required: true - type: password - - default: "/home/elastic" - edit: true - envKey: ES_ROOT_PATH - labelEn: data persistence root path - labelZh: 数据持久化根路径 - required: true - type: text - - default: 1073741824 - edit: true - envKey: MEM_LIMIT - labelEn: Increase or decrease based on the available host memory (in bytes) - labelZh: 根据可用主机内存增加或减少(以字节为单位) - required: true - type: number - - default: "" - edit: true - envKey: ES_HOST - labelEn: Access host restriction 127.0.0.1 - labelZh: 访问主机限定 127.0.0.1 - required: false - type: text - - default: 9200 - edit: true - envKey: PANEL_APP_PORT_HTTPS - labelEn: Port to expose Elasticsearch HTTP API to the host - labelZh: 开放API的端口 - required: true - rule: paramPort - type: number - - default: 5601 - edit: true - envKey: PANEL_APP_PORT_HTTP - labelEn: Port to expose Kibana to the host - labelZh: Kibana面板端口 - required: true - rule: paramPort - type: number diff --git a/apps/elastic/8.12-node/docker-compose.yml b/apps/elastic/8.12-node/docker-compose.yml deleted file mode 100644 index 4b3373b5..00000000 --- a/apps/elastic/8.12-node/docker-compose.yml +++ /dev/null @@ -1,45 +0,0 @@ -version: "2.2" - -services: - es01: - depends_on: - elastic-init: - condition: service_healthy - image: docker.elastic.co/elasticsearch/elasticsearch:8.12.0 - volumes: - - ${ES_ROOT_PATH}/certs:/usr/share/elasticsearch/config/certs - - ${ES_ROOT_PATH}/es01/data:/usr/share/elasticsearch/data - ports: - - ${PANEL_APP_PORT_HTTPS}:9200 - environment: - - node.name=es01 - - cluster.name=${CLUSTER_NAME} - - cluster.initial_master_nodes=es01,es02,es03 - - discovery.seed_hosts=es02,es03 - - ELASTIC_PASSWORD=${ELASTIC_PASSWORD} - - bootstrap.memory_lock=true - - xpack.security.enabled=true - - xpack.security.http.ssl.enabled=true - - xpack.security.http.ssl.key=certs/es01/es01.key - - xpack.security.http.ssl.certificate=certs/es01/es01.crt - - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt - - xpack.security.transport.ssl.enabled=true - - xpack.security.transport.ssl.key=certs/es01/es01.key - - xpack.security.transport.ssl.certificate=certs/es01/es01.crt - - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt - - xpack.security.transport.ssl.verification_mode=certificate - - xpack.license.self_generated.type=basic - mem_limit: ${MEM_LIMIT} - ulimits: - memlock: - soft: -1 - hard: -1 - healthcheck: - test: - [ - "CMD-SHELL", - "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'", - ] - interval: 10s - timeout: 10s - retries: 120 diff --git a/apps/elastic/8.12-node/scripts/init.sh b/apps/elastic/8.12-node/scripts/init.sh deleted file mode 100644 index 145cd9e5..00000000 --- a/apps/elastic/8.12-node/scripts/init.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash - -# 检查 .env 文件是否存在 -if [ -f .env ]; then - # 导入 .env 文件中的变量 - source .env - - # 创建并设置权限 - mkdir -p "$ES_ROOT_PATH" - mkdir -p "$ES_ROOT_PATH/certs" - mkdir -p "$ES_ROOT_PATH/es01/data" - mkdir -p "$ES_ROOT_PATH/es02/data" - mkdir -p "$ES_ROOT_PATH/es03/data" - mkdir -p "$ES_ROOT_PATH/kibana/data" - - chmod -R 777 "$ES_ROOT_PATH" - - echo "Directories and permissions set successfully." - -else - echo "Error: .env file not found." - exit 1 -fi diff --git a/apps/elastic/8.12.0-cluster/data.yml b/apps/elastic/8.12.0-cluster/data.yml new file mode 100644 index 00000000..5722258d --- /dev/null +++ b/apps/elastic/8.12.0-cluster/data.yml @@ -0,0 +1,104 @@ +additionalProperties: + formFields: + - default: "docker-cluster" + edit: true + envKey: CLUSTER_NAME + labelEn: cluster name + labelZh: 集群名称 + required: true + type: text + - default: "elastic-net" + edit: true + envKey: CLUSTER_NETWORK + labelEn: cluster network + labelZh: 集群网络 + required: true + type: text + - default: "" + edit: true + envKey: ELASTIC_PASSWORD + labelEn: Password for the 'elastic' user, Numbers and letters + labelZh: elastic 用户的密码 数字与字母组合 + required: true + type: password + - default: "" + edit: true + envKey: KIBANA_PASSWORD + labelEn: Password for the 'kibana_system' user, Numbers and letters + labelZh: kibana_system 用户的密码 数字与字母组合 + required: true + type: password + - default: "/home/elastic/cluster" + edit: true + envKey: ES_ROOT_PATH + labelEn: data persistence root path + labelZh: 数据持久化根路径 + required: true + type: text + - default: 1073741824 + edit: true + envKey: MEM_LIMIT + labelEn: Increase or decrease based on the available host memory (in bytes) + labelZh: 根据可用主机内存增加或减少(以字节为单位) + required: true + type: number + - default: "9200" + edit: true + envKey: PANEL_APP_PORT_HTTPS + labelEn: Port to expose Elasticsearch HTTP API to the host + labelZh: 开放API的端口 + required: false + type: text + - default: 5601 + edit: true + envKey: PANEL_APP_PORT_HTTP + labelEn: Port to expose Kibana to the host + labelZh: Kibana面板端口 + required: true + rule: paramPort + type: number + - default: "9300" + edit: true + envKey: ES_COMMUNICATION_PORT + labelEn: Port to expose Elasticsearch communication to the host + labelZh: Elasticsearch通讯端口 9300 + required: false + type: text + - default: "512m" + edit: true + envKey: ES_JAVA_OPTS_XMS + labelEn: JVM memory allocation pool + labelZh: JVM内存分配池 初始化内存 + required: true + type: text + - default: "512m" + edit: true + envKey: ES_JAVA_OPTS_XMX + labelEn: JVM memory allocation pool + labelZh: JVM内存分配池 运行内存 + required: true + type: text + - default: "true" + edit: true + envKey: ES_XPACK_SECURITY_ENABLED + labelEn: Enable security verification (recommended) + labelZh: 证书安全验证(推荐开启) + required: true + type: select + values: + - label: True + value: "true" + - label: False + value: "false" + - default: "false" + edit: true + envKey: MS_TEMPLATE_ENABLED + labelEn: Use template installation (can be used if installation fails multiple times) + labelZh: 使用模板安装(多次安装失败可使用此方法) + required: true + type: select + values: + - label: True + value: "true" + - label: False + value: "false" diff --git a/apps/elastic/8.12.0-cluster/docker-compose-template.yml b/apps/elastic/8.12.0-cluster/docker-compose-template.yml new file mode 100644 index 00000000..90467eed --- /dev/null +++ b/apps/elastic/8.12.0-cluster/docker-compose-template.yml @@ -0,0 +1,281 @@ +networks: + elastic-net: + external: true +services: + elastic: + container_name: kibana-${CONTAINER_NAME} + depends_on: + es01: + condition: service_healthy + es02: + condition: service_healthy + es03: + condition: service_healthy + deploy: + resources: + limits: + cpus: ${CPUS} + memory: ${MEMORY_LIMIT} + environment: + - SERVERNAME=kibana + - ELASTICSEARCH_HOSTS=https://es01:9200 + - ELASTICSEARCH_USERNAME=kibana_system + - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD} + - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt + healthcheck: + interval: 10s + retries: 120 + test: + - CMD-SHELL + - curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found' + timeout: 10s + image: docker.elastic.co/kibana/kibana:8.12.0 + logging: + driver: json-file + options: + max-file: "3" + max-size: 10m + mem_limit: ${MEM_LIMIT} + networks: + - ${CLUSTER_NETWORK} + ports: + - ${HOST_IP}:${PANEL_APP_PORT_HTTP}:5601 + restart: always + volumes: + - ${ES_ROOT_PATH}/certs:/usr/share/kibana/config/certs + - ${ES_ROOT_PATH}/kibana/data:/usr/share/kibana/data + - ${ES_ROOT_PATH}/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml + elastic-init: + command: | + bash -c ' + if [ x${ELASTIC_PASSWORD} == x ]; then + echo "Set the ELASTIC_PASSWORD environment variable in the .env file"; + exit 1; + elif [ x${KIBANA_PASSWORD} == x ]; then + echo "Set the KIBANA_PASSWORD environment variable in the .env file"; + exit 1; + fi; + if [ ! -f config/certs/ca.zip ]; then + echo "Creating CA"; + bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip; + unzip config/certs/ca.zip -d config/certs; + fi; + if [ ! -f config/certs/certs.zip ]; then + echo "Creating certs"; + echo -ne \ + "instances:\n"\ + " - name: es01\n"\ + " dns:\n"\ + " - es01\n"\ + " - localhost\n"\ + " ip:\n"\ + " - 127.0.0.1\n"\ + " - name: es02\n"\ + " dns:\n"\ + " - es02\n"\ + " - localhost\n"\ + " ip:\n"\ + " - 127.0.0.1\n"\ + " - name: es03\n"\ + " dns:\n"\ + " - es03\n"\ + " - localhost\n"\ + " ip:\n"\ + " - 127.0.0.1\n"\ + > config/certs/instances.yml; + bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key; + unzip config/certs/certs.zip -d config/certs; + fi; + echo "Setting file permissions" + chown -R root:root config/certs; + find . -type d -exec chmod 750 \{\} \;; + find . -type f -exec chmod 640 \{\} \;; + echo "Waiting for Elasticsearch availability"; + until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done; + echo "Setting kibana_system password"; + until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done; + echo "All done!"; + ' + container_name: elastic-init + healthcheck: + interval: 1s + retries: 120 + test: + - CMD-SHELL + - '[ -f config/certs/es01/es01.crt ]' + timeout: 5s + image: docker.elastic.co/elasticsearch/elasticsearch:8.12.0 + logging: + driver: json-file + options: + max-file: "3" + max-size: 10m + networks: + - ${CLUSTER_NETWORK} + user: "0" + volumes: + - ${ES_ROOT_PATH}/certs:/usr/share/elasticsearch/config/certs + es01: + container_name: es01 + depends_on: + elastic-init: + condition: service_healthy + environment: + - node.name=es01 + - cluster.name=${CLUSTER_NAME} + - cluster.initial_master_nodes=es01,es02,es03 + - discovery.seed_hosts=es02,es03 + - ELASTIC_PASSWORD=${ELASTIC_PASSWORD} + - bootstrap.memory_lock=true + - xpack.security.enabled=${ES_XPACK_SECURITY_ENABLED} + - xpack.security.http.ssl.enabled=${ES_XPACK_SECURITY_ENABLED} + - xpack.security.http.ssl.key=certs/es01/es01.key + - xpack.security.http.ssl.certificate=certs/es01/es01.crt + - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt + - xpack.security.transport.ssl.enabled=${ES_XPACK_SECURITY_ENABLED} + - xpack.security.transport.ssl.key=certs/es01/es01.key + - xpack.security.transport.ssl.certificate=certs/es01/es01.crt + - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt + - xpack.security.transport.ssl.verification_mode=certificate + - xpack.license.self_generated.type=basic + - ES_JAVA_OPTS=-Xms${ES_JAVA_OPTS_XMS} -Xmx${ES_JAVA_OPTS_XMX} + healthcheck: + interval: 10s + retries: 120 + test: + - CMD-SHELL + - curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials' + timeout: 10s + image: docker.elastic.co/elasticsearch/elasticsearch:8.12.0 + logging: + driver: json-file + options: + max-file: "3" + max-size: 10m + mem_limit: ${MEM_LIMIT} + networks: + - ${CLUSTER_NETWORK} + ports: + - ${PANEL_APP_PORT_HTTPS}:9200 + - ${ES_COMMUNICATION_PORT}:9300 + restart: always + ulimits: + memlock: + hard: -1 + soft: -1 + nofile: + hard: 65536 + soft: 65536 + volumes: + - ${ES_ROOT_PATH}/certs:/usr/share/elasticsearch/config/certs + - ${ES_ROOT_PATH}/es01/data:/usr/share/elasticsearch/data + - ${ES_ROOT_PATH}/es01/logs:/usr/share/elasticsearch/logs + - ${ES_ROOT_PATH}/es01/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml + - ${ES_ROOT_PATH}/es01/plugins:/usr/share/elasticsearch/plugins + es02: + container_name: es02 + depends_on: + - es01 + environment: + - node.name=es02 + - cluster.name=${CLUSTER_NAME} + - cluster.initial_master_nodes=es01,es02,es03 + - discovery.seed_hosts=es01,es03 + - ELASTIC_PASSWORD=${ELASTIC_PASSWORD} + - bootstrap.memory_lock=true + - xpack.security.enabled=${ES_XPACK_SECURITY_ENABLED} + - xpack.security.http.ssl.enabled=${ES_XPACK_SECURITY_ENABLED} + - xpack.security.http.ssl.key=certs/es02/es02.key + - xpack.security.http.ssl.certificate=certs/es02/es02.crt + - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt + - xpack.security.transport.ssl.enabled=${ES_XPACK_SECURITY_ENABLED} + - xpack.security.transport.ssl.key=certs/es02/es02.key + - xpack.security.transport.ssl.certificate=certs/es02/es02.crt + - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt + - xpack.security.transport.ssl.verification_mode=certificate + - xpack.license.self_generated.type=basic + - ES_JAVA_OPTS=-Xms${ES_JAVA_OPTS_XMS} -Xmx${ES_JAVA_OPTS_XMX} + healthcheck: + interval: 10s + retries: 120 + test: + - CMD-SHELL + - curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials' + timeout: 10s + image: docker.elastic.co/elasticsearch/elasticsearch:8.12.0 + logging: + driver: json-file + options: + max-file: "3" + max-size: 10m + mem_limit: ${MEM_LIMIT} + networks: + - ${CLUSTER_NETWORK} + restart: always + ulimits: + memlock: + hard: -1 + soft: -1 + nofile: + hard: 65536 + soft: 65536 + volumes: + - ${ES_ROOT_PATH}/certs:/usr/share/elasticsearch/config/certs + - ${ES_ROOT_PATH}/es02/data:/usr/share/elasticsearch/data + - ${ES_ROOT_PATH}/es02/logs:/usr/share/elasticsearch/logs + - ${ES_ROOT_PATH}/es02/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml + - ${ES_ROOT_PATH}/es02/plugins:/usr/share/elasticsearch/plugins + es03: + container_name: es03 + depends_on: + - es02 + environment: + - node.name=es03 + - cluster.name=${CLUSTER_NAME} + - cluster.initial_master_nodes=es01,es02,es03 + - discovery.seed_hosts=es01,es02 + - ELASTIC_PASSWORD=${ELASTIC_PASSWORD} + - bootstrap.memory_lock=true + - xpack.security.enabled=${ES_XPACK_SECURITY_ENABLED} + - xpack.security.http.ssl.enabled=${ES_XPACK_SECURITY_ENABLED} + - xpack.security.http.ssl.key=certs/es03/es03.key + - xpack.security.http.ssl.certificate=certs/es03/es03.crt + - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt + - xpack.security.transport.ssl.enabled=${ES_XPACK_SECURITY_ENABLED} + - xpack.security.transport.ssl.key=certs/es03/es03.key + - xpack.security.transport.ssl.certificate=certs/es03/es03.crt + - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt + - xpack.security.transport.ssl.verification_mode=certificate + - xpack.license.self_generated.type=basic + - ES_JAVA_OPTS=-Xms${ES_JAVA_OPTS_XMS} -Xmx${ES_JAVA_OPTS_XMX} + healthcheck: + interval: 10s + retries: 120 + test: + - CMD-SHELL + - curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials' + timeout: 10s + image: docker.elastic.co/elasticsearch/elasticsearch:8.12.0 + logging: + driver: json-file + options: + max-file: "3" + max-size: 10m + mem_limit: ${MEM_LIMIT} + networks: + - ${CLUSTER_NETWORK} + restart: always + ulimits: + memlock: + hard: -1 + soft: -1 + nofile: + hard: 65536 + soft: 65536 + volumes: + - ${ES_ROOT_PATH}/certs:/usr/share/elasticsearch/config/certs + - ${ES_ROOT_PATH}/es03/data:/usr/share/elasticsearch/data + - ${ES_ROOT_PATH}/es03/logs:/usr/share/elasticsearch/logs + - ${ES_ROOT_PATH}/es03/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml + - ${ES_ROOT_PATH}/es03/plugins:/usr/share/elasticsearch/plugins +version: "2.2" diff --git a/apps/elastic/8.12-cluster/docker-compose.yml b/apps/elastic/8.12.0-cluster/docker-compose.yml similarity index 69% rename from apps/elastic/8.12-cluster/docker-compose.yml rename to apps/elastic/8.12.0-cluster/docker-compose.yml index b899aa0f..bd93e7c4 100644 --- a/apps/elastic/8.12-cluster/docker-compose.yml +++ b/apps/elastic/8.12.0-cluster/docker-compose.yml @@ -1,8 +1,15 @@ version: "2.2" +networks: + ${DOCKER_NET}: + external: true + services: elastic-init: + container_name: elastic-init image: docker.elastic.co/elasticsearch/elasticsearch:8.12.0 + networks: + - ${CLUSTER_NETWORK} volumes: - ${ES_ROOT_PATH}/certs:/usr/share/elasticsearch/config/certs user: "0" @@ -61,17 +68,31 @@ services: interval: 1s timeout: 5s retries: 120 + logging: + driver: "json-file" + options: + max-size: "10m" + max-file: "3" + es01: depends_on: elastic-init: condition: service_healthy + container_name: es01 + restart: always image: docker.elastic.co/elasticsearch/elasticsearch:8.12.0 volumes: - ${ES_ROOT_PATH}/certs:/usr/share/elasticsearch/config/certs - ${ES_ROOT_PATH}/es01/data:/usr/share/elasticsearch/data + - ${ES_ROOT_PATH}/es01/logs:/usr/share/elasticsearch/logs + - ${ES_ROOT_PATH}/es01/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml + - ${ES_ROOT_PATH}/es01/plugins:/usr/share/elasticsearch/plugins ports: - ${PANEL_APP_PORT_HTTPS}:9200 + - ${ES_COMMUNICATION_PORT}:9300 + networks: + - ${CLUSTER_NETWORK} environment: - node.name=es01 - cluster.name=${CLUSTER_NAME} @@ -79,22 +100,26 @@ services: - discovery.seed_hosts=es02,es03 - ELASTIC_PASSWORD=${ELASTIC_PASSWORD} - bootstrap.memory_lock=true - - xpack.security.enabled=true - - xpack.security.http.ssl.enabled=true + - xpack.security.enabled=${ES_XPACK_SECURITY_ENABLED} + - xpack.security.http.ssl.enabled=${ES_XPACK_SECURITY_ENABLED} - xpack.security.http.ssl.key=certs/es01/es01.key - xpack.security.http.ssl.certificate=certs/es01/es01.crt - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt - - xpack.security.transport.ssl.enabled=true + - xpack.security.transport.ssl.enabled=${ES_XPACK_SECURITY_ENABLED} - xpack.security.transport.ssl.key=certs/es01/es01.key - xpack.security.transport.ssl.certificate=certs/es01/es01.crt - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt - xpack.security.transport.ssl.verification_mode=certificate - xpack.license.self_generated.type=basic + - ES_JAVA_OPTS=-Xms${ES_JAVA_OPTS_XMS} -Xmx${ES_JAVA_OPTS_XMX} mem_limit: ${MEM_LIMIT} ulimits: memlock: soft: -1 hard: -1 + nofile: + soft: 65536 + hard: 65536 healthcheck: test: [ @@ -104,36 +129,53 @@ services: interval: 10s timeout: 10s retries: 120 + logging: + driver: "json-file" + options: + max-size: "10m" + max-file: "3" es02: depends_on: - es01 + container_name: es02 + restart: always image: docker.elastic.co/elasticsearch/elasticsearch:8.12.0 volumes: - ${ES_ROOT_PATH}/certs:/usr/share/elasticsearch/config/certs - ${ES_ROOT_PATH}/es02/data:/usr/share/elasticsearch/data + - ${ES_ROOT_PATH}/es02/logs:/usr/share/elasticsearch/logs + - ${ES_ROOT_PATH}/es02/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml + - ${ES_ROOT_PATH}/es02/plugins:/usr/share/elasticsearch/plugins + networks: + - ${CLUSTER_NETWORK} environment: - node.name=es02 - cluster.name=${CLUSTER_NAME} - cluster.initial_master_nodes=es01,es02,es03 - discovery.seed_hosts=es01,es03 + - ELASTIC_PASSWORD=${ELASTIC_PASSWORD} - bootstrap.memory_lock=true - - xpack.security.enabled=true - - xpack.security.http.ssl.enabled=true + - xpack.security.enabled=${ES_XPACK_SECURITY_ENABLED} + - xpack.security.http.ssl.enabled=${ES_XPACK_SECURITY_ENABLED} - xpack.security.http.ssl.key=certs/es02/es02.key - xpack.security.http.ssl.certificate=certs/es02/es02.crt - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt - - xpack.security.transport.ssl.enabled=true + - xpack.security.transport.ssl.enabled=${ES_XPACK_SECURITY_ENABLED} - xpack.security.transport.ssl.key=certs/es02/es02.key - xpack.security.transport.ssl.certificate=certs/es02/es02.crt - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt - xpack.security.transport.ssl.verification_mode=certificate - xpack.license.self_generated.type=basic + - ES_JAVA_OPTS=-Xms${ES_JAVA_OPTS_XMS} -Xmx${ES_JAVA_OPTS_XMX} mem_limit: ${MEM_LIMIT} ulimits: memlock: soft: -1 hard: -1 + nofile: + soft: 65536 + hard: 65536 healthcheck: test: [ @@ -143,36 +185,53 @@ services: interval: 10s timeout: 10s retries: 120 + logging: + driver: "json-file" + options: + max-size: "10m" + max-file: "3" es03: depends_on: - es02 + container_name: es03 + restart: always image: docker.elastic.co/elasticsearch/elasticsearch:8.12.0 volumes: - ${ES_ROOT_PATH}/certs:/usr/share/elasticsearch/config/certs - ${ES_ROOT_PATH}/es03/data:/usr/share/elasticsearch/data + - ${ES_ROOT_PATH}/es03/logs:/usr/share/elasticsearch/logs + - ${ES_ROOT_PATH}/es03/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml + - ${ES_ROOT_PATH}/es03/plugins:/usr/share/elasticsearch/plugins + networks: + - ${CLUSTER_NETWORK} environment: - node.name=es03 - cluster.name=${CLUSTER_NAME} - cluster.initial_master_nodes=es01,es02,es03 - discovery.seed_hosts=es01,es02 + - ELASTIC_PASSWORD=${ELASTIC_PASSWORD} - bootstrap.memory_lock=true - - xpack.security.enabled=true - - xpack.security.http.ssl.enabled=true + - xpack.security.enabled=${ES_XPACK_SECURITY_ENABLED} + - xpack.security.http.ssl.enabled=${ES_XPACK_SECURITY_ENABLED} - xpack.security.http.ssl.key=certs/es03/es03.key - xpack.security.http.ssl.certificate=certs/es03/es03.crt - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt - - xpack.security.transport.ssl.enabled=true + - xpack.security.transport.ssl.enabled=${ES_XPACK_SECURITY_ENABLED} - xpack.security.transport.ssl.key=certs/es03/es03.key - xpack.security.transport.ssl.certificate=certs/es03/es03.crt - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt - xpack.security.transport.ssl.verification_mode=certificate - xpack.license.self_generated.type=basic + - ES_JAVA_OPTS=-Xms${ES_JAVA_OPTS_XMS} -Xmx${ES_JAVA_OPTS_XMX} mem_limit: ${MEM_LIMIT} ulimits: memlock: soft: -1 hard: -1 + nofile: + soft: 65536 + hard: 65536 healthcheck: test: [ @@ -182,6 +241,11 @@ services: interval: 10s timeout: 10s retries: 120 + logging: + driver: "json-file" + options: + max-size: "10m" + max-file: "3" kibana: depends_on: @@ -191,15 +255,20 @@ services: condition: service_healthy es03: condition: service_healthy + container_name: kibana-${CONTAINER_NAME} + restart: always image: docker.elastic.co/kibana/kibana:8.12.0 volumes: - ${ES_ROOT_PATH}/certs:/usr/share/kibana/config/certs - ${ES_ROOT_PATH}/kibana/data:/usr/share/kibana/data + - ${ES_ROOT_PATH}/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml ports: - ${PANEL_APP_PORT_HTTP}:5601 + networks: + - ${CLUSTER_NETWORK} environment: - SERVERNAME=kibana - - ELASTICSEARCH_HOSTS=https://es01:${PANEL_APP_PORT_HTTPS} + - ELASTICSEARCH_HOSTS=https://es01:9200 - ELASTICSEARCH_USERNAME=kibana_system - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD} - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt @@ -213,3 +282,8 @@ services: interval: 10s timeout: 10s retries: 120 + logging: + driver: "json-file" + options: + max-size: "10m" + max-file: "3" diff --git a/apps/elastic/8.12.0-cluster/scripts/elasticsearch.yml b/apps/elastic/8.12.0-cluster/scripts/elasticsearch.yml new file mode 100644 index 00000000..7b3ac5ed --- /dev/null +++ b/apps/elastic/8.12.0-cluster/scripts/elasticsearch.yml @@ -0,0 +1,2 @@ +cluster.name: "docker-cluster" +network.host: 0.0.0.0 diff --git a/apps/elastic/8.12.0-cluster/scripts/init.sh b/apps/elastic/8.12.0-cluster/scripts/init.sh new file mode 100644 index 00000000..7d89dc09 --- /dev/null +++ b/apps/elastic/8.12.0-cluster/scripts/init.sh @@ -0,0 +1,77 @@ +#!/bin/bash + +# 检查 .env 文件是否存在 +if [ -f .env ]; then + # 导入 .env 文件中的变量 + source .env + + # 模板文件 MS_TEMPLATE_ENABLED 为 true 时 使用正确的模板文件 + MS_TEMPLATE_ENABLED=$(grep -E '^MS_TEMPLATE_ENABLED=' .env | cut -d= -f2) + + # 检查MS_TEMPLATE_ENABLED是否为真 + if [ "$MS_TEMPLATE_ENABLED" = "true" ]; then + # 复制docker-compose-template.yml为docker-compose.yml,覆盖已存在的文件 + cp -f docker-compose-template.yml docker-compose.yml + echo "docker-compose.yml updated successfully." + fi + + # 替换 docker-compose.yml 中的网络变量 + sed -i "s/\${DOCKER_NET}/$CLUSTER_NETWORK/" docker-compose.yml + + # 创建目录 + mkdir -p "$ES_ROOT_PATH" + + mkdir -p "$ES_ROOT_PATH/certs" + + mkdir -p "$ES_ROOT_PATH/es01/data" + mkdir -p "$ES_ROOT_PATH/es02/data" + mkdir -p "$ES_ROOT_PATH/es03/data" + + mkdir -p "$ES_ROOT_PATH/es01/logs" + mkdir -p "$ES_ROOT_PATH/es02/logs" + mkdir -p "$ES_ROOT_PATH/es03/logs" + + mkdir -p "$ES_ROOT_PATH/es01/config" + mkdir -p "$ES_ROOT_PATH/es02/config" + mkdir -p "$ES_ROOT_PATH/es03/config" + + mkdir -p "$ES_ROOT_PATH/es01/plugins" + mkdir -p "$ES_ROOT_PATH/es02/plugins" + mkdir -p "$ES_ROOT_PATH/es03/plugins" + + mkdir -p "$ES_ROOT_PATH/kibana/data" + mkdir -p "$ES_ROOT_PATH/kibana/config" + + # 生成 elasticsearch.yml 文件 + elasticsearch_config="cluster.name: \"$CLUSTER_NAME\"\nnetwork.host: 0.0.0.0" + echo -e "$elasticsearch_config" > elasticsearch.yml + cp elasticsearch.yml "$ES_ROOT_PATH/es01/config/elasticsearch.yml" + cp elasticsearch.yml "$ES_ROOT_PATH/es02/config/elasticsearch.yml" + cp elasticsearch.yml "$ES_ROOT_PATH/es03/config/elasticsearch.yml" + + # 生成 kibana.yml 文件 + kibana_config="server.host: \"0.0.0.0\"\nserver.shutdownTimeout: \"5s\"\nelasticsearch.hosts: [ \"https://es01:9200\", \"https://es02:9200\", \"https://es03:9200\" ]\nmonitoring.ui.container.elasticsearch.enabled: true" + echo -e "$kibana_config" > kibana.yml + cp kibana.yml "$ES_ROOT_PATH/kibana/config/kibana.yml" + + # 清理中间文件 + rm elasticsearch.yml kibana.yml + + # 设置权限 + chmod -R 777 "$ES_ROOT_PATH" + + # 创建网络 + docker network create "$CLUSTER_NETWORK" + # 检查创建是否成功 + if [ $? -eq 0 ]; then + echo "Network $CLUSTER_NETWORK created successfully." + else + echo "Failed to create network $CLUSTER_NETWORK." + fi + + echo "Directories and permissions set successfully." + +else + echo "Error: .env file not found." + exit 1 +fi diff --git a/apps/elastic/8.12.0-cluster/scripts/kibana.yml b/apps/elastic/8.12.0-cluster/scripts/kibana.yml new file mode 100644 index 00000000..fd51e7c4 --- /dev/null +++ b/apps/elastic/8.12.0-cluster/scripts/kibana.yml @@ -0,0 +1,4 @@ +server.host: "0.0.0.0" +server.shutdownTimeout: "5s" +elasticsearch.hosts: [ "http://localhost:9200" ] +monitoring.ui.container.elasticsearch.enabled: true diff --git a/apps/elastic/8.12.0-cluster/scripts/uninstall.sh b/apps/elastic/8.12.0-cluster/scripts/uninstall.sh new file mode 100644 index 00000000..04769b43 --- /dev/null +++ b/apps/elastic/8.12.0-cluster/scripts/uninstall.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +# 检查 .env 文件是否存在 +if [ -f .env ]; then + # 导入 .env 文件中的变量 + source .env + + # 使用 docker network rm 命令删除网络 + docker network rm $CLUSTER_NETWORK + + # 检查删除是否成功 + if [ $? -eq 0 ]; then + echo "Network $CLUSTER_NETWORK deleted successfully." + else + echo "Failed to delete network $CLUSTER_NETWORK." + fi + +else + echo "Error: .env file not found." + exit 1 +fi diff --git a/apps/elastic/8.12.0-node/data.yml b/apps/elastic/8.12.0-node/data.yml new file mode 100644 index 00000000..88a065a8 --- /dev/null +++ b/apps/elastic/8.12.0-node/data.yml @@ -0,0 +1,98 @@ +additionalProperties: + formFields: + - default: "docker-cluster" + edit: true + envKey: CLUSTER_NAME + labelEn: cluster name + labelZh: 集群名称 与现有集群名称一致 + required: true + type: text + - default: "elastic-net" + edit: true + envKey: CLUSTER_NETWORK + labelEn: cluster network + labelZh: 集群网络 与现有集群网络一致 + required: true + type: text + - default: "es04" + edit: true + envKey: ES_NODE_NAME + labelEn: node name + labelZh: 节点名称 与现有节点名称不一致 + required: true + type: text + - default: "" + edit: true + envKey: ELASTIC_PASSWORD + labelEn: Password for the 'elastic' user, Numbers and letters + labelZh: elastic 用户的密码 数字与字母组合 + required: true + type: password + - default: "es01,es02,es03" + edit: true + envKey: ES_SEED_HOSTS + labelEn: Seed hosts + labelZh: 其他节点的名称 节点发现 + required: true + type: text + - default: "es01,es02,es03,es04" + edit: true + envKey: ES_INITIAL_MASTER_NODES + labelEn: Initial master nodes + labelZh: 主节点选举 es04为当前节点 + required: true + type: text + - default: "/home/elastic/cluster" + edit: true + envKey: ES_ROOT_PATH + labelEn: data persistence root path + labelZh: 集群根路径 与现有集群根路径一致 + required: true + type: text + - default: 1073741824 + edit: true + envKey: MEM_LIMIT + labelEn: Increase or decrease based on the available host memory (in bytes) + labelZh: 根据可用主机内存增加或减少(以字节为单位) + required: true + type: number + - default: "9200" + edit: true + envKey: PANEL_APP_PORT_HTTPS + labelEn: Port to expose Elasticsearch HTTP API to the host + labelZh: 开放API的端口 + required: false + type: text + - default: "9300" + edit: true + envKey: ES_COMMUNICATION_PORT + labelEn: Port to expose Elasticsearch communication to the host + labelZh: Elasticsearch通讯端口 9300 + required: false + type: text + - default: "512m" + edit: true + envKey: ES_JAVA_OPTS_XMS + labelEn: JVM memory allocation pool + labelZh: JVM内存分配池 初始化内存 + required: true + type: text + - default: "512m" + edit: true + envKey: ES_JAVA_OPTS_XMX + labelEn: JVM memory allocation pool + labelZh: JVM内存分配池 运行内存 + required: true + type: text + - default: "true" + edit: true + envKey: ES_XPACK_SECURITY_ENABLED + labelEn: Enable security verification (recommended) + labelZh: 证书安全验证(推荐开启) + required: true + type: select + values: + - label: True + value: "true" + - label: False + value: "false" diff --git a/apps/elastic/8.12.0-node/docker-compose.yml b/apps/elastic/8.12.0-node/docker-compose.yml new file mode 100644 index 00000000..254be41c --- /dev/null +++ b/apps/elastic/8.12.0-node/docker-compose.yml @@ -0,0 +1,84 @@ +version: "2.2" + +networks: + ${DOCKER_NET}: + external: true + +services: + es-node: + container_name: ${CONTAINER_NAME}-${ES_NODE_NAME} + restart: always + image: docker.elastic.co/elasticsearch/elasticsearch:8.12.0 + volumes: + - ${ES_ROOT_PATH}/certs:/usr/share/elasticsearch/config/certs + - ${ES_ROOT_PATH}/${ES_NODE_NAME}/data:/usr/share/elasticsearch/data + - ${ES_ROOT_PATH}/${ES_NODE_NAME}/logs:/usr/share/elasticsearch/logs + - ${ES_ROOT_PATH}/${ES_NODE_NAME}/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml + - ${ES_ROOT_PATH}/${ES_NODE_NAME}/plugins:/usr/share/elasticsearch/plugins + ports: + - ${PANEL_APP_PORT_HTTPS}:9200 + - ${ES_COMMUNICATION_PORT}:9300 + networks: + - ${CLUSTER_NETWORK} + command: > + bash -c ' + echo "start es-node"; + if [ ! -f config/certs/${ES_NODE_NAME}.zip ]; then + echo "Creating certs"; + echo -ne \ + "instances:\n"\ + " - name: ${ES_NODE_NAME}\n"\ + " dns:\n"\ + " - ${ES_NODE_NAME}\n"\ + " - localhost\n"\ + " ip:\n"\ + " - 127.0.0.1\n"\ + > config/certs/${ES_NODE_NAME}.yml; + bin/elasticsearch-certutil cert --silent --pem -out config/certs/${ES_NODE_NAME}.zip --in config/certs/${ES_NODE_NAME}.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key; + unzip config/certs/${ES_NODE_NAME}.zip -d config/certs; + fi; + echo "Setting file permissions" + chown -R root:root config/certs; + exec /usr/local/bin/docker-entrypoint.sh elasticsearch + ' + environment: + - node.name=${ES_NODE_NAME} + - cluster.name=${CLUSTER_NAME} + - cluster.initial_master_nodes=${ES_INITIAL_MASTER_NODES} + - discovery.seed_hosts=${ES_SEED_HOSTS} + - ELASTIC_PASSWORD=${ELASTIC_PASSWORD} + - bootstrap.memory_lock=true + - xpack.security.enabled=${ES_XPACK_SECURITY_ENABLED} + - xpack.security.http.ssl.enabled=${ES_XPACK_SECURITY_ENABLED} + - xpack.security.http.ssl.key=certs/${ES_NODE_NAME}/${ES_NODE_NAME}.key + - xpack.security.http.ssl.certificate=certs/${ES_NODE_NAME}/${ES_NODE_NAME}.crt + - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt + - xpack.security.transport.ssl.enabled=${ES_XPACK_SECURITY_ENABLED} + - xpack.security.transport.ssl.key=certs/${ES_NODE_NAME}/${ES_NODE_NAME}.key + - xpack.security.transport.ssl.certificate=certs/${ES_NODE_NAME}/${ES_NODE_NAME}.crt + - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt + - xpack.security.transport.ssl.verification_mode=certificate + - xpack.license.self_generated.type=basic + - ES_JAVA_OPTS=-Xms${ES_JAVA_OPTS_XMS} -Xmx${ES_JAVA_OPTS_XMX} + mem_limit: ${MEM_LIMIT} + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + healthcheck: + test: + [ + "CMD-SHELL", + "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'", + ] + interval: 10s + timeout: 10s + retries: 120 + logging: + driver: "json-file" + options: + max-size: "10m" + max-file: "3" diff --git a/apps/elastic/8.12.0-node/scripts/init.sh b/apps/elastic/8.12.0-node/scripts/init.sh new file mode 100644 index 00000000..bd41991c --- /dev/null +++ b/apps/elastic/8.12.0-node/scripts/init.sh @@ -0,0 +1,31 @@ +#!/bin/bash + +# 检查 .env 文件是否存在 +if [ -f .env ]; then + # 导入 .env 文件中的变量 + source .env + + # 替换 docker-compose.yml 中的网络变量 + sed -i "s/\${DOCKER_NET}/$CLUSTER_NETWORK/" docker-compose.yml + + # 创建并设置权限 + mkdir -p "$ES_ROOT_PATH" + + mkdir -p "$ES_ROOT_PATH/$ES_NODE_NAME/data" + mkdir -p "$ES_ROOT_PATH/$ES_NODE_NAME/logs" + mkdir -p "$ES_ROOT_PATH/$ES_NODE_NAME/config" + mkdir -p "$ES_ROOT_PATH/$ES_NODE_NAME/plugins" + + # 生成 elasticsearch.yml 文件 + elasticsearch_config="cluster.name: \"$CLUSTER_NAME\"\nnetwork.host: 0.0.0.0" + echo -e "$elasticsearch_config" > elasticsearch.yml + cp elasticsearch.yml "$ES_ROOT_PATH/$ES_NODE_NAME/config/elasticsearch.yml" + + chmod -R 777 "$ES_ROOT_PATH" + + echo "Directories and permissions set successfully." + +else + echo "Error: .env file not found." + exit 1 +fi diff --git a/apps/elastic/8.12-cluster/data.yml b/apps/elastic/8.12.0-single/data.yml similarity index 50% rename from apps/elastic/8.12-cluster/data.yml rename to apps/elastic/8.12.0-single/data.yml index 81c8b949..69c7c43d 100644 --- a/apps/elastic/8.12-cluster/data.yml +++ b/apps/elastic/8.12.0-single/data.yml @@ -1,27 +1,20 @@ additionalProperties: formFields: - - default: "docker-cluster" - edit: true - envKey: CLUSTER_NAME - labelEn: cluster name - labelZh: 集群名称 - required: true - type: text - default: "" edit: true envKey: ELASTIC_PASSWORD labelEn: Password for the 'elastic' user, Numbers and letters - labelZh: “elastic”用户的密码 数字与字母组合 + labelZh: elastic 用户的密码 数字与字母组合 required: true type: password - default: "" edit: true envKey: KIBANA_PASSWORD labelEn: Password for the 'kibana_system' user, Numbers and letters - labelZh: “kibana_system”用户的密码 数字与字母组合 + labelZh: kibana_system 用户的密码 数字与字母组合 required: true type: password - - default: "/home/elastic" + - default: "/home/elastic/single" edit: true envKey: ES_ROOT_PATH labelEn: data persistence root path @@ -35,18 +28,18 @@ additionalProperties: labelZh: 根据可用主机内存增加或减少(以字节为单位) required: true type: number - - default: "" + - default: "9200" edit: true envKey: ES_HOST - labelEn: Access host restriction 127.0.0.1 - labelZh: 访问主机限定 127.0.0.1 - required: false + labelEn: Access host restriction 127.0.0.1:9200 + labelZh: 主机限定 127.0.0.1:9200 + required: true type: text - default: 9200 edit: true envKey: PANEL_APP_PORT_HTTPS labelEn: Port to expose Elasticsearch HTTP API to the host - labelZh: 开放API的端口 + labelZh: 开放API的端口 必须与主机限定端口一致 required: true rule: paramPort type: number @@ -58,3 +51,37 @@ additionalProperties: required: true rule: paramPort type: number + - default: 9300 + edit: true + envKey: ES_COMMUNICATION_PORT + labelEn: Port to expose Elasticsearch communication to the host + labelZh: Elasticsearch通讯端口 9300 + required: true + rule: paramPort + type: number + - default: "512m" + edit: true + envKey: ES_JAVA_OPTS_XMS + labelEn: JVM memory allocation pool + labelZh: JVM内存分配池 初始化内存 + required: true + type: text + - default: "512m" + edit: true + envKey: ES_JAVA_OPTS_XMX + labelEn: JVM memory allocation pool + labelZh: JVM内存分配池 运行内存 + required: true + type: text + - default: "true" + edit: true + envKey: ES_XPACK_SECURITY_ENABLED + labelEn: Enable security verification (recommended) + labelZh: 证书安全验证(推荐开启) + required: true + type: select + values: + - label: True + value: "true" + - label: False + value: "false" diff --git a/apps/elastic/8.12.0-single/docker-compose.yml b/apps/elastic/8.12.0-single/docker-compose.yml new file mode 100644 index 00000000..bd54afc4 --- /dev/null +++ b/apps/elastic/8.12.0-single/docker-compose.yml @@ -0,0 +1,145 @@ +version: "2.2" + +networks: + 1panel-network: + external: true + +services: + es-single-01: + container_name: es-single-01 + restart: always + networks: + - 1panel-network + image: docker.elastic.co/elasticsearch/elasticsearch:8.12.0 + volumes: + - ${ES_ROOT_PATH}/certs:/usr/share/elasticsearch/config/certs + - ${ES_ROOT_PATH}/es01/data:/usr/share/elasticsearch/data + - ${ES_ROOT_PATH}/es01/logs:/usr/share/elasticsearch/logs + - ${ES_ROOT_PATH}/es01/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml + - ${ES_ROOT_PATH}/es01/plugins:/usr/share/elasticsearch/plugins + command: > + bash -c ' + if [ x${ELASTIC_PASSWORD} == x ]; then + echo "Set the ELASTIC_PASSWORD environment variable in the .env file"; + exit 1; + elif [ x${KIBANA_PASSWORD} == x ]; then + echo "Set the KIBANA_PASSWORD environment variable in the .env file"; + exit 1; + fi; + if [ ! -f config/certs/ca.zip ]; then + echo "Creating CA"; + bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip; + unzip config/certs/ca.zip -d config/certs; + fi; + if [ ! -f config/certs/certs.zip ]; then + echo "Creating certs"; + echo -ne \ + "instances:\n"\ + " - name: es01\n"\ + " dns:\n"\ + " - es01\n"\ + " - localhost\n"\ + " ip:\n"\ + " - 127.0.0.1\n"\ + > config/certs/instances.yml; + bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key; + unzip config/certs/certs.zip -d config/certs; + fi; + echo "Setting file permissions" + chown -R root:root config/certs; + exec /usr/local/bin/docker-entrypoint.sh elasticsearch + ' + ports: + - ${ES_HOST}:9200 + - ${ES_COMMUNICATION_PORT}:9300 + environment: + - discovery.type=single-node + - node.name=es01 + - ELASTIC_PASSWORD=${ELASTIC_PASSWORD} + - bootstrap.memory_lock=true + - xpack.security.enabled=${ES_XPACK_SECURITY_ENABLED} + - xpack.security.http.ssl.enabled=${ES_XPACK_SECURITY_ENABLED} + - xpack.security.http.ssl.key=certs/es01/es01.key + - xpack.security.http.ssl.certificate=certs/es01/es01.crt + - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt + - xpack.security.transport.ssl.enabled=${ES_XPACK_SECURITY_ENABLED} + - xpack.security.transport.ssl.key=certs/es01/es01.key + - xpack.security.transport.ssl.certificate=certs/es01/es01.crt + - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt + - xpack.security.transport.ssl.verification_mode=certificate + - xpack.license.self_generated.type=basic + - ES_JAVA_OPTS=-Xms${ES_JAVA_OPTS_XMS} -Xmx${ES_JAVA_OPTS_XMX} + mem_limit: ${MEM_LIMIT} + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + healthcheck: + test: + [ + "CMD-SHELL", + "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'", + ] + interval: 10s + timeout: 10s + retries: 120 + logging: + driver: "json-file" + options: + max-size: "10m" + max-file: "3" + + es-single-kibana: + depends_on: + es-single-01: + condition: service_healthy + container_name: kibana-${CONTAINER_NAME} + restart: always + networks: + - 1panel-network + image: docker.elastic.co/kibana/kibana:8.12.0 + volumes: + - ${ES_ROOT_PATH}/certs:/usr/share/kibana/config/certs + - ${ES_ROOT_PATH}/kibana/data:/usr/share/kibana/data + - ${ES_ROOT_PATH}/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml + command: > + bash -c ' + if [ x${ELASTIC_PASSWORD} == x ]; then + echo "Set the ELASTIC_PASSWORD environment variable in the .env file"; + exit 1; + elif [ x${KIBANA_PASSWORD} == x ]; then + echo "Set the KIBANA_PASSWORD environment variable in the .env file"; + exit 1; + fi; + echo "Waiting for Elasticsearch availability"; + echo "Setting kibana_system password"; + until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done; + echo "All done!"; + exec /usr/local/bin/docker-entrypoint.sh kibana + ' + ports: + - ${PANEL_APP_PORT_HTTP}:5601 + environment: + - SERVERNAME=kibana + - ELASTICSEARCH_HOSTS=https://es01:9200 + - ELASTICSEARCH_USERNAME=kibana_system + - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD} + - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt + mem_limit: ${MEM_LIMIT} + healthcheck: + test: + [ + "CMD-SHELL", + "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'", + ] + interval: 10s + timeout: 10s + retries: 120 + logging: + driver: "json-file" + options: + max-size: "10m" + max-file: "3" diff --git a/apps/elastic/8.12.0-single/scripts/elasticsearch.yml b/apps/elastic/8.12.0-single/scripts/elasticsearch.yml new file mode 100644 index 00000000..7b3ac5ed --- /dev/null +++ b/apps/elastic/8.12.0-single/scripts/elasticsearch.yml @@ -0,0 +1,2 @@ +cluster.name: "docker-cluster" +network.host: 0.0.0.0 diff --git a/apps/elastic/8.12.0-single/scripts/init.sh b/apps/elastic/8.12.0-single/scripts/init.sh new file mode 100644 index 00000000..d8a4646d --- /dev/null +++ b/apps/elastic/8.12.0-single/scripts/init.sh @@ -0,0 +1,57 @@ +#!/bin/bash + +# 检查 .env 文件是否存在 +if [ -f .env ]; then + # 导入 .env 文件中的变量 + source .env + + # 替换 docker-compose.yml 中的网络变量 + sed -i "s/\${DOCKER_NET}/$CLUSTER_NETWORK/" docker-compose.yml + + # 创建目录 + mkdir -p "$ES_ROOT_PATH" + + mkdir -p "$ES_ROOT_PATH/certs" + + mkdir -p "$ES_ROOT_PATH/es01/data" + + mkdir -p "$ES_ROOT_PATH/es01/logs" + + mkdir -p "$ES_ROOT_PATH/es01/config" + + mkdir -p "$ES_ROOT_PATH/es01/plugins" + + mkdir -p "$ES_ROOT_PATH/kibana/data" + mkdir -p "$ES_ROOT_PATH/kibana/config" + + # 生成 elasticsearch.yml 文件 + elasticsearch_config="cluster.name: \"$CLUSTER_NAME\"\nnetwork.host: 0.0.0.0" + echo -e "$elasticsearch_config" > elasticsearch.yml + cp elasticsearch.yml "$ES_ROOT_PATH/es01/config/elasticsearch.yml" + + # 生成 kibana.yml 文件 + kibana_config="server.host: \"0.0.0.0\"\nserver.shutdownTimeout: \"5s\"\nelasticsearch.hosts: [ \"http://localhost:$PANEL_APP_PORT_HTTPS\" ]\nmonitoring.ui.container.elasticsearch.enabled: true" + echo -e "$kibana_config" > kibana.yml + cp kibana.yml "$ES_ROOT_PATH/kibana/config/kibana.yml" + + # 清理中间文件 + rm elasticsearch.yml kibana.yml + + # 设置权限 + chmod -R 777 "$ES_ROOT_PATH" + + # 创建网络 + docker network create "$CLUSTER_NETWORK" + # 检查创建是否成功 + if [ $? -eq 0 ]; then + echo "Network $CLUSTER_NETWORK created successfully." + else + echo "Failed to create network $CLUSTER_NETWORK." + fi + + echo "Directories and permissions set successfully." + +else + echo "Error: .env file not found." + exit 1 +fi diff --git a/apps/elastic/8.12.0-single/scripts/kibana.yml b/apps/elastic/8.12.0-single/scripts/kibana.yml new file mode 100644 index 00000000..fd51e7c4 --- /dev/null +++ b/apps/elastic/8.12.0-single/scripts/kibana.yml @@ -0,0 +1,4 @@ +server.host: "0.0.0.0" +server.shutdownTimeout: "5s" +elasticsearch.hosts: [ "http://localhost:9200" ] +monitoring.ui.container.elasticsearch.enabled: true diff --git a/apps/elastic/8.12.0-single/scripts/uninstall.sh b/apps/elastic/8.12.0-single/scripts/uninstall.sh new file mode 100644 index 00000000..04769b43 --- /dev/null +++ b/apps/elastic/8.12.0-single/scripts/uninstall.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +# 检查 .env 文件是否存在 +if [ -f .env ]; then + # 导入 .env 文件中的变量 + source .env + + # 使用 docker network rm 命令删除网络 + docker network rm $CLUSTER_NETWORK + + # 检查删除是否成功 + if [ $? -eq 0 ]; then + echo "Network $CLUSTER_NETWORK deleted successfully." + else + echo "Failed to delete network $CLUSTER_NETWORK." + fi + +else + echo "Error: .env file not found." + exit 1 +fi diff --git a/apps/elastic/README.md b/apps/elastic/README.md index de711341..2c86f6c9 100644 --- a/apps/elastic/README.md +++ b/apps/elastic/README.md @@ -55,26 +55,33 @@ KPI,并使用单一 UI 来管理您的部署。 ## 版本介绍 -### 8.12-cluster +### 集群模式 -默认集群模式,包含三个节点,一个主节点,两个数据节点,一个协调节点,一个Kibana节点 +> 8.12.0-cluster + ++ Elasticsearch 8.12.0 x3 ++ Kibana 8.12.0 + +> 8.12.0-node + +新增节点,需要填写集群信息 + ++ Elasticsearch 8.12.0 + +### 单机模式 + +> 8.12.0-single + Elasticsearch 8.12.0 + Kibana 8.12.0 -+ 集群模式 -### 8.12-node - -单独节点模式,包含一个节点,需要填写集群信息 +> 8.12.0-elasticsearch + Elasticsearch 8.12.0 -+ 集群节点 -### 8.12-single +> 8.12.0-kibana -+ Elasticsearch 8.12.0 + Kibana 8.12.0 -+ 单机模式 ## 安装事项 @@ -88,8 +95,7 @@ vm.max_map_count 内核设置必须至少设置为 262144 才能用于生产。 > ```shell > grep vm.max_map_count /etc/sysctl.conf > ``` - -显示值大于或等于 262144。即可,如果显示的值小于 262144,请执行以下步骤: +> 显示值大于或等于 262144。即可,如果显示的值小于 262144,请执行以下步骤: 临时设置 vm.max_map_count @@ -101,16 +107,45 @@ sudo sysctl -w vm.max_map_count=262144 ```shell sudo vi /etc/sysctl.conf -``` - -文件末尾添加 - -```shell +# 文件末尾添加 vm.max_map_count=262144 -``` - -生效 - -```shell +# 生效 sudo sysctl -p ``` + +### 增加 nofile 和 nproc 的 ulimit 值 最小值 65535 + +> Linux +> +> root 用户 与 普通用户 请注意区别很大 +> +> To view the current value for the ulimit setting, run: +> ```shell +> ulimit -n +> ``` +> 显示值大于或等于 65535。即可,如果显示的值小于 65535,请执行以下步骤: + +临时设置 ulimit + +```shell +ulimit -n 65535 +``` + +永久设置 ulimit + +**涉及服务器重启** + +```shell +sudo vi /etc/security/limits.conf +# 文件末尾添加 +root soft nofile unlimited +root hard nofile unlimited +* soft nofile 65535 +* hard nofile 65535 +# 生效 重启(重启服务器后生效!!!) +sudo reboot +``` + +## 日志配置 + +当前采用 `JSON File logging driver` 记录日志