Close selinux (otherwise there will be permission problems in the mounted directory) save
vim /etc/selinux/config and restart to check status sestatus
1. Download the docker image of elasticsearch, logstash, kibana
2. Modify the /etc/security/limits.conf file, add or modify the configuration
* soft nofile 65536
* hard nofile 65536
sudo vim /etc/security/limits.conf
Log out after logging out to take effect
3. Modify the /etc/sysctl.conf file and add the following content:
vm.max_map_count=655360
sudo vim /etc/sysctl.conf
Execute sudo sysctl -p
4. Create elk/elasticsearch, elk/logstash, elk/kibana folders for mounting configuration files
mkdir elk
cd elk
mkdir elasticsearch logstash kibana
5. Create an elasticsearch container and start it
docker run -it \
--name elasticsearch \
--network host \
-e ES_JAVA_OPTS="-Xms1g -Xmx1g" \
-e "discovery.type=single-node" \
-e LANG=C.UTF-8 \
-e LC_ALL=C.UTF-8 \
elasticsearch:8.3.3
Wait for a while, there will be such a log after the startup is complete, you need to save it first
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✅ Elasticsearch security features have been automatically configured!
✅ Authentication is enabled and cluster connections are encrypted.
ℹ️ Password for the elastic user (reset with `bin/elasticsearch-reset-password -u elastic`):
+4TMJBgOpjdgH+1MJ0nC
ℹ️ HTTP CA certificate SHA-256 fingerprint:
9fefcfcb6fc9e80f4ecb7873b0e4d4f524f597a228265bc2dd15d6936a651da8
ℹ️ Configure Kibana to use this cluster:
• Run Kibana and click the configuration link in the terminal when Kibana starts.
• Copy the following enrollment token and paste it into Kibana in your browser (valid for the next 30 minutes):
eyJ2ZXIiOiI4LjMuMyIsImFkciI6WyIxOTIuMTY4LjE4Mi4xMjg6OTIwMCJdLCJmZ3IiOiI5ZmVmY2ZjYjZmYzllODBmNGVjYjc4NzNiMGU0ZDRmNTI0ZjU5N2EyMjgyNjViYzJkZDE1ZDY5MzZhNjUxZGE4Iiwia2V5IjoiUEp5OTM0WUJWX1drWExuREc2Z1c6OGFJVEhwMzJRZDJfWWl5MVRPcmdpQSJ9
ℹ️ Configure other nodes to join this cluster:
• Copy the following enrollment token and start new Elasticsearch nodes with `bin/elasticsearch --enrollment-token <token>` (valid for the next 30 minutes):
eyJ2ZXIiOiI4LjMuMyIsImFkciI6WyIxOTIuMTY4LjE4Mi4xMjg6OTIwMCJdLCJmZ3IiOiI5ZmVmY2ZjYjZmYzllODBmNGVjYjc4NzNiMGU0ZDRmNTI0ZjU5N2EyMjgyNjViYzJkZDE1ZDY5MzZhNjUxZGE4Iiwia2V5IjoiUHB5OTM0WUJWX1drWExuREc2Z3o6X3BZbmQxLUhTMmVPMldDMVFET21tQSJ9
If you're running in Docker, copy the enrollment token and run:
`docker run -e "ENROLLMENT_TOKEN=<token>" docker.elastic.co/elasticsearch/elasticsearch:8.3.3`
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
6. Open another window to log in to the server
and execute
docker cp elasticsearch:/usr/share/elasticsearch/config ~/elk/elasticsearch/
docker cp elasticsearch:/usr/share/elasticsearch/data ~/elk/elasticsearch/
docker cp elasticsearch:/usr/share/elasticsearch/plugins ~/elk/elasticsearch/
docker cp elasticsearch:/usr/share/elasticsearch/logs ~/elk/elasticsearch/
7. Set permissions for the mount directory so that the permissions inside and outside the container are consistent, and the elasticsearch internal user gid: 1000, uid: 1000
stops the elasticsearch container;
chown -R 1000:1000 ~/elk/elasticsearch
8. Create an elasticsearch running script
mkdir ~/elk/elasticsearch/shell/
vim ~/elk/elasticsearch/shell/elasticsearch.sh
The setup script is as follows:
#!/bin/sh
docker run -it \
-d \
--name elasticsearch \
--network host \
-e ES_JAVA_OPTS="-Xms1g -Xmx1g" \
-e "discovery.type=single-node" \
-e LANG=C.UTF-8 \
-e LC_ALL=C.UTF-8 \
-v /home/mfw/elk/elasticsearch/config:/usr/share/elasticsearch/config \
-v /home/mfw/elk/elasticsearch/data:/usr/share/elasticsearch/data \
-v /home/mfw/elk/elasticsearch/plugins:/usr/share/elasticsearch/plugins \
-v /home/mfw/elk/elasticsearch/logs:/usr/share/elasticsearch/logs \
elasticsearch:8.3.3
9. Elasticsearch running script grants execution permission
chmod +x ~/elk/elasticsearch/shell/elasticsearch.sh
10. Modify elasticsearch configuration
vim ~/elk/elasticsearch/config/elasticsearch.yml
Add two lines of configuration
ingest.geoip.downloader.enabled: false #内网环境配置,防止es报错
xpack.monitoring.collection.enabled: true
11. Delete the previously created elasticsearch container and run the startup script
docker rm -f elasticsearch
~/elk/elasticsearch/shell/elasticsearch.sh
12. Browser access verification
To access https://elasticsearch's server ip:9200/,
you must use https;
enter the user name and password (the default user name is elastic, and the password is in step 5: +4TMJBgOpjdgH+1MJ0nC)
ℹ️ Password for the elastic user (reset with `bin/elasticsearch-reset-password -u elastic`):
+4TMJBgOpjdgH+1MJ0nC
If you see the following information, it means that elasticsearch started successfully