Generate the docker-compose.yaml files so that:
- Create an Elasticsearch cluster with dockers
- Assume each node will stay in a different node
- Use Open Distro for Elasticsearch as the base docker image.
- Update the
NODE_NAMES,NODE_IPS, andNODE_HOSTS, ensure each index represents one node - Run
sh generate_cluster.sh - The results will be in the
outdirectory
This script doesn't support tls yet. We can use the following scripts to generate ssl certificates.
- https://opendistro.github.io/for-elasticsearch-docs/docs/security-configuration/generate-certificates/ Reference url for setup the ssl
- https://opendistro.github.io/for-elasticsearch-docs/docs/security-configuration/tls/
To replace the demo certificate, it's about configuring the following in the docker-compose.yaml file.
We would need 5 certificate related:
- A root CA cert (key is not needed)
- A pair of cert and key for the node (each node should be different)
- A pair of cert and key for admin (the same for all the nodes)
volumes:
- ./root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem
- ./node.pem:/usr/share/elasticsearch/config/node.pem
- ./node-key.pem:/usr/share/elasticsearch/config/node-key.pem
- ./admin.pem:/usr/share/elasticsearch/config/admin.pem
- ./admin-key.pem:/usr/share/elasticsearch/config/admin-key.pemSee more there: https://opendistro.github.io/for-elasticsearch-docs/docs/install/docker-security/