I am new to Docker and its use with the Elastic stack.
I am looking to setup a hot/warm cluster for log collection/analysis with about 15 nodes. For compliance reasons virtualization is out and the time cost to administer these nodes is significant. Therefore, I am looking to reduce the node count, if possible, using Docker to run multiple copies of Elasticsearch on a node. Two ideas I have are:
-
Double up on the warm nodes: 1 data plus 1 master instances. In this case it might make sense to have 5 masters instead of 3. To me it solves the problem with JVM garbage collection on a data node interfering with also being a master node.
-
Double up on the warm nodes: 2 data instances. Each has it's JVM cache but share the system file cache.
Would either be workable or do I need to stay with physical nodes for each server?
Marty