[docker-compose]ELK单机版日志安装带有x-pa
2020-11-05 本文已影响0人
范er_er
1.docker安装步骤
-
卸载旧版本
sudo yum remove docker \ docker-client \ docker-client-latest \ docker-common \ docker-latest \ docker-latest-logrotate \ docker-logrotate \ docker-engine
-
安装 Docker Engine-Community
-
设置仓库后-选择以下任意一个源配置
sudo yum install -y yum-utils \ device-mapper-persistent-data \ lvm2
-
- 阿里云源地址(**推荐**)
```
sudo yum-config-manager \
--add-repo \
http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
```
- 清华大学源(**推荐**)
```
sudo yum-config-manager \
--add-repo \
https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/docker-ce.repo
```
-
安装 Docker Engine-Community
sudo yum install docker-ce docker-ce-cli containerd.io -
启动
sudo systemctl start docker
2.Compose 安装
-
下载 Docker Compose 的当前稳定版本
sudo curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
-
将可执行权限应用于二进制文件
sudo chmod +x /usr/local/bin/docker-compose
-
创建软链
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
-
测试是否安装成功
docker-compose --version
3.ELK安装
-
此处安装为6.8版本
[可安装更高版本7.6.2]
version: '3'
services:
elasticsearch:
image: elasticsearch:6.8.0
container_name: elasticsearch
environment:
- "cluster.name=elasticsearch" #设置集群名称为elasticsearch
- "discovery.type=single-node" #以单一节点模式启动
- "ES_JAVA_OPTS=-Xms512m -Xmx512m" #设置使用jvm内存大小
- TZ=Asia/Shanghai
volumes:
- /mydata/elasticsearch/plugins:/usr/share/elasticsearch/plugins #插件文件挂载
- /mydata/elasticsearch/data:/usr/share/elasticsearch/data #数据文件挂载
ports:
- 9200:9200
- 9300:9300
networks:
- elk
kibana:
image: kibana:6.8.0
container_name: kibana
links:
- elasticsearch:es #可以用es这个域名访问elasticsearch服务
depends_on:
- elasticsearch #kibana在elasticsearch启动之后再启动
environment:
- "elasticsearch.hosts=http://es:9200" #设置访问elasticsearch的地址
- TZ=Asia/Shanghai
ports:
- 5601:5601
networks:
- elk
logstash:
image: logstash:6.8.0
container_name: logstash
environment:
- TZ=Asia/Shanghai
volumes:
- /mydata/logstash/logstash.conf:/usr/share/logstash/pipeline/logstash.conf #挂载logstash的配置文件
depends_on:
- elasticsearch #kibana在elasticsearch启动之后再启动
links:
- elasticsearch:es #可以用es这个域名访问elasticsearch服务
ports:
- 4560:4560
- 4561:4561
- 4562:4562
- 4563:4563
networks:
- elk
networks: #设置同一网段
elk:
driver: bridge
-
防火墙依次开放以下
port9200|9300|5601|4560|4561|4562|4563
-
查看防火墙状态,是否是running
firewall-cmd --state #如果返回 not running 请忽略端口添加 -
永久添加端口(
阿里云再次去安全组添加)firewall-cmd --add-port=9200/tcp --permanent firewall-cmd --add-port=9300/tcp --permanent firewall-cmd --add-port=5601/tcp --permanent firewall-cmd --add-port=4560/tcp --permanent firewall-cmd --add-port=4561/tcp --permanent firewall-cmd --add-port=4562/tcp --permanent firewall-cmd --add-port=4563/tcp --permanent -
重新载入配置
firewall-cmd --reload
-
-
安装要点
-
1.使用docker-compose命令运行所有服务
docker-compose up -d -
2.第一次启动可能会发现Elasticsearch无法启动,那是因为
/usr/share/elasticsearch/data目录没有访问权限,只需要修改/mydata/elasticsearch/data目录的权限,再重新启动;chmod 777 /mydata/elasticsearch/data/ -
3.调整
/mydata/logstash/logstash.conf文件,它以目录的形式出现rm -rf /mydata/logstash/logstash.conf touch /mydata/logstash/logstash.conf -
4.使用docker-compose再次启动失败服务
docker-compose up -d -
5.此处获取
elasticsearch容器的ip[此处将获取ip放到 kibana.yml与logstash.conf 文件中]docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' elasticsearch -
6.在
logstash中安装json_lines插件-
6.1.进入logstash容器
docker exec -it logstash /bin/bash -
6.2.进入bin目录
cd bin/ -
6.3.安装插件
logstash-plugin install logstash-codec-json_lines -
6.4.退出容器
exit; -
6.5编辑配置文件
vi /mydata/logstash/logstash.conf- input:使用不同端口收集不同类型的日志,从4560~4563开启四个端口;
- filter:对于记录类型的日志,直接将JSON格式的message转化到source中去,便于搜索查看;
- output:按类型、时间自定义索引格式。
input { tcp { mode => "server" host => "0.0.0.0" port => 4560 codec => json_lines type => "debug" } tcp { mode => "server" host => "0.0.0.0" port => 4561 codec => json_lines type => "error" } tcp { mode => "server" host => "0.0.0.0" port => 4562 codec => json_lines type => "business" } tcp { mode => "server" host => "0.0.0.0" port => 4563 codec => json_lines type => "record" } } filter{ if [type] == "record" { mutate { remove_field => "port" remove_field => "host" remove_field => "@version" } json { source => "message" remove_field => ["message"] } } } output { elasticsearch { hosts => ["ip:9200"] #ip在上面获取`elasticsearch`容器的ip action => "index" codec => json index => "shuaguang-yzy-%{type}-%{+YYYY.MM.dd}" template_name => "shuaguang-yzy" user => "elastic" password => "123456" } } -
6.6.springBoot配置
在SpringBoot中的配置可以直接用来覆盖Logback中的配置,比如logging.level.root就可以覆盖<root>节点中的level配置。
-
环境配置:application.yml
logstash: host: 10.11.15.1 logging: level: root: info
-
-
-
**7.在
kibana进容器配置kibana.yml****-
7.1.进入logstash容器
docker exec -it kibana /bin/bash -
7.2.进入bin目录
cd config/-
7.3.编辑 kibana.yml
server.name: kibana server.host: "0" #此处获取elasticsearch容器的ip放到此处 elasticsearch.hosts: [ "http://ip:9200" ] xpack.monitoring.ui.container.elasticsearch.enabled: true # 汉化 i18n.locale: "zh-CN" # es中kibana的用户名 elasticsearch.username: "kibana" # es中kibana的密码 elasticsearch.password: "123456" -
7.4.退出
exit;
-
-
8.在
elasticsearch进入容器配置x-pack-
8.1.第一次进入elasticsearch容器
docker exec -it elasticsearch /bin/bash -
8.2.进入config目录
cd config/ -
8.3.编辑
elasticsearch.ymlcluster.name: "docker-cluster" network.host: 0.0.0.0 http.cors.enabled: true http.cors.allow-origin: "*" http.cors.allow-headers: Authorization xpack.security.enabled: true xpack.security.transport.ssl.enabled: true -
8.4.退出
exit; -
8.5.重启elk
docker-compose stop docker-compose up -d -
8.6.第二次进入elasticsearch容器
docker exec -it elasticsearch /bin/bash -
8.7.设置x-pack密码
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive -
8.8.设置密码统一都为
123456期间设置了好几个账号,我们先来了解下这些账号都有啥作用吧;
elastic:超级管理员账号
kibana:Kibana访问专用账号
logstash_system:Logstash访问专用账号
beats_system:FileBeat访问专用账号
apm_system:APM系统专用账号
remote_monitoring_user:远程监控账号 -
8.9.退出
exit; -
8.10.重启elk
docker-compose stop docker-compose up -d -
8.11.访问服务器地址
http://10.11.15.1:5601 超管账号:elastic 超管密码:123456 -
8.12.SpringBoot配置应用的配置文件
application.yml,配置好账号密码即可正常访问了spring: elasticsearch: rest: uris: http://10.11.15.1:9200 username: elastic password: 123456
-
