【ELK】用docker swarm部署ELK日志系统
一、实验环境
操作系统: CentOS7.5 Mininal
配置: 4核8G
IP: 192.68.1.106
二、安装docker
# setenforce 0
# sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config
# systemctl stop firewalld.service
# systemctl disable firewalld.service
# sysctl -w vm.max_map_count=262144
# echo "vm.max_map_count=262144" >> /etc/sysctl.conf
# sysctl -p
# yum -y install yum-utils device-mapper-persistent-data lvm2
# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# yum list docker-ce --showduplicates| sort -r
# yum -y install docker-ce-18.06.0.ce
# systemctl start docker
# systemctl status docker
# systemctl enable docker
# docker version
三、初始化docker swarm
# docker swarm init --listen-addr 192.168.1.106:2377 --advertise-addr 192.168.1.106:2377
# docker node ls
# docker swarm init --help
四、拉取ELK镜像
设置镜像加速
# curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io
# systemctl restart docker
# docker pull elasticsearch:5.6.5
# docker pull logstash:5.6.5
# docker pull kibana:5.6.5
# docker images
四、创建服务目录,编写服务编排文件
# mkdir -p /opt/elk/elasticsearch/data
# mkdir -p /opt/elk/logstash
# vim /opt/elk/logstash/logstash.conf
##################################
input {
gelf {
}
}
output {
elasticsearch {
hosts => "elasticsearch:9200"
}
}
#####################################
# chown 999:999 /opt/elk/logstash/logstash.conf
# vim /opt/elk/elk.yml
##################################################
version: "3"
services:
elasticsearch:
image: elasticsearch:5.6.5
deploy:
replicas: 1
resources:
limits:
cpus: '2'
memory: 2G
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
environment:
ES_JAVA_OPTS: "-Xms2g -Xmx2g"
volumes:
- /opt/elk/elasticsearch/data:/usr/share/elasticsearch/data
ports:
- "9200:9200"
- "9300:9300"
logstash:
image: logstash:5.6.5
deploy:
replicas: 1
resources:
limits:
cpus: '1'
memory: 1G
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
command: ["logstash","-f","/etc/logstash.conf"]
volumes:
- /opt/elk/logstash/logstash.conf:/etc/logstash.conf
ports:
- "12201:12201/udp"
kibana:
image: kibana:5.6.5
deploy:
replicas: 1
resources:
limits:
cpus: '2'
memory: 1G
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
environment:
ELASTICSEARCH_URL: "http://elasticsearch:9200"
ports:
- "5601:5601"
##NETWORK###
networks:
default:
driver: overlay
#####################################################
五、部署服务
# docker stack deploy elk -c /opt/elk/elk.yml --with-registry-auth
# docker stack ls
# docker service ls
浏览器访问: http://192.168.1.106:5601
七、参考
Docker入门教程
https://github.com/jaywcjlove/docker-tutorial
配置 Docker 镜像站
https://www.daocloud.io/mirror
What’s the Docker Swarm “–advertise-addr”?
https://boxboat.com/2016/08/17/whats-docker-swarm-advertise-addr
Install Elasticsearch with Docker
https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html
docker swarm集群日志管理ELK实战
https://blog.csdn.net/dkfajsldfsdfsd/article/details/79987753
swarm-elk, 使用v3编写文件的示例 ELK
https://www.helplib.com/GitHub/article_151240
ELK Stack in Swarm Mode
https://github.com/ahromis/swarm-elk
Elasticsearch Reference
https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html
GrokDebug
http://grokdebug.herokuapp.com
Logstash 最佳实践
http://udn.yyuap.com/doc/logstash-best-practice-cn/filter/grok.html
Logstash 正则匹配
https://github.com/logstash-plugins/logstash-patterns-core/blob/master/patterns/grok-patterns