Docker

【ELK】用docker swarm部署ELK日志系统

2019-06-15  本文已影响61人  Bogon

一、实验环境

操作系统: CentOS7.5 Mininal

配置: 4核8G

IP: 192.68.1.106

二、安装docker

# setenforce 0

# sed  -i  's/^SELINUX=.*/SELINUX=permissive/g'  /etc/selinux/config

# systemctl stop firewalld.service

# systemctl disable firewalld.service

#  sysctl -w vm.max_map_count=262144 

# echo "vm.max_map_count=262144" >> /etc/sysctl.conf

# sysctl -p

 # yum -y install  yum-utils device-mapper-persistent-data lvm2

# yum-config-manager   --add-repo    https://download.docker.com/linux/centos/docker-ce.repo

# yum list docker-ce  --showduplicates| sort  -r 

#  yum -y install docker-ce-18.06.0.ce  

# systemctl  start docker 

# systemctl  status docker 

# systemctl  enable  docker 

# docker version 


三、初始化docker swarm

# docker swarm  init   --listen-addr  192.168.1.106:2377   --advertise-addr  192.168.1.106:2377

# docker node ls

# docker swarm init --help


四、拉取ELK镜像

设置镜像加速

#  curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io 

# systemctl restart docker  

# docker pull elasticsearch:5.6.5  

# docker pull logstash:5.6.5 

# docker pull kibana:5.6.5

# docker images

四、创建服务目录,编写服务编排文件

# mkdir   -p  /opt/elk/elasticsearch/data  

# mkdir  -p  /opt/elk/logstash  

#  vim  /opt/elk/logstash/logstash.conf 

##################################

input {

  gelf {

  }

}

output {

  elasticsearch {

    hosts => "elasticsearch:9200"

  }

}

#####################################

# chown 999:999   /opt/elk/logstash/logstash.conf   

# vim  /opt/elk/elk.yml

##################################################

version: "3"

services:

  elasticsearch:

    image: elasticsearch:5.6.5

    deploy:

      replicas: 1

      resources:

        limits:

          cpus: '2'

          memory: 2G

      restart_policy:

        condition: on-failure

        delay: 5s

        max_attempts: 3

    environment:

      ES_JAVA_OPTS: "-Xms2g -Xmx2g"

    volumes:

      - /opt/elk/elasticsearch/data:/usr/share/elasticsearch/data

    ports:

      - "9200:9200"

      - "9300:9300"

  logstash:

    image: logstash:5.6.5

    deploy:

      replicas: 1

      resources:

        limits:

          cpus: '1'

          memory: 1G

      restart_policy:

        condition: on-failure

        delay: 5s

        max_attempts: 3

    command: ["logstash","-f","/etc/logstash.conf"]

    volumes:

      - /opt/elk/logstash/logstash.conf:/etc/logstash.conf

    ports:

        - "12201:12201/udp"

  kibana:

    image: kibana:5.6.5

    deploy:

      replicas: 1

      resources:

        limits:

          cpus: '2'

          memory: 1G

      restart_policy:

        condition: on-failure

        delay: 5s

        max_attempts: 3

    environment:

      ELASTICSEARCH_URL: "http://elasticsearch:9200"

    ports:

      - "5601:5601"

##NETWORK###

networks:

  default:

      driver: overlay

#####################################################


五、部署服务

# docker stack deploy elk -c /opt/elk/elk.yml --with-registry-auth

# docker stack ls  

# docker service ls  

浏览器访问: http://192.168.1.106:5601


七、参考

Docker入门教程

https://github.com/jaywcjlove/docker-tutorial

配置 Docker 镜像站

https://www.daocloud.io/mirror

What’s the Docker Swarm “–advertise-addr”?

https://boxboat.com/2016/08/17/whats-docker-swarm-advertise-addr

Install Elasticsearch with Docker

https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html

docker swarm集群日志管理ELK实战

https://blog.csdn.net/dkfajsldfsdfsd/article/details/79987753

swarm-elk, 使用v3编写文件的示例 ELK

https://www.helplib.com/GitHub/article_151240

ELK Stack in Swarm Mode

https://github.com/ahromis/swarm-elk

Elasticsearch Reference

https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html

GrokDebug

http://grokdebug.herokuapp.com

Logstash 最佳实践

http://udn.yyuap.com/doc/logstash-best-practice-cn/filter/grok.html 

Logstash 正则匹配 

https://github.com/logstash-plugins/logstash-patterns-core/blob/master/patterns/grok-patterns 

上一篇 下一篇

猜你喜欢

热点阅读