安装

"" src="/UploadFiles/2021-04-10/2021012515495644.jpg">

"htmlcode">

version: "3"
services:
 es-master:
  container_name: es-master
  hostname: es-master
  image: elasticsearch:7.5.1
  restart: always
  ports:
   - 9200:9200
   - 9300:9300
  volumes:
   - ./elasticsearch/master/conf/es-master.yml:/usr/share/elasticsearch/config/elasticsearch.yml
   - ./elasticsearch/master/data:/usr/share/elasticsearch/data
   - ./elasticsearch/master/logs:/usr/share/elasticsearch/logs
  environment:
   - "ES_JAVA_OPTS=-Xms512m -Xmx512m"

 es-slave1:
  container_name: es-slave1
  image: elasticsearch:7.5.1
  restart: always
  ports:
   - 9201:9200
   - 9301:9300
  volumes:
   - ./elasticsearch/slave1/conf/es-slave1.yml:/usr/share/elasticsearch/config/elasticsearch.yml
   - ./elasticsearch/slave1/data:/usr/share/elasticsearch/data
   - ./elasticsearch/slave1/logs:/usr/share/elasticsearch/logs
  environment:
   - "ES_JAVA_OPTS=-Xms512m -Xmx512m"

 es-slave2:
  container_name: es-slave2
  image: elasticsearch:7.5.1
  restart: always
  ports:
   - 9202:9200
   - 9302:9300
  volumes:
   - ./elasticsearch/slave2/conf/es-slave2.yml:/usr/share/elasticsearch/config/elasticsearch.yml
   - ./elasticsearch/slave2/data:/usr/share/elasticsearch/data
   - ./elasticsearch/slave2/logs:/usr/share/elasticsearch/logs
  environment:
   - "ES_JAVA_OPTS=-Xms512m -Xmx512m"

 kibana:
  container_name: kibana
  hostname: kibana
  image: kibana:7.5.1
  restart: always
  ports:
   - 5601:5601
  volumes:
   - ./kibana/conf/kibana.yml:/usr/share/kibana/config/kibana.yml
  environment:
   - elasticsearch.hosts=http://es-master:9200
  depends_on:
   - es-master
   - es-slave1
   - es-slave2

 # filebeat:
 #  # 容器名称
 #  container_name: filebeat
 #  # 主机名称
 #  hostname: filebeat
 #  # 镜像
 #  image: docker.elastic.co/beats/filebeat:7.5.1
 #  # 重启机制
 #  restart: always
 #  # 持久化挂载
 #  volumes:
 #   - ./filebeat/conf/filebeat.yml:/usr/share/filebeat/filebeat.yml
 #   # 映射到容器中[作为数据源]
 #   - ./logs:/home/project/spring-boot-elasticsearch/logs
 #   - ./filebeat/logs:/usr/share/filebeat/logs
 #   - ./filebeat/data:/usr/share/filebeat/data
 #  # 将指定容器连接到当前连接,可以设置别名,避免ip方式导致的容器重启动态改变的无法连接情况
 #  links:
 #   - logstash
 #  # 依赖服务[可无]
 #  depends_on:
 #   - es-master
 #   - es-slave1
 #   - es-slave2

 logstash:
  container_name: logstash
  hostname: logstash
  image: logstash:7.5.1
  command: logstash -f ./conf/logstash-filebeat.conf
  restart: always
  volumes:
   # 映射到容器中
   - ./logstash/conf/logstash-filebeat.conf:/usr/share/logstash/conf/logstash-filebeat.conf
   - ./logstash/ssl:/usr/share/logstash/ssl
  environment:
   - elasticsearch.hosts=http://es-master:9200
   # 解决logstash监控连接报错
   - xpack.monitoring.elasticsearch.hosts=http://es-master:9200
  ports:
   - 5044:5044
  depends_on:
   - es-master
   - es-slave1
   - es-slave2

"htmlcode">

# 集群名称
cluster.name: es-cluster
# 节点名称
node.name: es-master
# 是否可以成为master节点
node.master: true
# 是否允许该节点存储数据,默认开启
node.data: false
# 网络绑定
network.host: 0.0.0.0
# 设置对外服务的http端口
http.port: 9200
# 设置节点间交互的tcp端口
transport.port: 9300
# 集群发现
discovery.seed_hosts:
 - es-master
 - es-slave1
 - es-slave2
# 手动指定可以成为 mater 的所有节点的 name 或者 ip,这些配置将会在第一次选举中进行计算
cluster.initial_master_nodes:
 - es-master
# 支持跨域访问
http.cors.enabled: true
http.cors.allow-origin: "*"
# 安全认证
xpack.security.enabled: false
#http.cors.allow-headers: "Authorization"

es-slave1.yml

# 集群名称
cluster.name: es-cluster
# 节点名称
node.name: es-slave1
# 是否可以成为master节点
node.master: true
# 是否允许该节点存储数据,默认开启
node.data: true
# 网络绑定
network.host: 0.0.0.0
# 设置对外服务的http端口
http.port: 9201
# 设置节点间交互的tcp端口
#transport.port: 9301
# 集群发现
discovery.seed_hosts:
 - es-master
 - es-slave1
 - es-slave2
# 手动指定可以成为 mater 的所有节点的 name 或者 ip,这些配置将会在第一次选举中进行计算
cluster.initial_master_nodes:
 - es-master
# 支持跨域访问
http.cors.enabled: true
http.cors.allow-origin: "*"
# 安全认证
xpack.security.enabled: false
#http.cors.allow-headers: "Authorization"

es-slave2.yml

# 集群名称
cluster.name: es-cluster
# 节点名称
node.name: es-slave2
# 是否可以成为master节点
node.master: true
# 是否允许该节点存储数据,默认开启
node.data: true
# 网络绑定
network.host: 0.0.0.0
# 设置对外服务的http端口
http.port: 9202
# 设置节点间交互的tcp端口
#transport.port: 9302
# 集群发现
discovery.seed_hosts:
 - es-master
 - es-slave1
 - es-slave2
# 手动指定可以成为 mater 的所有节点的 name 或者 ip,这些配置将会在第一次选举中进行计算
cluster.initial_master_nodes:
 - es-master
# 支持跨域访问
http.cors.enabled: true
http.cors.allow-origin: "*"
# 安全认证
xpack.security.enabled: false
#http.cors.allow-headers: "Authorization"

logstash-filebeat.conf

input {
  # 来源beats
  beats {
    # 端口
    port => "5044"
    ssl_certificate_authorities => ["/usr/share/logstash/ssl/ca.crt"]
    ssl_certificate => "/usr/share/logstash/ssl/server.crt"
    ssl_key => "/usr/share/logstash/ssl/server.key"
    ssl_verify_mode => "force_peer"
  }
}
# 分析、过滤插件,可以多个
filter {
  grok {
    match => { "message" => "%{COMBINEDAPACHELOG}"}
  }
  geoip {
    source => "clientip"
  }
}
output {
  # 选择elasticsearch
  elasticsearch {
    hosts => ["http://es-master:9200"]
    index => "%{[fields][service]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
  }
}

filebeat.yml

filebeat.inputs:
 - type: log
  enabled: true
  paths:
   # 当前目录下的所有.log文件
   - /root/tmp/logs/*.log
  fields:
   service: "our31-java"
  multiline.pattern: ^\[
  multiline.negate: true
  multiline.match: after
 - type: log
  enabled: true
  paths:
   # 当前目录下的所有.log文件
   - /root/tmp/log/*.log
  fields:
   service: "our31-nginx"

filebeat.config.modules:
 path: ${path.config}/modules.d/*.yml
 reload.enabled: false

# setup.template.settings:
#  index.number_of_shards: 1

# setup.dashboards.enabled: false

# setup.kibana:
#  host: "http://localhost:5601"

# 不直接传输至ES
#output.elasticsearch:
# hosts: ["http://es-master:9200"]
# index: "filebeat-%{[beat.version]}-%{+yyyy.MM.dd}"

setup.ilm.enabled: false

output.logstash:
 hosts: ["logstash.server.com:5044"]
 
 # Optional SSL. By default is off.
 # List of root certificates for HTTPS server verifications
 ssl.certificate_authorities: "./ssl/ca.crt"
 # Certificate for SSL client authentication
 ssl.certificate: "./ssl/client.crt"
 # Client Certificate Key
 ssl.key: "./ssl/client.key"

# processors:
#  - add_host_metadata: ~
#  - add_cloud_metadata: ~

注意

生成证书,配置 SSL,让 Filebeat 与 Logstash 之间建立 SSL。

#生成ca私钥
openssl genrsa 2048 > ca.key
 
#使用ca私钥建立ca证书
openssl req -new -x509 -nodes -key ca.key -subj /CN=elkCA\ CA/OU=Development\ group/O=HomeIT\ SIA/DC=elk/DC=com > ca.crt
 
#生成服务器csr证书请求文件
openssl req -newkey rsa:2048 -nodes -keyout server.key -subj /CN=logstash.server.com/OU=Development\ group/O=Home\ SIA/DC=elk/DC=com > server.csr
 
#使用ca证书与私钥签发服务器证书
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 > server.crt
 
#生成客户端csr证书请求文件
openssl req -newkey rsa:2048 -nodes -keyout client.key -subj /CN=filebeat.client.com/OU=Development\ group/O=Home\ SIA/DC=elk/DC=com > client.csr
 
#使用ca证书与私钥签发客户端证书
openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 > client.crt

"text-align: center">Docker Compose一键ELK部署的方法实现

"text-align: center">Docker Compose一键ELK部署的方法实现

详细介绍看官方文档,metadata,动态索引生成。

"htmlcode">

$ yum -y install httpd-tools

"text-align: center">Docker Compose一键ELK部署的方法实现

"text-align: center">Docker Compose一键ELK部署的方法实现

"htmlcode">

server {
  ......
  
  auth_basic "Kibana Auth";
  auth_basic_user_file /usr/local/nginx/pwd/kibana/passwd;
  
  ......
}

单独启动 Filebeat 的方式

$ nohup ./filebeat 2>&1 &

启动 Docker Compose

"htmlcode">

$ docker-compose up --build -d
标签:
Docker,Compose,ELK部署,Docker,Compose,ELK

免责声明:本站文章均来自网站采集或用户投稿,网站不提供任何软件下载或自行开发的软件! 如有用户或公司发现本站内容信息存在侵权行为,请邮件告知! 858582#qq.com
评论“Docker Compose一键ELK部署的方法实现”
暂无“Docker Compose一键ELK部署的方法实现”评论...