docker部署elk-EW帮帮网

docker部署elk

es1镜像

两个容器 171.111.0.11

172.111.0.12

npm可以不装

l logstash

k 也有

docker安装es1
[root@docker2 es1]# ls
Dockerfile  elasticsearch-6.7.2.rpm  elasticsearch.yml  node-v8.2.1.tar.gz  phantomjs-2.1.1-linux-x86_64.tar.bz2

[root@docker2 es1]# vim Dockerfile 
FROM centos:7
RUN rm -rf /etc/yum.repos.d/*
ADD http://mirrors.aliyun.com/repo/Centos-7.repo /etc/yum.repos.d/Centos-7.repo
RUN yum clean all && yum makecache
RUN yum -y install epel-release
RUN yum -y install gcc gcc-c++ make
RUN yum -y install java
RUN yum clean all
COPY elasticsearch-6.7.2.rpm /opt
RUN rpm -ivh /opt/elasticsearch-6.7.2.rpm
COPY elasticsearch.yml /etc/elasticsearch/elasticsearch.yml
EXPOSE 9200
CMD ["/usr/share/elasticsearch/bin/elasticsearch"]

WORKDIR /opt/
ADD node-v8.2.1.tar.gz /opt/
RUN cd node-v8.2.1 \
    && ./configure \
    && make -j 2 \
    && make install

ADD phantomjs-2.1.1-linux-x86_64.tar.bz2 /opt/es1
RUN ln -s /opt/es1/phantomjs-2.1.1-linux-x86_64/bin/phantomjs /usr/local/bin/phantomjs

RUN chown -R elasticsearch:elasticsearch /usr/share/elasticsearch \
    && chown -R elasticsearch:elasticsearch /etc/elasticsearch
USER elasticsearch

[root@docker2 es1]# vim elasticsearch.yml 
cluster.name: elk-cluster
node.name: node1
node.master: true
node.data: true
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
http.port: 9200
transport.tcp.port: 9300
discovery.zen.ping.unicast.hosts: ["172.111.0.11","172.111.0.12"]

[root@docker2 es1]# docker build -t es1:elk .

[root@docker2 es1]# docker run -itd --name es1 -p 9200:9200 --net mynetwork --ip 172.111.0.11 es1:elk
58ed4d572bece8ae75ec9be63d5f1335ee9b3e7c0ccfd40ba23909faf4223402
[root@docker2 es1]# docker ps
CONTAINER ID   IMAGE     COMMAND                   CREATED         STATUS         PORTS                                       NAMES
58ed4d572bec   es1:elk   "/usr/share/elastics…"   3 seconds ago   Up 3 seconds   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp   es1

es2镜像

docker创建es2
[root@docker2 es2]# vim elasticsearch.yml 
cluster.name: elk-cluster
node.name: node2
node.master: false
node.data: true
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
http.port: 9200
transport.tcp.port: 9300
discovery.zen.ping.unicast.hosts: ["172.111.0.11","172.111.0.12"]

[root@docker2 es2]# vim Dockerfile 
FROM centos:7
RUN rm -rf /etc/yum.repos.d/*
ADD http://mirrors.aliyun.com/repo/Centos-7.repo /etc/yum.repos.d/Centos-7.repo
RUN yum clean all && yum makecache
RUN yum -y install epel-release
RUN yum -y install gcc gcc-c++ make
RUN yum -y install java
RUN yum clean all
COPY elasticsearch-6.7.2.rpm /opt
RUN rpm -ivh /opt/elasticsearch-6.7.2.rpm
COPY elasticsearch.yml /etc/elasticsearch/elasticsearch.yml
EXPOSE 9200
CMD ["/usr/share/elasticsearch/bin/elasticsearch"]

WORKDIR /opt/
ADD node-v8.2.1.tar.gz /opt/
RUN cd node-v8.2.1 \
    && ./configure \
    && make -j 2 \
    && make install

ADD phantomjs-2.1.1-linux-x86_64.tar.bz2 /opt/es1
RUN ln -s /opt/es1/phantomjs-2.1.1-linux-x86_64/bin/phantomjs /usr/local/bin/phantomjs

RUN chown -R elasticsearch:elasticsearch /usr/share/elasticsearch \
    && chown -R elasticsearch:elasticsearch /etc/elasticsearch
USER elasticsearch

[root@docker2 es2]# docker build -t es2:elk .
[root@docker2 es1]# docker run -itd --name es2 -p 9201:9200 --net mynetwork --ip 172.111.0.12 es2:elk

logstash镜像

拉取logstash和kibana的v6.7.2版本镜像

docker pull logstash:6.7.2
docker pull kibana:6.7.2

logstash镜像编排

cd /opt/logstash
vim logstash.yml
# 编写yml文件
http.host: "0.0.0.0"
xpack.monitoring.elasticsearch.url: [ "http://es1:9200","http://es2:9201" ]

vim logstash.conf
# 编写 conf 文件，定义输入输出，指定输入之一为宿主机Apache的日志文件
input {
  tcp {
    mode => "server"
    host => "0.0.0.0"
    port => 5044
    codec => "json"
  }
  file {
    path => "/opt/logs/*_log"
    start_position => "beginning"
  }
}
output {
  elasticsearch {
    hosts => [ "http://es1:9200","http://es2:9201" ]
    index => "elk-%{+YYYY.MM.dd}"
  }
}

为了方便，把logstash镜像的权限设置为root，否则宿主机共享过去的Apache日志文件logstash都无权限访问

vim Dockerfile

FROM logstash:6.7.2
USER root
COPY logstash.yml ./config/logstash.yml
COPY logstash.conf ./pipeline/logstash.conf

docker build -t logstash:elk . 
docker run -itd --name logstash -v /etc/httpd/logs/:/opt/logs/ --net mynetwork1 --ip 172.111.0.30 -p 5044:5044 -p 9600:9600 logstash:elk
docker exec -it logstash bash
cd /opt/logs/
doc

访问几次宿主机的Apache服务，并查看Apache的日志文件是否共享到容器内

kibana镜像编排

cd /opt/kibana
vim kibana.yml
server.name: kibana
server.host: "0"
elasticsearch.hosts: [ "http://172.111.0.11:9200","http://172.111.0.12:9201" ]

vim Dockerfile

FROM kibana:6.7.2
COPY kibana.yml ./config/kibana.yml
USER root
RUN chown kibana.kibana ./config/kibana.yml
USER kibana

docker build -t kibana:elk . 
docker run -itd --name kibana --net mynetwork --ip 172.111.0.40 -p 5601:5601 kibana:elk
docker exec -it kibana bash

访问kibana的web页面，查看日志数据并建立对应索引

docker部署elk

docker部署elk

es1镜像

es2镜像

logstash镜像

kibana镜像编排

网站公告

今日签到

热门文章

最新发布