Docker部署ELK


#安装Docker

1、Docker 要求 CentOS 系统的内核版本高于 3.10 ,查看本页面的前提条件来验证你的CentOS 版本是否支持 Docker 。

通过 uname -r 命令查看你当前的内核版本

$ uname -r
2、使用 root 权限登录 Centos。确保 yum 包更新到最新。

$ sudo yum update
3、卸载旧版本(如果安装过旧版本的话)

$ sudo yum remove docker docker-common docker-selinux docker-engine
4、安装需要的软件包, yum-util 提供yum-config-manager功能,另外两个是devicemapper驱动依赖的

$ sudo yum install -y yum-utils device-mapper-persistent-data lvm2
5、设置yum源

$ sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

6、可以查看所有仓库中所有docker版本,并选择特定版本安装
$ yum list docker-ce --showduplicates | sort -r

7、安装docker
$ sudo yum install docker-ce #由于repo中默认只开启stable仓库,故这里安装的是最新稳定版17.12.0 $ sudo yum install <FQPN> # 例如:sudo yum install docker-ce-17.12.0.ce
 
8、启动并加入开机启动
$ sudo systemctl start docker $ sudo systemctl enable docker

9、验证安装是否成功(有client和service两部分表示docker安装启动都成功了)
$ docker version

#安装Docker-compose

1.安装扩展源
sudo yum -y install epel-release

2.安装python-pip模块
sudo yum install python-pip

3.查看docker-compose版本
docker-compose version# 提示未找到命令

4.通过以命令进行安装
cd /usr/local/bin/wget https://github.com/docker/compose/releases/download/1.14.0-rc2/docker-compose-Linux-x86_64rename docker-compose-Linux-x86_64 docker-compose docker-compose-Linux-x86_64chmod +x /usr/local/bin/docker-compose

5.再通过docker-compose version命令进行查找但是,依旧现在docker-compose: 未找到命令最后:
cp -rf  /usr/local/bin/docker-compose /usr/bin/docker-compose

#一键部署ELK

1.克隆项目

2.重置密码
docker-compose exec -T elasticsearch bin/elasticsearch-setup-passwords auto --batch

3.修改sysctl.conf
vi /etc/sysctl.conf

添加以下内容
vm.max_map_count = 262144 sysctl -w vm.max_map_count=262144

4.更新docker-compose.yml

version: "3.2"

services:
  elasticsearch01:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.7.0
    container_name: es01
    volumes:
      - ./data/es01:/usr/share/elasticsearch/data01:rw
    ports:
      - 9200:9200
      - 9300:9300
    environment:
      node.name: "es01"
      cluster.name: "docker-cluster"
      network.host: "0.0.0.0"
      discovery.seed_hosts: "es02,es03"
      cluster.initial_master_nodes: "es01,es02,es03"
      bootstrap.memory_lock: "true"
      xpack.license.self_generated.type: "basic"
      xpack.security.enabled: "false"
      xpack.monitoring.collection.enabled: "true"
      ES_JAVA_OPTS: "-Xmx1g -Xms1g"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    networks:
      - elk

  elasticsearch02:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.7.0
    container_name: es02
    volumes:
      - ./data/es02:/usr/share/elasticsearch/data02:rw
    environment:
      node.name: "es02"
      cluster.name: "docker-cluster"
      network.host: "0.0.0.0"
      discovery.seed_hosts: "es01,es03"
      cluster.initial_master_nodes: "es01,es02,es03"
      bootstrap.memory_lock: "true"
      xpack.license.self_generated.type: "basic"
      xpack.security.enabled: "false"
      xpack.monitoring.collection.enabled: "true"
      ES_JAVA_OPTS: "-Xmx1g -Xms1g"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    networks:
      - elk

  elasticsearch03:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.7.0
    container_name: es03
    volumes:
      - ./data/es03:/usr/share/elasticsearch/data03:rw
    environment:
      node.name: "es03"
      cluster.name: "docker-cluster"
      network.host: "0.0.0.0"
      discovery.seed_hosts: "es01,es02"
      cluster.initial_master_nodes: "es01,es02,es03"
      bootstrap.memory_lock: "true"
      xpack.license.self_generated.type: "basic"
      xpack.security.enabled: "false"
      xpack.monitoring.collection.enabled: "true"
      ES_JAVA_OPTS: "-Xmx1g -Xms1g"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    networks:
      - elk

  logstash:
    image: docker.elastic.co/logstash/logstash:7.7.0
    volumes:
      - ./logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml:ro
      - ./logstash/pipeline:/usr/share/logstash/pipeline:ro
    ports:
      - "5000:5000/tcp"
      - "5000:5000/udp"
      - "9600:9600"
    environment:
      LS_JAVA_OPTS: "-Xmx1g -Xms1g"
    networks:
      - elk
    depends_on:
      - elasticsearch01
      - elasticsearch02
      - elasticsearch03

  kibana:
    image: docker.elastic.co/kibana/kibana:7.7.0
    volumes:
      - ./kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml:ro
    ports:
      - "5601:5601"
    networks:
      - elk
    depends_on:
      - elasticsearch01
      - elasticsearch02
      - elasticsearch03
    environment:
      - ELASTICSEARCH_URL=http://es01:9200
      - xpack.security.enabled=false

networks:
  elk:
    driver: bridge

volumes:
  elasticsearch:



5.删除logstash.conf中的配置
ecs_compatibility => disabled

6.配置FileBeat在一台服务器上
docker-compose -f docker-compose.yml -f extensions/filebeat/filebeat-compose.yml up

7.启动docker-compose
docker-compose up

yg9538 July 22, 2022, 10:48 p.m. 622 收藏文档