参考文档
于2021年4月07日进行搭建
1.安装Docker-ce
#获取阿里云docker的yum源wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo#yum安装docker-ceyum -y install epel-releaseyum clean allyum makecacheyum install -y docker-ce#启动docker并设置开机自启动systemctl start docker && systemctl enable docker
安装Docker-ce报错记录
#Centos8安装docker-ce报错package docker-ce-3:19.03.13-3.el7.x86_64 requires containerd.io >= 1.2.2-3, but none of the providers can be installed## 解决方案wget https://download.docker.com/linux/centos/8/x86_64/edge/Packages/containerd.io-1.3.7-3.1.el8.x86_64.rpmyum install containerd.io-1.3.7-3.1.el8.x86_64.rpm -y
2.安装Docker-compose
pip install docker-compose#checkdocker-compose -version
3.Clone 代码 、了解目录结构
# 使用 Git Clone 命令将项目下载到指定位置。git clone https://github.com/deviantony/docker-elk.git /data/docker-elk# 看看是什么时候提交的。cd /data/docker-elkgit log# 一看,是和官方同一天更新的。恐怖如斯,可谓是吾辈楷模。
了解目录结构
tree
修改官方订阅
默认30天Licence,关闭也就是使kibana界面简洁了一些,关闭之后就可以安心合法的使用了。
sed -i 's/trial/basic/g' elasticsearch/config/elasticsearch.yml
修改KIbana显示语言-默认EN
也可以不改,自行选择是否执行
echo 'i18n.locale: "zh-CN"' >> kibana/config/kibana.yml
5.首次构建Docker-elk并启动
nohup docker-compose up &>elk.log &
观察日志
tail -f elk.log
6.重置内建用户密码
docker-compose exec -T elasticsearch bin/elasticsearch-setup-passwords auto --batch > pass.txtcat pass.txt
返回结果,将密码妥善保管,特别是PASSWORD elastic
Changed password for user apm_systemPASSWORD apm_system = WaGAef81zvBICA5EAz6TChanged password for user kibana_systemPASSWORD kibana_system = pIHuFS19dmIIEhuEcaZrChanged password for user kibanaPASSWORD kibana = pIHuFS19dmIIEhuEcaZrChanged password for user logstash_systemPASSWORD logstash_system = wflP8lJLEZqh01Ir00seChanged password for user beats_systemPASSWORD beats_system = 44eX3CiAfMlThx9XA5a4Changed password for user remote_monitoring_userPASSWORD remote_monitoring_user = UZbj6wvZYrzgLzn9HO9hChanged password for user elasticPASSWORD elastic = FLLk3EumWePaWLaGJq8E
注释docker-compose.yml 配置文件中的 elasticsearch 服务的 `ELASTIC_PASSWORD
sed -i 's/ELASTIC_PASSWORD/# ELASTIC_PASSWORD/g' docker-compose.yml
批量修改密码
模板:
echo -e "conf_file=("kibana/config/kibana.yml" "logstash/config/logstash.yml" "logstash/pipeline/logstash.conf")echofor i in \${conf_file[@]};dosed -i 's/changeme/PASSWORD/g' \$iecho \"#File:\$i\"cat \$i |grep "password"echodone" > update_pass.shcat pass.txt |grep "elastic"bash update_pass.sh
案例:
echo -e "conf_file=("kibana/config/kibana.yml" "logstash/config/logstash.yml" "logstash/pipeline/logstash.conf")echofor i in \${conf_file[@]};dosed -i 's/changeme/FLLk3EumWePaWLaGJq8E/g' \$iecho \"#File:\$i\"cat \$i |grep "password"echodone" > update_pass.shcat pass.txt |grep "elastic"bash update_pass.sh
7.重启Docker-elk
使kibana和logstash加载正确的密码
docker-compose restart
8.访问KIbana控制台
修改elastic密码
如果在kibana控制台修改密码后,kibana和logstash将无法连接elasticserach
需要更新kibana/config/kibana.yml” “logstash/config/logstash.yml” “logstash/pipeline/logstash.conf”并重启kibana和logstash容器。
若修改完,docker-compose restart后仍然无法访问kibana的话,请使用这个命令。用http请求的方式对密码进行修改
curl -XPOST -D- 'http://localhost:9200/_security/user/elastic/_password' \
-H 'Content-Type: application/json' \
-u elastic:<your current elastic password> \
-d '{"password" : "<your new password>"}'
9.Done
接下来就是自由探索的过程了!!!
单节点问题记录
1.期望并尝试将elasticsearch的数据存储路径修改至指定目录[已解决]
报错
启动后返回报错
Named volume "{'type': 'volume', 'source': '/data/docker-elk/elasticsearch/data', 'target': '/usr/share/elasticsearch/data'}" is used in service "elasticsearch" but no declaration was found in the volumes section.
解决方案
- 修改type为bind,
- 修改source为./elasticsearch
- chmod 777 ./elasticsearch
- 重新构建elasticsearch
2.Logstash报错[ERROR][logstash.javapipeline ][main][90d58946ce626ba36d19c65ece43eae970f385ada145a7697e86eb7dbc9c2f5a] A plugin had an unrecoverable error. Will restart this plugin.[已解决]
报错
日志中有大量的持续输出的ERROR
[ERROR][logstash.javapipeline ][main][90d58946ce626ba36d19c65ece43eae970f385ada145a7697e86eb7dbc9c2f5a] A plugin had an unrecoverable error. Will restart this plugin.
解决方案
虽然可以正常使用,但是看到报错不处理非常不舒服。
通过各种排查以及对比无果。通过下面链接我发现了解决方案:可以确认的是因为我创建了一个logstash.conf的copy logstash.conf_bak,这导致logstash启动的时候读取了两次相同的配置,返回了这个报错。
https://github.com/elastic/logstash/issues/6279
Centos8 docker搭建集群elk生产环境[待测试]
根据服务器配置情况,就一台服务器,感觉一台多节点没有意义。故放弃集群,再议。
1.修改自官方示例的生产环境
生产环境的基础要求是高可用性,常规实现方案中见的比较多的是“多副本/实例”,多机器,多机架,甚至多区域部署。
前置准备
如果想让生产环境中使用 Docker 运行 ELK,有一些必备的系统设置必不可少。
首先调整 vm.max_map_count 的数值,至少调整到 262144 以上。在 /etc/sysctl.conf 添加下面的内容即可。
vm.max_map_count = 262144
sysctl -w vm.max_map_count=262144
sysctl -p
2.修改配置支持集群【单机多实例-待测试】
Java 堆大小同样需要调整,默认的数值如下,在生产环境中太小了,更详细的内容可以参考这里。我希望其修改为 服务器内存的75%
environment: ES_JAVA_OPTS: "-Xmx12g -Xms12g"
修改docker-compose.yml
elasticsearch01:
build:
context: elasticsearch01/
args:
ELK_VERSION: $ELK_VERSION
volumes:
- type: bind
source: ./elasticsearch01/config/elasticsearch.yml
target: /usr/share/elasticsearch/config/elasticsearch.yml
read_only: true
- type: volume
source: elasticsearch01
target: /usr/share/elasticsearch/data
ports:
- "9200:9200"
- "9300:9300"
environment:
ES_JAVA_OPTS: "-Xmx4g -Xms4g"
elasticsearch02:
build:
context: elasticsearch02/
args:
ELK_VERSION: $ELK_VERSION
volumes:
- type: bind
source: ./elasticsearch02/config/elasticsearch.yml
target: /usr/share/elasticsearch/config/elasticsearch.yml
read_only: true
- type: volume
source: elasticsearch02
target: /usr/share/elasticsearch/data
ports:
- "9201:9201"
- "9301:930"
environment:
ES_JAVA_OPTS: "-Xmx4g -Xms4g"
kibana: volumes: - ./kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml:ro ports: - "5601:5601" depends_on: - elasticsearch01 - elasticsearch02 - elasticsearch03 environment: - ELASTICSEARCH_URL=http://es01:9200 - xpack.security.enabled=false
无卵用笔记
vm.max_map_count=655360
sysctl -w vm.max_map_count=655360
## ELFK
```bash
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.10.0-linux-x86_64.tar.gz
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.10.0-linux-x86_64.tar.gz
wget https://artifacts.elastic.co/downloads/logstash/logstash-7.10.0-linux-x86_64.tar.gz
wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.10.0-linux-x86_64.tar.gz
Centos8 docker运行elk
安装Docker-ce
#获取阿里云docker的yum源
wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
#yum安装docker-ce
yum -y install epel-release
yum clean all
yum makecache
yum install -y docker-ce
#启动docker并设置开机自启动
systemctl start docker && systemctl enable docker
安装Docker-ce报错记录
#Centos8安装docker-ce报错package docker-ce-3:19.03.13-3.el7.x86_64 requires containerd.io >= 1.2.2-3, but none of the providers can be installed
## 解决方案
wget https://download.docker.com/linux/centos/8/x86_64/edge/Packages/containerd.io-1.3.7-3.1.el8.x86_64.rpm
yum install containerd.io-1.3.7-3.1.el8.x86_64.rpm -y
拉取ELK镜像
# 查看前十个镜像源
docker search elk | head -n 10
# 拉取star比较多的镜像
docker pull sebp/elk
自定义ELK映射路径
自定义ELK映射路径方便管理/修改配置查看日志数据等
mkdir -p /data/elk/elasticsearch/{conf,data}
mkdir -p /data/elk/kibana/config
mkdir -p /data/elk/logstash
首次运行ELK镜像用于保存配置文件
启动会报错,忽略即可。将容器中的配置文件保存在宿主机上方便修改
docker run --name elk sebp/elk
docker cp -a elk:/opt/kibana/config/kibana.yml /data/elk/kibana/config
docker cp -a elk:/opt/logstash/config /data/elk/logstash/
docker cp -a elk:/opt/elasticsearch/config /data/elk/elasticsearch/
docker cp -a elk:/opt/elasticsearch/logs /data/elk/elasticsearch/
再次运行ELK镜像
docker run -tid -p 5601:5601 -p 5044:5044 -p 9200:9200 -p 9300:9300 \
-v /data/elk/kibana/config/kibana.yml:/opt/kibana/config/kibana.yml \
-v /data/elk/logstash/config:/opt/logstash/config \
-v /data/elk/elasticsearch/config:/opt/elasticsearch/config \
-v /data/elk/elasticsearch/logs:/opt/elasticsearch/logs \
-v /data/elk/elasticsearch/data:/var/lib/elasticsearch \
--restart=always --name elk sebp/elk
<a name="BXdvn"></a>
## 忘记密码
如果生成后忘记密码了怎么办, 可以进入机器去修改。<br />进入es的机器,创建一个临时的超级用户RyanMiao
```bash
./bin/elasticsearch-users useradd wayne -r superuser
Enter new password:
Retype new password:
用这个用户去修改elastic的密码:
curl -XPUT -u wayne:wayne123 http://localhost:9200/_xpack/security/user/elastic/_password -H "Content-Type: application/json" -d ' { "password": "q5f2qNfUJQyvZPIz57MZ" }'
若有收获,就点个赞吧
0 人点赞
