Docker環境 ELK快速部署
環境 Centos 7.4 , Docker version 17.12
Docker至少3GB內存;
內核配置
echo '
vm.max_map_count = 262144
net.core.somaxconn=65535
'>>/etc/sysctl.conf
sysctl -p
#創建elk
#下載elk鏡像
docker pull sebp/elk
#創建volume(推薦)
docker volume create elk-es
docker volume ls
#創建elk容器
sudo docker run -dit --name elk \
-p 5601:5601 -p 9200:9200 -p 5044:5044 \
-v elk-es:/var/lib/elasticsearch \
-v /etc/localtime:/etc/localtime \
sebp/elk
保持時區一致-v /etc/localtime:/etc/localtime
內存限制 -e ES_MIN_MEM=1G -e ES_MAX_MEM=3G
查看
docker ps -l
#訪問測試
curl localhost:9200
curl localhost:5601
#瀏覽器訪問kabana ip:5601
#logstash 客戶端訪問配置
#logstash配置文件目錄 /etc/logstash/conf.d/
#關閉logstash的ssl驗證(生產環境建議使用自簽證書)
docker exec -it elk sed -i 's/ssl/#ssl/' /etc/logstash/conf.d/02-beats-input.conf
#重啟ELK容器
docker restart elk
##############################
#客戶端使用centos+nginx+filebeat測試
下載centos鏡像
docker pull centos
創建Dockerfile文檔,自定義鏡像,安裝filebeat、nginx
echo '
FROM centos
MAINTAINER Elven <elven89@qq.com> && \
ENV TZ "Asia/Shanghai" && \
ENV TERM xterm
#use aliyun source,and install#
RUN curl -s http://mirrors.aliyun.com/repo/Centos-7.repo>/etc/yum.repos.d/CentOS-Base.repo && \
curl -s http://mirrors.aliyun.com/repo/epel-7.repo>/etc/yum.repos.d/epel.repo && \
sed -i "/aliyuncs.com/d" /etc/yum.repos.d/*.repo && \
yum install -y net-tools tar && \
rm -rf /var/cache/yum/* /tmp/* /var/tmp/* /root/*.cfg
#install filebeat
ENV FILEBEAT_VERSION=6.2.3
RUN rpm -Uvh https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-x86_64.rpm && \
systemctl enable filebeat.service
ADD filebeat.yml /etc/filebeat/filebeat.yml
#install nginx
RUN rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm && \
yum install nginx -y && \
systemctl enable nginx.service && \
yum clean all
EXPOSE 80
ENTRYPOINT ["/usr/sbin/init"]
'>Dockerfile
創建filebeat配置文件
echo '#filebeat#
filebeat.prospectors:
#nginx
- input_type: log
enable: yes
#tags: nginx-access
paths:
- /var/log/nginx/access.log
exclude_lines: ["^$"]
fields:
type: "nginx-access"
fields_under_root: true
#logstash
output.logstash:
hosts: ["elk:5044"]
'>filebeat.yml
創建鏡像filebeat-nginx
docker build -t filebeat-nginx .
查看鏡像
docker images
創建容器filebeat-nginx
sudo docker run --privileged -dit --name filebeat-nginx \
--link elk -p 82:80 filebeat-nginx
挖坑 centos鏡像使用--privileged參數,啟動/usr/sbin/init ,才可使用systemctl管理服務
查看
docker ps -l
netstat -lntp |grep 82
docker exec -it filebeat-nginx netstat -lntp
curl localhost:82
瀏覽器訪問ip:82 能訪問nginx頁面
首次打開,需要添加索引
Management管理-->Index Patterns索引模式-->Create index pattern創建索引模式
填寫filebeat-* (索引名)-->Next step-->選擇如@timestamp-->Create index pattern ,完成elk鏡像自帶nginx日志切割實例文件
/opt/logstash/patterns/nginx
/etc/logstash/conf.d/11-nginx.conf
#調試
#進入elk容器
docker exec -it elk /bin/bash
#安裝網絡工具net-tools
apt install net-tools -y
#查看啟動端口
netstat -lntp
#logstash檢測配置
/opt/logstash/bin/logstash -t -f /opt/logstash/config/logstash.yml
#終端啟動
service logstash stop
/opt/logstash/bin/logstash -f /opt/logstash/config/logstash.yml
#進入filebeat-nginx容器
docker exec -it filebeat-nginx /bin/bash
#filebeat調試
systemctl stop filebeat
/usr/share/filebeat/bin/filebeat -configtest -c /etc/filebeat/filebeat.yml
/usr/share/filebeat/bin/filebeat -e -c /etc/filebeat/filebeat.yml -d "publish"
#漢化kibana (可選)
查看ELK Dockerfile文檔得知系統基於ubuntu:16
#進入elk容器
docker exec -it elk /bin/bash
#配置國內源
echo 'deb http://mirrors.aliyun.com/ubuntu/ xenial xenial-updates main universe restricted multiverse'>>/etc/apt/sources.list
echo 'deb-src http://mirrors.aliyun.com/ubuntu/ xenial xenial-updates main restricted multiverse universe'>>/etc/apt/sources.list
apt-get update
#安裝git
apt install git -y
git --version
#安裝python
apt install python -y
python -V
#漢化kibana
cd /opt
git clone https://github.com/anbai-inc/Kibana_Hanization.git
cd Kibana_Hanization
python main.py /opt/kibana
#重啟kibana
service kibana restart
#Ctrl+D快捷鍵退出容器
##############################
使用curl命令操作Elasticsearch索引
#查詢索引
curl 'localhost:9200/_cat/indices?v'
#創建索引test-index
curl -XPUT 'localhost:9200/test-index?pretty'
#刪除索引
curl -XDELETE 'localhost:9200/test-index'
##############################
官方文檔
Docker ELK文檔
http://elk-docker.readthedocs.io/
Docker Hub官網 ELK
https://hub.docker.com/r/sebp/elk/
github elk
https://github.com/spujadas/elk-docker
https://github.com/spujadas/elk-docker/blob/master/nginx-filebeat/Dockerfile