怎么使用Docker快速部署ELK环境 |
您所在的位置:网站首页 › elk 使用 › 怎么使用Docker快速部署ELK环境 |
怎么使用Docker快速部署ELK环境
在linux服务器上安装docker以后,pull相关的官方docker镜像: dockerpulldocker.elastic.co/elasticsearch/elasticsearch:5.5.1dockerpulldocker.elastic.co/kibana/kibana:5.5.1dockerpulldocker.elastic.co/logstash/logstash:5.5.1启动elastic search容器: dockerrun-p9200:9200-e"http.host=0.0.0.0"-e"transport.host=127.0.0.1"\--namemy-elastic-ddocker.elastic.co/elasticsearch/elasticsearch:5.5.1启动kibana容器: dockerrun-p5601:5601-e"elasticsearch_url=http://localhost:9200"--namemy-kibana\--networkhost-ddocker.elastic.co/kibana/kibana:5.5.1创建logstash/logstash.yml,配置xpack对于logstash的监控: http.host:"0.0.0.0"path.config:/usr/share/logstash/pipelinexpack.monitoring.elasticsearch.url:http://localhost:9200xpack.monitoring.elasticsearch.username:elasticxpack.monitoring.elasticsearch.password:changeme创建logstash/conf.d/logstash.conf,配置logstash的输入输出: input{file{path=>"/tmp/access_log"start_position=>"beginning"}}output{elasticsearch{hosts=>["localhost:9200"]user=>"elastic"password=>"changeme"}}启动logstash容器: dockerrun-v/home/ubuntu/logstash/conf.d:/usr/share/logstash/pipeline/:ro-v/tmp:/tmp:ro\-v/home/ubuntu/logstash/logstash.yml:/usr/share/logstash/config/logstash.yml:ro--namemy-logstash\--networkhost-ddocker.elastic.co/logstash/logstash:5.5.1测试一下,在/tmp/access.log中添加两行信息: echo"helloworld!">>/tmp/access_logecho"helloelk!">>/tmp/access_log打开kibana的链接http://yourhost:5601,使用用户名/密码: elastic/changeme登录。在”configure an index pattern”页面点击create按钮。点击菜单monitor即可查看elk节点的状态 在kibana点击discover菜单,可以看到相关的日志信息: 使用elastic search集群部署 elastic官方提供了用docker-compose启动elastic search集群的方法,首先安装docker-compose curl-lhttps://github.com/docker/compose/releases/download/1.15.0/docker-compose-linux-x86_64\>/usr/local/bin/docker-composesudochmod+x/usr/local/bin/docker-composedocker-compose--version创建一个elasticsearch/docker-compose.yml文件: version:'2'services:elasticsearch1:image:docker.elastic.co/elasticsearch/elasticsearch:5.5.1container_name:elasticsearch1environment:-cluster.name=docker-cluster-bootstrap.memory_lock=true-"es_java_opts=-xms512m-xmx512m"ulimits:memlock:soft:-1hard:-1mem_limit:1gvolumes:-esdata1:/usr/share/elasticsearch/dataports:-9200:9200networks:-esnetelasticsearch2:image:docker.elastic.co/elasticsearch/elasticsearch:5.5.1environment:-cluster.name=docker-cluster-bootstrap.memory_lock=true-"es_java_opts=-xms512m-xmx512m"-"discovery.zen.ping.unicast.hosts=elasticsearch1"ulimits:memlock:soft:-1hard:-1mem_limit:1gvolumes:-esdata2:/usr/share/elasticsearch/datanetworks:-esnetvolumes:esdata1:driver:localesdata2:driver:localnetworks:esnet:在/etc/sysctl.conf文件中追加一行 vm.max_map_count=262144执行命令应用变更: sudosysctl-p在docker-compose.yml所在的目录执行以下命令,启动elastic search集群: dockerstopmy-elastic&&dockerrmmy-elasticdocker-composeup&在kibana中monitor菜单中可以看到,elastic search集群已经正常工作: 修改默认密码 elastic docker images的默认账号密码是elastic/changeme,使用默认密码是不安全的,假设要把密码改为elastic0。在docker所在服务器上执行命令,修改用户elastic的密码: curl-xput-uelastic'localhost:9200/_xpack/security/user/elastic/_password'-h"content-type:application/json"\-d'{"password":"elastic0"}'设置密码,重启kibana: dockerstopmy-kibana&&dockerrmmy-kibanadockerrun-p5601:5601-e"elasticsearch_url=http://localhost:9200"-e"elasticsearch_password=elastic0"\--namemy-kibana--networkhost-ddocker.elastic.co/kibana/kibana:5.5.1修改logstash/logstash.yml,logstash/conf.d/logstash.conf中的密码,然后重启logstash服务 dockerrestartmy-logstash测试一下,在/tmp/access.log中添加两行信息: echo"helloworld!">>/tmp/access_logecho"helloelk!">>/tmp/access_log打开kibana的链接,使用用户名/密码: elastic/elastic0登录。在”configure an index pattern”页面点击create按钮。点击菜单monitor即可查看elk节点的状态,默认密码已经修改成功。 |
【本文地址】
今日新闻 |
推荐新闻 |