root@elk elfk# cat docker-compose.yml
version: '3'
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
container_name: elasticsearch
volumes:
- ./elasticsearch:/usr/share/elasticsearch
ports:
-
"9200:9200"
-
"9300:9300"
restart: always
kibana:
image: docker.elastic.co/kibana/kibana:7.10.2
container_name: kibana
ports:
- "5601:5601"
volumes:
- ./kibana:/usr/share/kibana
restart: always
filebeat:
image: elastic/filebeat:7.10.2
container_name: filebeat1
volumes:
- ./filebeat:/usr/share/filebeat
restart: always
user: root
logstash:
image: logstash:7.17.20
container_name: logstash
volumes:
- ./logstash:/usr/share/logstash
restart: always
先直接用docker run启动 不要挂载文件夹 将elasticsearch文件夹docker cp下来修改配置文件
最后用docker-compose启动
其他程序和上述一样
原因直接建目录挂载会有权限问题,导致启动失败
配置文件
root@elk elfk# cat elasticsearch/config/elasticsearch.yml
cluster.name: "es-cluster"
network.host: 0.0.0.0
discovery.seed_hosts: "10.10.66.2","10.10.66.5","10.10.66.6"
node.name: 10.10.66.2
cluster.initial_master_nodes: "10.10.66.2"
root@elk elfk# cat kibana/config/kibana.yml
** THIS IS AN AUTO-GENERATED FILE **
Default Kibana configuration for docker target
server.name: kibana
server.host: "0.0.0.0"
elasticsearch.requestTimeout: 60000
elasticsearch.hosts: "http://10.10.66.2:9200"
monitoring.ui.container.elasticsearch.enabled: true
i18n.locale: "zh-CN"
root@elk elfk#
修改后重新启动就可以了
这是批量安装filebeat的ansiable 可以学习参考
[root@elk ansiable]# cat playbook-filebeat.yaml
---
- name: Transfer file with password authentication
hosts: host_group # 替换为你的主机组名称
gather_facts: yes
vars:
ansible_user: "root"
ansible_password: "Qwe123!!"
tasks:
- name: 复制filebeat-start.sh文件到远程主机
copy:
src: "/elfk/filebeat-start.sh"
dest: "/elfk/"
- name: 复制filebeat.tar文件到远程主机
copy:
src: "/elfk/filebeat.tar"
dest: "/elfk/"
- name: 复制docker-compose.yml文件到远程主机
copy:
src: "/elfk/docker-compose.yml"
dest: "/elfk/"
- name: 脚本授权
command: "chmod 777 /elfk/filebeat-start.sh"
- name: 执行启动脚本
command: "/elfk/filebeat-start.sh"
[root@elk ansiable]# cat playbook.yaml
---
- name: Transfer file with password authentication
hosts: host_group # 替换为你的主机组名称
gather_facts: yes
vars:
ansible_user: "root"
ansible_password: "Qwe123!!"
tasks:
- name: 复制文件到远程主机
copy:
src: "/elfk/{{ item.src }}"
dest: "/elfk/"
loop:
- { src: "filebeat.tar" }
- { src: "filebeat" }
- { src: "docker-compose.yml" }
- name: 修改 filebeat.yml 文件权限
command: chmod go-w /elfk/filebeat/filebeat.yml
- name: 重启 Docker 服务
systemd:
name: docker
state: restarted
enabled: yes
- name: 载入 Filebeat 镜像并启动容器
shell: "docker load -i /elfk/filebeat.tar && docker-compose up -d filebeat"
args:
executable: /bin/bash
- name: 载入 Filebeat 镜像
shell: docker load -i /elfk/filebeat.tar
args:
executable: /bin/bash
- name: 启动 Filebeat 容器
command: /usr/local/bin/docker-compose -f /elfk/docker-compose.yml up -d filebeat
args:
executable: /bin/bash
- name: 检查容器状态
docker_container:
name: filebeat
register: container_info
- name: 显示容器状态
debug:
var: container_info
[root@elk ansiable]# ll
总用量 12
-rw-r--r-- 1 root root 737 4月 22 23:20 playbook-filebeat.yaml
-rw-r--r-- 1 root root 1295 4月 22 19:51 playbook.yaml
-rw-r--r-- 1 root root 309 4月 22 13:18 playbook.yaml.bak
[root@elk ansiable]# cat playbook.yaml.bak
---
- name: Transfer file with password authentication
hosts: host_group # 替换为你的主机组名称
gather_facts: yes
vars:
ansible_user: root
ansible_password: Qwe123!!
tasks:
- name: Install rsync package
ansible.builtin.package:
name: rsync
state: present