root@elk elfk\]# cat docker-compose.yml version: '3' services: elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2 container_name: elasticsearch volumes: - ./elasticsearch:/usr/share/elasticsearch ports: - "9200:9200" - "9300:9300" restart: always kibana: image: docker.elastic.co/kibana/kibana:7.10.2 container_name: kibana ports: - "5601:5601" volumes: - ./kibana:/usr/share/kibana restart: always filebeat: image: elastic/filebeat:7.10.2 container_name: filebeat1 volumes: - ./filebeat:/usr/share/filebeat restart: always user: root logstash: image: logstash:7.17.20 container_name: logstash volumes: - ./logstash:/usr/share/logstash restart: always > 先直接用docker run启动 不要挂载文件夹 将elasticsearch文件夹docker cp下来修改配置文件 > > 最后用docker-compose启动 > > > 其他程序和上述一样 > > 原因直接建目录挂载会有权限问题,导致启动失败 > > 配置文件 > > \[root@elk elfk\]# cat elasticsearch/config/elasticsearch.yml > > cluster.name: "es-cluster" > > network.host: 0.0.0.0 > > discovery.seed_hosts: \["10.10.66.2","10.10.66.5","10.10.66.6"
node.name: 10.10.66.2
cluster.initial_master_nodes: ["10.10.66.2"]
root@elk elfk\]# cat kibana/config/kibana.yml # # \*\* THIS IS AN AUTO-GENERATED FILE \*\* # # Default Kibana configuration for docker target server.name: kibana server.host: "0.0.0.0" elasticsearch.requestTimeout: 60000 elasticsearch.hosts: \[ "http://10.10.66.2:9200"
monitoring.ui.container.elasticsearch.enabled: true
i18n.locale: "zh-CN"
root@elk elfk\]# 修改后重新启动就可以了
[root@elk ansiable]# cat playbook-filebeat.yaml
---
- name: Transfer file with password authentication
hosts: host_group # 替换为你的主机组名称
gather_facts: yes
vars:
ansible_user: "root"
ansible_password: "Qwe123!!"
tasks:
- name: 复制filebeat-start.sh文件到远程主机
copy:
src: "/elfk/filebeat-start.sh"
dest: "/elfk/"
- name: 复制filebeat.tar文件到远程主机
copy:
src: "/elfk/filebeat.tar"
dest: "/elfk/"
- name: 复制docker-compose.yml文件到远程主机
copy:
src: "/elfk/docker-compose.yml"
dest: "/elfk/"
- name: 脚本授权
command: "chmod 777 /elfk/filebeat-start.sh"
- name: 执行启动脚本
command: "/elfk/filebeat-start.sh"
[root@elk ansiable]# cat playbook.yaml
---
- name: Transfer file with password authentication
hosts: host_group # 替换为你的主机组名称
gather_facts: yes
vars:
ansible_user: "root"
ansible_password: "Qwe123!!"
tasks:
- name: 复制文件到远程主机
copy:
src: "/elfk/{{ item.src }}"
dest: "/elfk/"
loop:
- { src: "filebeat.tar" }
- { src: "filebeat" }
- { src: "docker-compose.yml" }
- name: 修改 filebeat.yml 文件权限
command: chmod go-w /elfk/filebeat/filebeat.yml
- name: 重启 Docker 服务
systemd:
name: docker
state: restarted
enabled: yes
- name: 载入 Filebeat 镜像并启动容器
shell: "docker load -i /elfk/filebeat.tar && docker-compose up -d filebeat"
args:
executable: /bin/bash
- name: 载入 Filebeat 镜像
shell: docker load -i /elfk/filebeat.tar
args:
executable: /bin/bash
- name: 启动 Filebeat 容器
command: /usr/local/bin/docker-compose -f /elfk/docker-compose.yml up -d filebeat
args:
executable: /bin/bash
- name: 检查容器状态
docker_container:
name: filebeat
register: container_info
- name: 显示容器状态
debug:
var: container_info
[root@elk ansiable]# ll
总用量 12
-rw-r--r-- 1 root root 737 4月 22 23:20 playbook-filebeat.yaml
-rw-r--r-- 1 root root 1295 4月 22 19:51 playbook.yaml
-rw-r--r-- 1 root root 309 4月 22 13:18 playbook.yaml.bak
[root@elk ansiable]# cat playbook.yaml.bak
---
- name: Transfer file with password authentication
hosts: host_group # 替换为你的主机组名称
gather_facts: yes
vars:
ansible_user: root
ansible_password: Qwe123!!
tasks:
- name: Install rsync package
ansible.builtin.package:
name: rsync
state: present