docker安装efk

root@elk elfk# cat docker-compose.yml

version: '3'

services:

elasticsearch:

image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2

container_name: elasticsearch

volumes:

  • ./elasticsearch:/usr/share/elasticsearch

ports:

  • "9200:9200"

  • "9300:9300"

restart: always

kibana:

image: docker.elastic.co/kibana/kibana:7.10.2

container_name: kibana

ports:

  • "5601:5601"

volumes:

  • ./kibana:/usr/share/kibana

restart: always

filebeat:

image: elastic/filebeat:7.10.2

container_name: filebeat1

volumes:

  • ./filebeat:/usr/share/filebeat

restart: always

user: root

logstash:

image: logstash:7.17.20

container_name: logstash

volumes:

  • ./logstash:/usr/share/logstash

restart: always

先直接用docker run启动 不要挂载文件夹 将elasticsearch文件夹docker cp下来修改配置文件

最后用docker-compose启动

其他程序和上述一样

原因直接建目录挂载会有权限问题,导致启动失败

配置文件

root@elk elfk# cat elasticsearch/config/elasticsearch.yml

cluster.name: "es-cluster"

network.host: 0.0.0.0

discovery.seed_hosts: "10.10.66.2","10.10.66.5","10.10.66.6"

node.name: 10.10.66.2

cluster.initial_master_nodes: "10.10.66.2"

root@elk elfk# cat kibana/config/kibana.yml

** THIS IS AN AUTO-GENERATED FILE **

Default Kibana configuration for docker target

server.name: kibana

server.host: "0.0.0.0"

elasticsearch.requestTimeout: 60000

elasticsearch.hosts: "http://10.10.66.2:9200"

monitoring.ui.container.elasticsearch.enabled: true

i18n.locale: "zh-CN"

root@elk elfk#

修改后重新启动就可以了

复制代码
这是批量安装filebeat的ansiable  可以学习参考

[root@elk ansiable]# cat playbook-filebeat.yaml 
---
- name: Transfer file with password authentication
  hosts: host_group  # 替换为你的主机组名称
  gather_facts: yes
  vars:
    ansible_user: "root"
    ansible_password: "Qwe123!!"
  tasks:
    - name: 复制filebeat-start.sh文件到远程主机
      copy:
        src: "/elfk/filebeat-start.sh"
        dest: "/elfk/"
    - name: 复制filebeat.tar文件到远程主机
      copy:
        src: "/elfk/filebeat.tar"
        dest: "/elfk/"
    - name: 复制docker-compose.yml文件到远程主机
      copy:
        src: "/elfk/docker-compose.yml"
        dest: "/elfk/"
    - name: 脚本授权
      command: "chmod 777 /elfk/filebeat-start.sh"
    - name: 执行启动脚本
      command: "/elfk/filebeat-start.sh"
[root@elk ansiable]# cat playbook.yaml
---
- name: Transfer file with password authentication
  hosts: host_group  # 替换为你的主机组名称
  gather_facts: yes
  vars:
    ansible_user: "root"
    ansible_password: "Qwe123!!"
  tasks:
    - name: 复制文件到远程主机
      copy:
        src: "/elfk/{{ item.src }}"
        dest: "/elfk/"
      loop:
        - { src: "filebeat.tar" }
        - { src: "filebeat" }
        - { src: "docker-compose.yml" }

    - name: 修改 filebeat.yml 文件权限
      command: chmod go-w /elfk/filebeat/filebeat.yml
    - name: 重启 Docker 服务
      systemd:
        name: docker
        state: restarted
        enabled: yes

    - name: 载入 Filebeat 镜像并启动容器
      shell: "docker load -i /elfk/filebeat.tar && docker-compose up -d filebeat"
      args:
        executable: /bin/bash
    - name: 载入 Filebeat 镜像
      shell: docker load -i /elfk/filebeat.tar
      args:
        executable: /bin/bash

    - name: 启动 Filebeat 容器
      command: /usr/local/bin/docker-compose -f /elfk/docker-compose.yml up -d filebeat
      args:
        executable: /bin/bash

    - name: 检查容器状态
      docker_container:
        name: filebeat
      register: container_info

    - name: 显示容器状态
      debug:
        var: container_info

[root@elk ansiable]# ll
总用量 12
-rw-r--r-- 1 root root  737 4月  22 23:20 playbook-filebeat.yaml
-rw-r--r-- 1 root root 1295 4月  22 19:51 playbook.yaml
-rw-r--r-- 1 root root  309 4月  22 13:18 playbook.yaml.bak
[root@elk ansiable]# cat playbook.yaml.bak 
---
- name: Transfer file with password authentication
  hosts: host_group  # 替换为你的主机组名称
  gather_facts: yes
  vars:
    ansible_user: root
    ansible_password: Qwe123!!
  tasks:
    - name: Install rsync package
      ansible.builtin.package:
        name: rsync
        state: present
相关推荐
努力进修14 分钟前
Docker+cpolar 实战:打造灵活可控的远程办公系统
运维·docker·容器
其实防守也摸鱼19 分钟前
运维--怎么看接口的请求和返回
运维·学习·网络安全·网络攻击模型·burpsuite·攻防对抗·蓝队
weixin_307779131 小时前
Linux下Nginx故障系统化检查Shell脚本
linux·运维·服务器·nginx·自动化
jieyucx3 小时前
Docker 入门第一阶段:建立正确认知与初体验
运维·docker·容器
qetfw5 小时前
CentOS 7 基础环境配置
linux·运维·centos
jieyucx6 小时前
Docker 入门第二阶段:掌握日常命令
运维·docker·容器
随性而行3606 小时前
微信API接口与AI自动化:开发者的实现思路
运维·服务器·开发语言·人工智能·微信·自动化
有毒的教程6 小时前
Kubernetes进阶实战教程(生产落地完整版)
云原生·容器·kubernetes
鱼听禅7 小时前
Ubuntu学习笔记-安装docker容器
学习·ubuntu·docker
胖兔纸28 小时前
OpenStack 1.7.2 & Ceph 9.2.1 运维命令
运维·ceph·openstack