需要docker和docker-compose环境
下面时docker-compose.yaml文件
[root@node1 docker-EFK]# cat docker-compose.yaml
version: '3.3'
services:
elasticsearch:
image: "docker.elastic.co/elasticsearch/elasticsearch:7.17.5"
container_name: elasticsearch
restart: always
environment:
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- "discovery.type=single-node"
- "cluster.name=myes"
- "node.name=jeven"
# - xpack.security.enabled: "false"
ulimits:
memlock:
soft: -1
hard: -1
networks:
myefk:
ipv4_address: 172.29.120.10
aliases:
- es
- jeven
ports:
- "9200:9200"
- "9300:9300"
volumes:
- /home/docker-EFK/config/:/usr/share/elasticsearch/config
- /home/docker-EFK/efk/es/data/:/usr/share/elasticsearch/data
kibana:
image: "docker.elastic.co/kibana/kibana:7.17.5"
restart: always
environment:
ELASTICSEARCH_URL: http://10.23.3.2:9200
ELASTICSEARCH_HOSTS: '["http:/10.23.3.2:9200"]'
I18N_LOCALE: zh-CN
networks:
myefk:
ipv4_address: 172.29.120.20
aliases:
- kibana
- kib
ports:
- "5601:5601"
links:
- "elasticsearch"
filebeat:
image: "docker.elastic.co/beats/filebeat:7.17.5"
restart: always
networks:
myefk:
ipv4_address: 172.29.120.30
aliases:
- filebeat
- fb
user: root
command: ["--strict.perms=false"]
volumes:
- /home/docker-EFK/efk/filebeat.yaml:/usr/share/filebeat/filebeat.yml
- /var/lib/docker:/var/lib/docker:ro
- /var/run/docker.sock:/var/run/docker.sock
links:
- "elasticsearch"
- "kibana"
elasticsearch-head:
image: "tobias74/elasticsearch-head"
container_name: elasticsearch-head
restart: always
networks:
myefk:
ipv4_address: 172.29.120.50
ports:
- "9100:9100"
links:
- "elasticsearch"
networks:
myefk:
driver: bridge
ipam:
config:
- subnet: 172.29.120.0/24
使用docker-compose up -d执行
使用docker ps 看容器状态。
[root@node1 docker-EFK]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
42581fc03590 tobias74/elasticsearch-head "/bin/sh -c 'grunt s..." 5 minutes ago Up 5 minutes 0.0.0.0:9100->9100/tcp, :::9100->9100/tcp elasticsearch-head
ce1464dc2726 docker.elastic.co/beats/filebeat:7.17.5 "/usr/bin/tini -- /u..." 19 minutes ago Up 19 minutes docker-efk_filebeat_1
fc979274d0f1 docker.elastic.co/kibana/kibana:7.17.5 "/bin/tini -- /usr/l..." 19 minutes ago Up 19 minutes 0.0.0.0:5601->5601/tcp, :::5601->5601/tcp docker-efk_kibana_1
f5f94ba61d0b docker.elastic.co/elasticsearch/elasticsearch:7.17.5 "/bin/tini -- /usr/l..." 19 minutes ago Up 18 minutes 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp, 0.0.0.0:9300->9300/tcp, :::9300->9300/tcp elasticsearch
elasticsearch是日志存放的数据库,elasticsearch下的索引(Index)类似于关系型的一个数据库。文档(Document):Elasticsearch中的数据单位,可以理解为一条记录或一条消息。
elasticsearch-head就是一款能连接ElasticSearch搜索引擎,并提供可视化的操作页面对ElasticSearch搜索引擎进行各种设置和数据检索功能的管理插件。
kibana是一个
分析和可视化数据。搜索隐藏的见解,编制图表仪表板,仪表、地图和其他可视化显示您发现的内容,并与他人分享。
搜索、观察和保护你的数据。向你的应用或网站添加搜索框,分析日志,指标,并发现安全漏洞。
管理、监控和保护 Elastic Stack。管理您的索引和摄入管道,监控 Elastic Stack 集群的运行状况,并控制哪些用户可以访问哪些特征和数据。
filebeat这里就是一个测试源,可以关闭,对es没有影响,后期需要安装到收集日志的服务器上。
问题1:
创建elasticsearch 是初期没有挂在config文件夹,后期则无法更改elasticsearch.yaml文件,但是再docker-compose.yaml中加入- /home/docker-EFK/config/:/usr/share/elasticsearch/config 后elasticsearch启动一直报错,起不来。查看logs 发现无法打开/usr/share/elasticsearch/config下的文件。解决的方法是,先不映射/usr/share/elasticsearch/config,启动后docker cp 容器id:/usr/share/elasticsearch/config (宿主机目录)/home/docker-EFK/config/ 。把容器的这个目录拷贝到宿主机,然后再在yaml中加入- /home/docker-EFK/config/:/usr/share/elasticsearch/config。这样就可以了。
问题2:elasticsearch-head 启动成功后,浏览器http://10.23.3.2:9100可以正常访问,但是连不上elasticsearch,后查了一下,需要在elasticsearch.yaml添加两行内容
http.cors.enabled: true
http.cors.allow-origin: "*"
[root@node1 config]# cat elasticsearch.yml
cluster.name: "docker-cluster"
network.host: 0.0.0.0
http.cors.enabled: true
http.cors.allow-origin: "*"
重启容器 docker restart es的容器id,重启后,连接成功。