docker-compose部署EFK
准备环境
系统版本:CentOS 7.6
服务器配置:2H 4G
软件版本(docker镜像):
elasticsearch 7.17.5
kibana 7.17.5
elastic/filebeat 7.17.5
安装 Docker-CE
添加 stable 版本的 docker 仓库
$ sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo安装最新版的 docker
$ yum install docker-ce -y安装指定版本 docker
$ yum install docker-ce-17.09.1.ce-1.el7 -y查询可安装的版本:
[root@jenkins ~]# yum list docker-ce --showduplicates | sort -r
* updates: mirrors.tuna.tsinghua.edu.cn
This system is not registered with an entitlement server. You can use subscription-manager to register.
: manager
Loading mirror speeds from cached hostfile
Loaded plugins: fastestmirror, product-id, search-disabled-repos, subscription-
Installed Packages
* extras: mirrors.tuna.tsinghua.edu.cn
docker-ce.x86_64 3:24.0.2-1.el7 docker-ce-stable
docker-ce.x86_64 3:24.0.2-1.el7 @docker-ce-stable
docker-ce.x86_64 3:24.0.1-1.el7 docker-ce-stable
...
docker-ce.x86_64 17.09.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.09.0.ce-1.el7.centos docker-ce-stable
...
* base: mirrors.tuna.tsinghua.edu.cn
Available Packages默认安装最新版本即可
安装完成,但是还没有启动,由于磁盘空间限制,所以需要更改下 Docker 的根目录,将默认的 /var/lib/docker 更改为 /data/docker 目录,添加如下配置文件:
$ mkdir -p /etc/docker
$ vi /etc/docker/daemon.json
{
"registry-mirrors" : [
"https://ot2k4d59.mirror.aliyuncs.com/"
],
"graph": "/data/docker"
}镜像加速器
国内使用docker部署服务,镜像加速器能极大的提升效率,我配置了以下多个镜像加速器。
vim /etc/docker/daemon.json
{
"registry-mirrors" : [
"https://dockerproxy.com",
"https://hub-mirror.c.163.com",
"https://mirror.baidubce.com",
"https://ccr.ccs.tencentyun.com"
],
"graph": "/data/docker"
}启动docker
# 设置为开机启动
$ systemctl enable docker
$ systemctl daemon-reload# 启动 docker
$ systemctl start docker部署 EFK
编写docker-compose
创建项目目录并编写compose文件
$ mkdir -p /data/project/efk
version: '3'
services:
elasticsearch:
image: "elasticsearch:7.17.5"
container_name: elasticsearch
environment:
- discovery.type=single-node
networks:
- efk-network
kibana:
image: "kibana:7.17.5"
container_name: kibana
environment:
- ELASTICSEARCH_HOSTS=http://elasticsearch:9200
ports:
- 5601:5601
networks:
- efk-network
filebeat:
image: "elastic/filebeat:7.17.5"
container_name: filebeat
user: root
command: ["--strict.perms=false"]
volumes:
- /root/efk/filebeat.yaml:/usr/share/filebeat/filebeat.yml
- /var/log/nginx:/var/log/nginx ##将nginx日志挂载到容器内部
networks:
- efk-network
networks:
efk-network:
driver: bridge本次部署filebeat为容器部署,所以将所需日志挂载到容器内部实现日志获取
启动服务
切换到docker-compos.yml所在目录
docker-compose up -d如有需自定义的配置,以下操作为将全部配置及日志相关挂载到宿主机的方法
编写详细挂载的docker-compose启动文件
创建项目目录
$ mkdir -p /data/project/efk
$ cat docker-compose.yaml
version: '3'
services:
elasticsearch:
image: elasticsearch:7.15.5
container_name: elasticsearch
ulimits:
memlock:
soft: -1
hard: -1
ports:
- 9200:9200
- 9300:9300
volumes:
- /data/dockerdata/elasticsearch/etc/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- /data/dockerdata/elasticsearch/data/:/usr/share/elasticsearch/data
- /data/dockerdata/elasticsearch/backup:/data/backup
- /data/dockerdata/elasticsearch/logs:/usr/share/elasticsearch/logs
restart: always
networks:
- efk-network
kibana:
image: kibana:7.17.5
container_name: kibana
ports:
- 5601:5601
volumes:
- /data/dockerdata/kibana/etc/kibana.yml:/usr/share/kibana/config/kibana.yml
- /data/dockerdata/kibana/plugins:/usr/share/kibana/plugins
- /data/dockerdata/kibana/logs:/usr/share/kibana/logs
restart: always
networks:
- efk-network
filebeat:
image: elastic/filebeat:7.17.5
container_name: filebeat
user: root
command: ["--strict.perms=false"]
volumes:
- /data/dockerdata/filebeat/etc/filebeat.yml:/usr/share/filebeat/filebeat.yml
- /data/dockerdata/filebeat/data:/usr/share/filebeat/data
- /data/dockerdata/filebeat/logs:/usr/share/filebeat/logs
- /data/dockerdata/filebeat/tmp:/usr/share/filebeat/tmp
- /data/logs/nginx:/data/logs/nginx # 把nginx日志目录挂载到容器内部
restart: always
networks:
- efk-network
networks:
efk-network:
driver: bridge创建EFK相关目录
创建 ES 所需目录
mkdir -p /data/dockerdata/elasticsearch/{etc,plugins,data,logs,backup}创建 Kibana 所需目录
mkdir -p /data/dockerdata/kibana/{etc,plugins,logs}创建 Filebeat 所需目录
mkdir -p /data/dockerdata/filebeat/{etc,data,logs,tmp}注意:
由于目录时挂载进去的,容器内部需要一些读写权限,要进行一些权限配置,否则容器不能正常启动。
# elasticsearch 目录
chmod 777 /data/dockerdata/es660/{data,logs,backup}
chmod 644 -R /data/dockerdata/es660/{etc,plugins}/*
# kibana 目录
chmod 777 /data/dockerdata/kibana660/{plugins,logs}
chmod 644 -R /data/dockerdata/es660/etc/*
# filebeat 目录
chmod 777 /data/dockerdata/filebeat660/{data,logs,tmp}
chmod 644 -R /data/dockerdata/filebeat660/etc/*配置filebeat收集nginx日志所需配置文件
配置文件filebeat.yml
$ cat>>/data/dockerdata/filebeat/etc/filebeat.yml<<EOF
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/nginx/access.log
fields:
log_type: nginx-access
fields_under_root: true
- type: log
enabled: true
paths:
- /var/log/nginx/error.log
fields:
log_type: nginx-error
fields_under_root: true
output.elasticsearch:
hosts: ["http://elasticsearch:9200"]
indices:
- index: "nginx-access-%{+yyyy.MM.dd}"
when.equals:
log_type: "nginx-access"
- index: "nginx-error-%{+yyyy.MM.dd}"
when.equals:
log_type: "nginx-error"
EOF启动服务并查看
cd /data/project/efk
docker-compose up -d若docker-compose拉取镜像超时,请先手动docker pull 所有容器准备好后启动项目。
使用elastic账户进行登录,地址:http://IP:5601