docker部署elk

#### 前言

本技术文档记录docker部署elk，满足研发部门对日志的需求

 

#### 配置docker挂载的时区

```

cat > /etc/timezone <<-EOF

Asia/Shanghai

EOF

```

 

#### 部署

 

##### es

配置elasticsearch.yml文件

```

mkdir -p /data/deploy/elasticsearch

cat > /data/deploy/elasticsearch/elasticsearch.yml <<-EOF
cluster.name: "docker-cluster"
network.host: 0.0.0.0
xpack.security.enabled: true
http.cors.enabled: true
http.cors.allow-origin: "*"

EOF

```

配置部署脚本

```

cat > docker-elasticsearch.sh <<-EOF
#!/usr/bin/env bash

mkdir -p /data/elasticsearch
chown -R 1000:1000 /data/elasticsearch

docker run -d \
  --name elasticsearch \
  --restart always \
  -p 9200:9200 \
  -p 9300:9300 \
  -e "discovery.type=single-node" \
  -v /etc/timezone:/etc/timezone:ro \
  -v /etc/localtime:/etc/localtime:ro \
  -v /data/deploy/elasticsearch/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro \
  -v /data/elasticsearch:/usr/share/elasticsearch/data \
  elasticsearch:7.6.1

EOF

```

执行部署

> bash docker-elasticsearch.sh

 

##### logstash

配置logstash.yml

```

mkdir /data/deploy/logstash

cat > /data/deploy/logstash/logstash.yml <<-EOF
xpack:
  monitoring:
    enabled: true
    elasticsearch:
      hosts: elasticsearch:9200
      username: elasticsearch_username
      password: "elasticsearch_password"

EOF

```

配置logstash.conf    # 根据自身的日志进行处理

```

mkdir /data/deploy/logstash

cat > /data/deploy/logstash/logstash.conf <<-EOF
input {
  beats {
    port => 5044
    codec => plain { charset => "UTF-8" }
  }
}

filter {
  grok {
    match => { "message" => "\[(?\d{4}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2}\s\+\d{4})\]\s+\[(?\d+)\]\s+\[(?[a-zA-Z]*)\]\s+(?.*)" }
  }
}

output {

    elasticsearch {
        action => "index"
        hosts => ["elasticsearch:9200"]
        index => "logstash-dev-app-%{+YYYYMMdd}"
        user => "elasticsearch_username"
        password => "elasticsearch_password"
    }

}

EOF

```

配置部署脚本

```

cat > docker-logstash.sh <<-EOF
#!/usr/bin/env bash

docker run -d \
  --name logstash \
  --restart always \
  --link elasticsearch:elasticsearch \
  -p 5044:5044 \
  -v /etc/timezone:/etc/timezone:ro \
  -v /etc/localtime:/etc/localtime:ro \
  -v /data/deploy/logstash/logstash.yml:/usr/share/logstash/config/logstash.yml:ro \
  -v /data/deploy/logstash/logstash.conf:/usr/share/logstash/pipeline/logstash.conf:ro \
  logstash:7.6.1

EOF

```

执行部署

> bash docker-logstash.sh

 

##### kibana

配置kibana.yml

```

mkdir /data/deploy/kibana

cat > /data/deploy/kibana/kibana.yml <<-EOF
server.name: kibana
server.host: "0"
elasticsearch.hosts: [ "http://elasticsearch:9200" ]
elasticsearch.username: "xxx"
elasticsearch.password: "xxx"
xpack.monitoring.ui.container.elasticsearch.enabled: true

EOF

```

配置部署脚本

```

cat > docker-kibana.sh <<-EOF
#!/usr/bin/env bash

docker run -d \
  --name kibana \
  --restart always \
  --link elasticsearch:elasticsearch \
  -p 5601:5601 \
  -v /etc/timezone:/etc/timezone:ro \
  -v /etc/localtime:/etc/localtime:ro \
  -v /data/deploy/kibana/kibana.yml:/usr/share/kibana/config/kibana.yml:ro \
  kibana:7.6.1

EOF

```

执行部署

> bash docker-kibana.sh