Docker安装ELK集群
ELK集群安装
- 一、Elasticsearch
-
- 1.1 下载压缩包
- 1.2 修改/etc/sysctl.conf
- 1.3 生成证书
- 1.4 elasticsearch.yml
- 1.5 启动容器
- 1.6 开启认证
- 1.7 配置密码
- 二、Kibana
-
- 2.1 生成证书
- 2.2 kibana.yml
- 2.3 启动容器
- 三、Logstash
-
- 3.1 logstash.yml
- 3.2 logstash.conf
- 3.3 运行容器
一、Elasticsearch
1.1 下载压缩包
elasticsearch
kibana
logstash
1.2 修改/etc/sysctl.conf
vm.max_map_count=262144 # 添加配置
sysctl -p # 执行生效
1.3 生成证书
cd /etc/elk/elasticsearch # 转到压缩包目录
tar zxvf elasticsearch-8.5.0-linux-x86_64.tar.gz # 解压文件
cd /etc/elk/elasticsearch/elasticsearch-8.5.0 # 转到对应目录
bin/elasticsearch-certutil ca # 生成ca证书,直接回车到结束
bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 # 通过ca证书生成统一通信证书,用于集群间连接
# 生成http证书,分别输入对应对话框选项
# n 不创建csr
# y 使用已经存在ca证书
# ca证书路径 /etc/elk/elasticsearch/elasticsearch-8.5.0/elastic-stack-ca.p12
# 5y 证书有效期5年
# 输入主机名(可用ip)回车结束
# 输入主机名对应ip 回车结束
bin/elasticsearch-certutil http
unzip elasticsearch-ssl-http.zip # 解压得到的zip文件
# 分别拷贝以下文件到 /etc/elk/elasticsearch
# /etc/elk/elasticsearch/elasticsearch-8.5.0/elastic-certificates.p12
# /etc/elk/elasticsearch/elasticsearch-8.5.0/elasticsearch/http.p12
# /etc/elk/elasticsearch/elasticsearch-8.5.0/config/elasticsearch.yml
bin/elasticsearch-certutil csr --name kibana # 生成csr
unzip /etc/elk/elasticsearch/elasticsearch-8.5.0/csr-bundle.zip # 解压
# 拷贝以下文件到kibana主机目录 /etc/elk/kibana
# /etc/elk/elasticsearch/elasticsearch-8.5.0/kibana/kibana.csr
# /etc/elk/elasticsearch/elasticsearch-8.5.0/kibana/kibana.key
# /etc/elk/elasticsearch/elasticsearch-8.5.0/kibana/elasticsearch-ca.pem
# 拷贝以下文件到logstash主机目录 /etc/elk/logstash
# /etc/elk/elasticsearch/elasticsearch-8.5.0/kibana/elasticsearch-ca.pem
cd /etc/elk/elasticsearch/
mkdir data # 挂载数据
mkdir logs # 挂载日志
chmod 777 /etc/elk/elasticsearch/logs # 授权
chmod 777 /etc/elk/elasticsearch/data # 授权
chmod 777 /etc/elk/elasticsearch/http.p12 # 授权
chmod 777 /etc/elk/elasticsearch/elastic-certificates.p12 # 授权
chmod 777 /etc/elk/elasticsearch/elasticsearch.yml # 授权
1.4 elasticsearch.yml
# 末尾追加配置,其他主机(变更节点名和ip即可)
cluster.name: elasticsearch-cluster
node.name: elasticsearch-cluster-01
path.data: /usr/share/elasticsearch/data/
path.logs: /usr/share/elasticsearch/logs/
network.host: 0.0.0.0
network.publish_host: 192.168.157.142
http.port: 9200
discovery.seed_hosts: ["192.168.157.142:9300", "192.168.157.143:9300"]
cluster.initial_master_nodes: ["192.168.157.142:9300","192.168.157.143:9300"]
xpack.security.enabled: false
1.5 启动容器
docker network create elasticsearch # 创建容器网络
docker run -d --restart=always \
--name elasticsearch \
--net elasticsearch \
-p 9200:9200 \
-p 9300:9300 \
-v /etc/elk/elasticsearch/logs/:/usr/share/elasticsearch/logs/ \
-v /etc/elk/elasticsearch/data/:/usr/share/elasticsearch/data/ \
-v /etc/elk/elasticsearch/http.p12:/usr/share/elasticsearch/config/http.p12 \
-v /etc/elk/elasticsearch/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12 \
-v /etc/elk/elasticsearch/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml \
docker.elastic.co/elasticsearch/elasticsearch:8.5.0
1.6 开启认证
# 集群节点 elasticsearch.yml 追加配置
xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/http.p12
xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/http.p12
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/elastic-certificates.p12
1.7 配置密码
docker restart elasticsearch # 重启容器
docker exec -it elasticsearch /bin/sh # 进入容器
cd /usr/share/elasticsearch
bin/elasticsearch-setup-passwords interactive # 输入密码即可
二、Kibana
2.1 生成证书
cd /etc/elk/kibana
tar zxvf kibana-8.5.0-linux-x86_64.tar.gz
openssl x509 -req -in kibana.csr --signkey kibana.key -out kibana.crt
chmod 777 /etc/elk/kibana/data
chmod 777 /etc/elk/kibana/kibana.crt
chmod 777 /etc/elk/kibana/kibana.key
chmod 777 /etc/elk/kibana/elasticsearch-ca.pem
2.2 kibana.yml
# 末尾追加配置
server.port: 5601
server.host: "0.0.0.0"
server.ssl.enabled: true
server.ssl.certificate: /usr/share/kibana/config/kibana.crt
server.ssl.key: /usr/share/kibana/config/kibana.key
elasticsearch.hosts: ["https://192.168.157.142:9200","https://192.168.157.143:9200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "123456"
elasticsearch.ssl.certificateAuthorities: [ "/usr/share/kibana/config/elasticsearch-ca.pem" ]
i18n.locale: "zh-CN"
xpack.reporting.roles.enabled: false
2.3 启动容器
docker run -d --restart=always \
--name kibana \
--net elasticsearch \
-p 5601:5601 \
-v /etc/elk/kibana/data/:/usr/share/kibana/data/ \
-v /etc/elk/kibana/kibana.crt:/usr/share/kibana/config/kibana.crt \
-v /etc/elk/kibana/kibana.key:/usr/share/kibana/config/kibana.key \
-v /etc/elk/kibana/elasticsearch-ca.pem:/usr/share/kibana/config/elasticsearch-ca.pem \
-v /etc/elk/kibana/kibana.yml:/usr/share/kibana/config/kibana.yml \
docker.elastic.co/kibana/kibana:8.5.0
# 使用 elastic 123456(自己设的密码)进行登录
三、Logstash
cd /etc/elk/logstash
tar zxvf logstash-8.5.0-linux-x86_64.tar.gz
mkdir pipeline
chmod 777 /etc/elk/logstash/pipeline
chmod 777 /etc/elk/logstash/elasticsearch-ca.pem
chmod 777 /etc/elk/logstash/logstash.yml
3.1 logstash.yml
# 文件末尾追加
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: "logstash_system"
xpack.monitoring.elasticsearch.password: "123456"
xpack.monitoring.elasticsearch.hosts: ["https://192.168.157.142:9200", "https://192.168.157.143:9200"]
xpack.monitoring.elasticsearch.ssl.certificate_authority: "/usr/share/logstash/elasticsearch-ca.pem"
3.2 logstash.conf
# Sample Logstash configuration for creating a simple
# Beats -> Logstash -> Elasticsearch pipeline.
input {
rabbitmq {
host => "192.168.157.142"
port => 5672
user => "guest"
password => "guest"
vhost => "/"
exchange => "logstash"
exchange_type => "topic"
key => "apigateway"
durable => true
}
}
output {
elasticsearch {
hosts => ["https://192.168.157.142:9200", "https://192.168.157.143:9200"]
index => "apigateway-%{+YYYY.MM.dd}"
user => "elastic"
password => "123456"
cacert => "/usr/share/logstash/elasticsearch-ca.pem"
}
}
3.3 运行容器
docker run -d \
--restart=always \
--name logstash \
-v /etc/elk/logstash/elasticsearch-ca.pem:/usr/share/logstash/elasticsearch-ca.pem \
-v /etc/elk/logstash/pipeline/:/usr/share/logstash/pipeline/ \
-v /etc/elk/logstash/logstash.yml:/usr/share/logstash/config/logstash.yml \
docker.elastic.co/logstash/logstash:8.5.0
