1.关闭selinux
sed -i '/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config #需要重启服务器才能生效 setenforece 0 #先临时关闭
2.设置系统最大连接描述符
ulimit -HSn 65535 #临时设置
vim /etc/security/limits.conf #永久设置
#添加如下代码到最后
* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nofile 65535
3.设置防火墙规则,为接下的es集群和kibana开放访问端口
firewall-cmd --zone=public --add-port=9000/tcp --permanent
firewall-cmd --zone=public --add-port=9001/tcp --permanent
firewall-cmd --zone=public --add-port=9002/tcp --permanent
firewall-cmd --zone=public --add-port=5601/tcp --permanent
4.禁止root远程登录并设置一个普通用户登录
sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
useradd guest && echo 123456 | passwd --stdin guest
#修改vim /etc/sudoer
guest ALL=(ALL) NOPASSWD: ALL
5.更改ssh默认的端口
sed -ie 's/^#Port 22/Port 6666/' /etc/ssh/sshd_config
#重启ssh
6.更改国内YUM源
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
7.es设置相关参数
echo 'vm.max_map_count=262144' >> /etc/sysctl.conf
syctl -p #使配置生效,必须配不然等会ES启动会有问题
8.安装依赖
yum -y install wget vim net-tools
第二步-安装docker
1.先安装依赖
yum install -y yum-utils
2.准备docker的yum源
yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo #下载docker.repo
3.docker yum源的常用的参数
yum-config-manager --enable docker-ce-nightly #开启docker.repo 默认是关闭的
yum-config-manager --enable docker-ce-test #开启docker。repo test源 可选
yum-config-manager --disable docker-ce-nightly #关闭指定docker.repo源
yum install docker-ce docker-ce-cli containerd.io #安装最新的docker
yum list docker-ce --showduplicates | sort -r #列出所有可获得的版本,可指定版本下载
yum install docker-ce-<VERSION_STRING> docker-ce-cli-<VERSION_STRING> containerd.io #指定下载的版本
systemctl start docker #开启docker
docker run hello-world #开启hellos-world的镜像进行测试
docker image ls #查看是否创建成功,创建成功代表docker安装正确
4.使用阿里云的加速器,提升到官方下载镜像的速度
vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://ybzd84iy.mirror.aliyuncs.com"]
}
systemctl daemon-reload
systemctl restart docker #启动容器
systemctl enable docekr #开机自启动
第三步-安装docker-compose
#安装docker-compose
curl -L https://get.daocloud.io/docker/compose/releases/download/1.23.2/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose #给执行权限
#查看版本,看有没有安装成功
docker-compose --version
第四步-开始编写redis+elk的docker-compose
1.下载镜像,我这里以6.8.4的版本为例
docker pull redis logstash:6.8.4 elasticsearch:6.8.4 kibana:6.8.4
2.kiabana因为我要使用sentinl插件,所以通过dockerfile制作新的kibana镜像
#下载sentiln
wget https://github.com/lmangani/sentinl/releases/download/6.8.4/sentinl-v6.8.4.zip
#写kibana的dockerfile
FROM kibana:6.8.4
COPY ./sentinl-v6.8.4.zip /usr/share/kibana/plugins/ #拷贝sentil插件到容器
RUN /usr/share/kibana/bin/kibana-plugin install file:///usr/share/kibana/plugins/sentinl-v6.8.4.zip #安装插件,file可以替换成https://下载地址 直接下载安装包,网络不好的同学可以,先下载
#制作镜像
docker build -f Dockerfile -t kibana_sentil:v6.8.4 .
4.编写docker-compose.yml文件
version: '3.3'
services:
redis:
image: redis:latest
container_name: redis
restart: always
command:
redis-server /usr/local/etc/redis/redis.conf --appendonly yes # 表示通过挂载配置文件追加配置
volumes:
- /var/redis/data:/data #挂载redis数据
- /var/redis/conf/redis.conf:/usr/local/etc/redis/redis.conf #挂载redis的配置
ports:
- 6379:6379
networks:
- elk
logstash:
image: logstash:6.8.4
container_name: logstash
volumes:
-/var/logstash/logstash.conf:/usr/share/logstash/pipeline/logstash.conf
- /var/logstash/logstash.yml:/usr/share/logstash/config/logstash.yml
ports:
- 4560:4560
networks:
- elk
es01:
image: elasticsearch:6.8.4
container_name: es01
restart: always
environment:
- node.name=es01
- cluster.name=es-docker-cluster #设置集群名
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms1024m -Xmx1024m" #jvm内存分配
- "TZ=Asia/Shanghai"
ulimits: #关闭SWAP
memlock:
soft: -1
hard: -1
volumes:
- /var/elasticsearch/data01:/usr/share/elasticsearch/data
- /var/elasticsearch/logs01:/usr/share/elasticsearch/logs
-/var/elasticsearch/elasticsearch01.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- /www/elk/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
ports:
- 9200:9200
networks:
- elk
es02:
image: elasticsearch:6.8.4
container_name: es02
restart: always
environment:
- node.name=es02
- cluster.name=es-docker-cluster #设置集群名
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms1024m -Xmx1024m" #jvm内存分配
- "TZ=Asia/Shanghai"
ulimits: #关闭SWAP
memlock:
soft: -1
hard: -1
volumes:
- /var/elasticsearch/data02:/usr/share/elasticsearch/data
- /var/elasticsearch/logs02:/usr/share/elasticsearch/logs
- /var/elasticsearch/elasticsearch02.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- /www/elk/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
ports:
- 9201:9200
networks:
- elk
es03:
image: elasticsearch:6.8.4
container_name: es03
restart: always
environment:
- node.name=es03
- cluster.name=es-docker-cluster #设置集群名
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms1024m -Xmx1024m" #jvm内存分配
- "TZ=Asia/Shanghai"
ulimits: #关闭SWAP
memlock:
soft: -1
hard: -1
volumes:
- /var/elasticsearch/data03:/usr/share/elasticsearch/data
- /var/elasticsearch/logs03:/usr/share/elasticsearch/logs
- /var/elasticsearch/elasticsearch03.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- /www/elk/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
ports:
- 9202:9200
networks:
- elk
kibana:
depends_on:
- es01
image: kibana:v1
container_name: kibana
restart: always
environment:
ELASTICSEARCH_HOSTS: http://es01:9200
ELASTICSEARCH_URL: http://es01:9200
volumes:
- /var/kibana/kibana.yml:/usr/share/kibana/config/kibana.yml
ports:
- 5601:5601
networks:
- elk
networks:
elk:
driver: bridge
#注意,es挂载进容器的data与log目录需要授权给uid或gid为1000的账号,宿主机不需要创建账号,因为es容器内默认使用的elasticsearch账号为uid gid 1000
chow -R 1000.0 /var/elasticsearch/data0{1..3}
chow -R 1000.0 /var/elasticsearch/logs0{1..3}
第五步-为X-PACK生成证书与密码
生成证书
#启动一个es镜像容器 docker run -itd --name test elasticsearch:v6.8.4 #进入容器生成证书 docker exec -it test /bin/bash ./bin/elasticsearch-certutil ca #都按回车 #再生成cert: elastic-certificates.p12 ./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 #退出容器 exit #拷贝证书到docker-compose目录 docker cp test:/usr/share/elasticsearch/elastic-certificates.p12 . #删除容器 docker stop test && docker rm test #注意,证书同样要授权 chown 1000.0 elastic-certificates.p12
生成密码
#启动docker-compose当中的es集群
docker-compose up -d
#进入其中一台
docker exec -it es01 /bin/bash
#生成密码
./bin/elasticsearch-setup-passwords interactive
第六步-配置redis+elk的配置文件
redis
bind 0.0.0.0 #改成任意主机都可以访问
protected-mode no #关闭保护模式
daemonize no #在容器中运行,必须关闭,否则启动秒退,关闭程序进入后台运行
appendonly yes #开启AOF
maxmomery 20G #如果redis数据量大,可以适当更改redis最大内存
requirepass 123456 #设置密码
dir ./ #设置持久化文件的存储路径
logstash.yml
http.host: "0.0.0.0" xpack.monitoring.elasticsearch.hosts: "http://es01:9200" #连接到es xpack.monitoring.elasticsearch.username: "logstash" #上一步生成的密码,需要以这里的一致 xpack.monitoring.elasticsearch.password: "logstash" #上一步生成的密码,需要以这里的一致 xpack.monitoring.enabled: true # 开启XPACK
logstash.conf
input {
redis {
type => "log"
host => "redis"
port => 6379
password => "123456"
db => "0"
data_type => "list"
batch_count => "100"
key => "123456"
}
}
filter {
grok {
#grok过滤正则可以参考官方https://github.com/logstash-plugins/logstash-patterns-core/blob/master/patterns/grok-patterns
}
}
output {
elasticsearch {
hosts => ["http://es01:9200","http://es02:9200","http://es03:9200"]
index => "test-%{+YYYY.MM.dd}"
user => "elastic" #上一步生成的密码,需要以这里的一致
password => "elastic" #上一步生成的密码,需要以这里的一致
}
}
elasticsearch.yml
network.host: 0.0.0.0 # 打开注释,并修改为监听所有
cluster.name: "es-docker-cluster"
bootstrap.system_call_filter: false
node.master: true
node.data: true
discovery.zen.minimum_master_nodes: 2
http.cors.allow-headers: Authorization
xpack.security.enabled: true #开启X-PACK认证
xpack.license.self_generated.type: basic #trial为试用版,一个月期限,可更改为basic版本
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 #上一步生成的证书,需要以这里的一致
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12 #上一步生成的证书,需要以这里的一致
xpack.monitoring.enabled: true
xpack.monitoring.collection.enabled: true
xpack.monitoring.collection.interval: 30s
discovery.zen.ping.unicast.hosts: ["es01","es02","es03"]
kibana.yml
server.name: kibana
server.host: '0.0.0.0'
elasticsearch.hosts: [ "http://es01:9200","http://es02:9200","http://es03:9200" ]
xpack.monitoring.ui.container.elasticsearch.enabled: true
elasticsearch.username: "elastic" #上一步生成的密码,需要以这里的一致 注意:这里必须使用elastic账号,否则无法使用sentinl
elasticsearch.password: "elastic" #上一步生成的密码,需要以这里的一致
##############################################################
#具体参考sentinl官网文档 https://sentinl.readthedocs.io/en/latest/
sentinl:
# protocol: 'http'
# results: 50
# timefield: '@timestamp'
# default_type: 'doc'
# alarm_index: 'watcher_alarms'
# alarm_type: 'sentinl-alarm'
settings:
email:
active: true
host: 'smtp.126.com'
user: 'zxz1362283710@126.com'
password: 'CSSOHLITCGUPYBUE' #邮箱授权码
port: 25
# domain: 'beast.com'
# ssl: true
# tls: false
# authentication: ['PLAIN', 'LOGIN', 'CRAM-MD5', 'XOAUTH2']
# timeout: 10000 # mail server connection timeout
# cert:
# key: '/full/sys/path/to/key/file'
# cert: '/full/sys/path/to/cert/file'
# ca: '/full/sys/path/to/ca/file'
#slack:
# active: false
# token: 'xoxp-265182-395150-419610-7ba6fb346bcddec9'
webhook:
active: false
host: 'localhost'
port: 9200
# use_https: false
# path: ':/{{payload.watcher_id}}'
# body: '{{payload.watcher_id}}{payload.hits.total}}'
# method: POST
report:
active: true
engine: puppeteer # horseman, puppeteer
puppeteer:
browser_path: /path/to/chrome
# horseman:
# browser_path: /path/to/phantomjs
配置文件可以先配置,把X-PACK相关的先注释,生成密码后,删除注释,重启docker-compose,输入http://ip:5601进行访问,自此是小弟踩坑的全过程,小弟也不是什么大神,有问题欢迎指出,共同探讨。
可以 收录了