docker-compose 部署ELK
目录结构
elk
|--docker-compose.yml
|--elasticsearch
| |--es-master
| |--es-slave1
| |--es-slave2
|--logstash
| |--config
| |--logstash.conf
| |--logstash.yml
|--kibana
创建docker公用网络
docker network create --driver bridge --subnet 172.23.0.0/25 --gateway 172.23.0.1 elk_network
编辑docker-compose.yml
version: "3"
services:
es-master:
image: elasticsearch:6.5.3
container_name: es-master
environment:
- cluster.name=es-cluster
- node.name=es-master
- node.master=true
- node.data=false
- http.cors.enabled=true
- http.cors.allow-origin=*
- bootstrap.memory_lock=true
- ES_JAVA_OPTS=-Xms1g -Xmx1g
ports:
- "19200:9200"
expose:
- "9200"
- "9300"
restart: always
volumes:
- ./elasticsearch/es-master:/usr/share/elasticsearch/data:rw
networks:
default:
ipv4_address: 172.23.0.41
es-slave1:
image: elasticsearch:6.5.3
container_name: es-slave1
depends_on:
- es-master
environment:
- cluster.name=es-cluster
- node.name=es-slave1
- node.master=false
- node.data=true
- discovery.zen.ping.unicast.hosts=es-master
- bootstrap.memory_lock=true
- ES_JAVA_OPTS=-Xms1g -Xmx1g
ports:
- "19201:9200"
expose:
- "9300"
restart: always
volumes:
- ./elasticsearch/es-slave1:/usr/share/elasticsearch/data:rw
networks:
default:
ipv4_address: 172.23.0.42
es-slave2:
image: elasticsearch:6.5.3
container_name: es-slave2
depends_on:
- es-master
environment:
- cluster.name=es-cluster
- node.name=es-slave2
- node.master=false
- node.data=true
- discovery.zen.ping.unicast.hosts=es-master
- bootstrap.memory_lock=true
- ES_JAVA_OPTS=-Xms1g -Xmx1g
ports:
- "19202:9200"
expose:
- "9300"
restart: always
volumes:
- ./elasticsearch/es-slave2:/usr/share/elasticsearch/data:rw
networks:
default:
ipv4_address: 172.23.0.43
kibana:
image: kibana:6.5.3
container_name: kibana
depends_on:
- es-master
restart: always
environment:
- ELASTICSEARCH_URL=http://es-master:19200
- I18N_LOCALE=zh-CN
ports:
- "15601:5601"
networks:
default:
ipv4_address: 172.23.0.51
logstash:
image: logstash:6.5.3
container_name: logstash
ports:
- "9601:9600"
restart: always
environment:
- XPACK_MONITORING_ENABLED=false
volumes:
- ./logstash/config/logstash.conf:/usr/share/logstash/pipeline/logstash.conf:rw
- ./logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml:rw
depends_on:
- es-master
- es-slave1
- es-slave2
networks:
default:
ipv4_address: 172.23.0.31
networks:
default:
external:
name: elk_network
常见问题
- bootstrap checks failed 或者 memory locking requested for elasticsearch process but memory is not locked
vi /etc/systemd/system.conf
最下方添加:
DefaultLimitNOFILE=65536
DefaultLimitNPROC=32000
DefaultLimitMEMLOCK=infinity
reboot
- 如果出现无权限问题
chmod -R 777 /data/elk
- docker 显示open permission denied
关闭SELinux
#查看SELinux状态(如果SELinux status参数为enabled即为开启状态)
/usr/sbin/sestatus -v
#修改配置文件重启机器禁用(将SELINUX=enforcing改为SELINUX=disabled)
vim /etc/selinux/config
- creating overlay mount to invalid argument
修改/etc/sysconfig/docker-storage
把其中的overlay2 修改成overlay
执行:
systemctl daemon-reload
service docker restart
注意:修改后原镜像会无效,因为类似修改了文件存储路径
