docker部署elk

参考资料地址

https://blog.csdn.net/yprufeng?type=blog

总结版本

修改系统句柄数

说明:linux系统默认的可操作句柄数是65535,es集群默认的进程句柄数需要至少为262144个,如果我们想正常启动es集群,我们需要调大这个参数。
命令:
echo vm.max_map_count=262144 >> /etc/sysctl.conf
sysctl -p

修改docker-compose容器启动时间

说明:在使用docker-compose启动多个容器时,在其默认的启动时间60s内无法全部启动完成,容器就会整个启动失败。这里我们将此参数调大到1000s。
使用vi编辑器修改系统环境变量文件/etc/profile,在文件的末尾添加俩个参数,然后更新系统参数,使新添加的参数配置生效。
参数:
export DOCKER_CLIENT_TIMEOUT=1000
export COMPOSE_HTTP_TIMEOUT=1000

创建elk-cluster.yml配置文件

#elk-cluster集群配置文件
version: "3.3"
 
services:
  #######################elasticsearch集群配置################
  es01:
    #镜像名称
    image: elasticsearch:7.12.0
    #容器名称
    container_name: elk-cluster-es01
    hostname: es01
    #开机自启动
    restart: always
    privileged: true
    #环境变量设置
    environment:
      #节点名称
      - node.name=es01
      #集群名称
      - cluster.name=elk-cluster-es
      #其它节点
      - discovery.seed_hosts=es02,es03
      - cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      #加入跨域配置
      - http.cors.enabled=true
      - http.cors.allow-origin=*
      #java堆内存大小设置
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      #开启读写权限
      - "TAKE_FILE_OWNERSHIP=true"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    #数据卷映射
    volumes:
      - /elk/elasticsearch/01/data:/usr/share/elasticsearch/data
      - /elk/elasticsearch/01/logs:/usr/share/elasticsearch/logs
    #端口映射
    ports:
      - 9200:9200
    #网络配置
    networks:
      - elk
      
  es02:
    image: elasticsearch:7.12.0
    container_name: elk-cluster-es02
    hostname: es02
    restart: always
    privileged: true
    environment:
      - node.name=es02
      - cluster.name=elk-cluster-es
      - discovery.seed_hosts=es01,es03
      - cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      #加入跨域配置
      - http.cors.enabled=true
      - http.cors.allow-origin=*
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - "TAKE_FILE_OWNERSHIP=true"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - /elk/elasticsearch/02/data:/usr/share/elasticsearch/data
      - /elk/elasticsearch/02/logs:/usr/share/elasticsearch/logs
    #网络配置
    networks:
      - elk
      
  es03:
    image: elasticsearch:7.12.0
    container_name: elk-cluster-es03
    hostname: es03
    restart: always
    privileged: true
    environment:
      - node.name=es03
      - cluster.name=elk-cluster-es
      - discovery.seed_hosts=es01,es02
      - cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      #加入跨域配置
      - http.cors.enabled=true
      - http.cors.allow-origin=*
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - "TAKE_FILE_OWNERSHIP=true"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - /elk/elasticsearch/03/data:/usr/share/elasticsearch/data
      - /elk/elasticsearch/03/logs:/usr/share/elasticsearch/logs
    #端口映射
    networks:
      - elk
      
  #####################kibana配置####################################
  kibana:
    image: kibana:7.12.0
    container_name: elk-cluster-kibana
    hostname: kibana
    restart: always
    environment:
      #elasticsearch服务地址
      ELASTICSEARCH_HOSTS: "http://es01:9200"
      #kibana语言配置:en、zh-CN、ja-JP
      I18N_LOCALE: "en"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    #端口映射
    ports:
      - 5601:5601
    networks:
      - elk
    depends_on:
      - es01
      - es02
      - es03
      
  #####################kibana配置####################################
  nginx:
    image: nginx:stable-alpine-perl
    container_name: elk-cluster-nginx
    hostname: nginx
    restart: always
    ulimits:
      memlock:
        soft: -1
        hard: -1
    #端口映射
    ports:
      - 80:80
    networks:
      - elk
    depends_on:
      - kibana
      
  #####################logstash配置####################################
  logstash01:
    image: logstash:7.12.0
    container_name: elk-cluster-logstash01
    hostname: logstash01
    restart: always
    environment:
      #elasticsearch服务地址
      - monitoring.elasticsearch.hosts="http://es01:9200"
    ports:
      - 9600:9600
      - 5044:5044
    networks:
      - elk
    depends_on:
      - es01
      - es02
      - es03
      
  logstash02:
    image: logstash:7.12.0
    container_name: elk-cluster-logstash02
    hostname: logstash02
    restart: always
    environment:
      #elasticsearch服务地址
      - monitoring.elasticsearch.hosts="http://es01:9200"
    ports:
      - 9601:9600
      - 5045:5044
    networks:
      - elk
    depends_on:
      - es01
      - es02
      - es03
      
  logstash03:
    image: logstash:7.12.0
    container_name: elk-cluster-logstash03
    hostname: logstash03
    restart: always
    environment:
      #elasticsearch服务地址
      - monitoring.elasticsearch.hosts="http://es01:9200"
    ports:
      - 9602:9600
      - 5046:5044
    networks:
      - elk
    depends_on:
      - es01
      - es02
      - es03
      
  #####################kafka集群相关配置####################################
  #zookeeper集群
  zk01:
    image: zookeeper:3.7.0
    restart: always
    container_name: elk-cluster-zk01
    hostname: zk01
    ports:
      - 2181:2181
    networks:
      - elk
    volumes:
      - "/elk/zookeeper/zk01/data:/data"
      - "/elk/zookeeper/zk01/logs:/datalog"
    environment:
      ZOO_MY_ID: 1
      ZOO_SERVERS: server.1=0.0.0.0:2888:3888;2181 server.2=zk02:2888:3888;2181 server.3=zk03:2888:3888;2181
    depends_on:
      - es01
      - es02
      - es03
 
  zk02:
    image: zookeeper:3.7.0
    restart: always
    container_name: elk-cluster-zk02
    hostname: zk02
    ports:
      - 2182:2181
    networks:
      - elk
    volumes:
      - "/elk/zookeeper/zk02/data:/data"
      - "/elk/zookeeper/zk02/logs:/datalog"
    environment:
      ZOO_MY_ID: 2
      ZOO_SERVERS: server.1=zk01:2888:3888;2181 server.2=0.0.0.0:2888:3888;2181 server.3=zk03:2888:3888;2181
    depends_on:
      - es01
      - es02
      - es03
 
  zk03:
    image: zookeeper:3.7.0
    restart: always
    container_name: elk-cluster-zk03
    hostname: zk03
    ports:
      - 2183:2181
    networks:
      - elk
    volumes:
      - "/elk/zookeeper/zk03/data:/data"
      - "/elk/zookeeper/zk03/logs:/datalog"
    environment:
      ZOO_MY_ID: 3
      ZOO_SERVERS: server.1=zk01:2888:3888;2181 server.2=zk02:2888:3888;2181 server.3=0.0.0.0:2888:3888;2181
    depends_on:
      - es01
      - es02
      - es03
 
  #kafka集群
  kafka01:
    image: wurstmeister/kafka:2.13-2.7.0
    restart: always
    container_name: elk-cluster-kafka01
    hostname: kafka01
    ports:
      - "9091:9092"
      - "9991:9991"
    networks:
      - elk
    depends_on:
      - zk01
      - zk02
      - zk03
    environment:
      KAFKA_BROKER_ID: 1
      KAFKA_ADVERTISED_HOST_NAME: kafka01
      KAFKA_ADVERTISED_PORT: 9091
      KAFKA_HOST_NAME: kafka01
      KAFKA_ZOOKEEPER_CONNECT: zk01:2181,zk02:2181,zk03:2181
      KAFKA_LISTENERS: PLAINTEXT://kafka01:9092
      KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://192.168.1.120:9091
      JMX_PORT: 9991
      KAFKA_JMX_OPTS: "-Djava.rmi.server.hostname=kafka01 -Dcom.sun.management.jmxremote.port=9991 -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.managementote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false"
    volumes:
      - "/elk/kafka/kafka01/:/kafka"
 
  kafka02:
    image: wurstmeister/kafka:2.13-2.7.0
    restart: always
    container_name: elk-cluster-kafka02
    hostname: kafka02
    ports:
      - "9092:9092"
      - "9992:9992"
    networks:
      - elk
    depends_on:
      - zk01
      - zk02
      - zk03
    environment:
      KAFKA_BROKER_ID: 2
      KAFKA_ADVERTISED_HOST_NAME: kafka02
      KAFKA_ADVERTISED_PORT: 9092
      KAFKA_HOST_NAME: kafka02
      KAFKA_ZOOKEEPER_CONNECT: zk01:2181,zk02:2181,zk03:2181
      KAFKA_LISTENERS: PLAINTEXT://kafka02:9092
      KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://192.168.1.120.134:9092
      JMX_PORT: 9992
      KAFKA_JMX_OPTS: "-Djava.rmi.server.hostname=kafka02 -Dcom.sun.management.jmxremote.port=9992 -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.managementote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false"
    volumes:
      - "/elk/kafka/kafka02/:/kafka"
 
  kafka03:
    image: wurstmeister/kafka:2.13-2.7.0
    restart: always
    container_name: elk-cluster-kafka03
    hostname: kafka03
    ports:
      - "9093:9092"
      - "9993:9993"
    networks:
      - elk
    depends_on:
      - zk01
      - zk02
      - zk03
    environment:
      KAFKA_BROKER_ID: 3
      KAFKA_ADVERTISED_HOST_NAME: kafka03
      KAFKA_ADVERTISED_PORT: 9093
      KAFKA_HOST_NAME: kafka03
      KAFKA_ZOOKEEPER_CONNECT: zk01:2181,zk02:2181,zk03:2181
      KAFKA_LISTENERS: PLAINTEXT://kafka03:9092
      KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://192.168.1.120:9093
      JMX_PORT: 9993
      KAFKA_JMX_OPTS: "-Djava.rmi.server.hostname=kafka03 -Dcom.sun.management.jmxremote.port=9993 -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.managementote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false"
    volumes:
      - "/elk/kafka/kafka3/:/kafka"
 
  #kafka管理工具
  'kafka-manager':
    container_name: elk-cluster-kafka-manager
    image: sheepkiller/kafka-manager:stable
    restart: always
    ports:
      - 9000:9000
    networks:
      - elk
    depends_on:
      - kafka01
      - kafka02
      - kafka03
    environment:
      KM_VERSION: 1.3.3.18
      ZK_HOSTS: zk01:2181,zk02:2181,zk03:2181
 
  #kafka监控工具
  'kafka-offset-monitor':
    container_name: elk-cluster-kafka-offset-monitor
    image: 564239555/kafkaoffsetmonitor:latest
    restart: always
    volumes:
      - /elk/kafkaoffsetmonitor/conf:/kafkaoffsetmonitor
    ports:
      - 9001:8080
    networks:
      - elk
    depends_on:
      - kafka01
      - kafka02
      - kafka03
    environment:
      ZK_HOSTS: zk01:2181,zk02:2181,zk03:2181
      KAFKA_BROKERS: kafka01:9092,kafka02:9092,kafka03:9092
      REFRESH_SECENDS: 10
      RETAIN_DAYS: 2
      
  #######################filebeat配置################
  filebeat:
    #镜像名称
    image: elastic/filebeat:7.12.0
    #容器名称
    container_name: elk-cluster-filebeat
    hostname: filebeat
    #开机自启动
    restart: always
    volumes:
      - /elk/filebeat/data:/elk/logs
    #权限设置
    privileged: true
    #用户
    user: root
    #环境变量设置
    environment:
      #开启读写权限
      - "TAKE_FILE_OWNERSHIP=true"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    #网络配置
    networks:
      - elk 
    depends_on:
      - kafka01
      - kafka02
      - kafka03
      
networks:
  elk:
    driver: bridge

启动elk集群

命令:docker-compose -f elk-cluster.yml up -d

修改filebeat配置文件

指令

docker exec -it elk-cluster-filebeat bash
vi filebeat.yml
filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /elk/logs/*.log  #数据采集输入的文件地址,以后应用生成的日志的映射路径
 
filebeat.config:
  modules:
    path: ${path.config}/modules.d/*.yml
    reload.enabled: false
 
processors:
  - add_cloud_metadata: ~
  - add_docker_metadata: ~
 
output.kafka:
  # initial brokers for reading cluster metadata
  hosts: ["kafka01:9092", "kafka02:9092", "kafka03:9092"] #kafka集群地址
 
  # message topic selection + partitioning
  topic: 'test' # kafka主题名称配置
  partition.round_robin:
    reachable_only: false
 
  required_acks: 1
  compression: gzip
  max_message_bytes: 1000000

创建kafka的主题test

修改logstash配置文件

input{
       #方式一:直接通过logback收集日志 
       tcp{
           port => 5044
           type => "samplelog"
           codec => "json_lines"
       }
       #方式二:kafka方式
       kafka {
           type => 'kafka'
           bootstrap_servers => "kafka01:9092,kafka02:9092,kafka03:9092"
           topics => "test"
           group_id => "elk"
    }
}
 
output{
    #普通方式
    if [type] == 'samplelog'{
        elasticsearch {
            #es地址
            hosts => ["es01:9200","es02:9200","es03:9200"]
            #索引
            index => "elk-cluster-logstash-01-%{[app]}-%{+YYYY.MM.dd}"
        }
    }
    #kafka方式
    if [type] == 'kafka'{
        elasticsearch {
            #es地址
            hosts => ["es01:9200","es02:9200","es03:9200"]
            #索引
            index => "elk-samplelog-%{+YYYY.MM.dd}"
        }
    }
 
}

修改nginx配置

server {
        listen 80;
        server_name kibana;
        location / {
                proxy_pass http://kibana:5601;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
        }
}

重启服务

命令:docker-compose -f elk-cluster.yml restart

ES集群部署

  • 命令:
    docker pull elasticsearch:7.11.1
    修改linux文件句柄数:因为es集群默认的进程句柄数需要至少为262144个,系统默认的是65535,这里将默认的进程句柄数调大到262144个,以便可以正产启动es集群。
    命令:echo vm.max_map_count=262144 >> /etc/sysctl.conf
    sysctl -p

docker-compose启动文件es-cluster.yml配置内容如下

version: '2.2'
services:
  #服务名称
  es01:
    #镜像名称
    image: elasticsearch:7.11.1
    #容器名称
    container_name: elk-cluster-es-master
    privileged: true
    #环境变量设置
    environment:
      #节点名称
      - node.name=es01
      #是否启用主节点
      - node.master=true
      #集群名称
      - cluster.name=elk-cluster-es
      #其它节点
      - discovery.seed_hosts=es02,es03
      - cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      #加入跨域配置
      - http.cors.enabled=true
      - http.cors.allow-origin=*
      #java堆内存大小设置
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      #开启读写权限
      - "TAKE_FILE_OWNERSHIP=true"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    #数据卷映射
    volumes:
      - /elk/es/master/data:/usr/share/elasticsearch/data
      - /elk/es/master/logs:/usr/share/elasticsearch/logs
    #端口映射
    ports:
      - 9200:9200
    #网络配置
    networks:
      - elastic
  es02:
    image: elasticsearch:7.11.1
    container_name: elk-cluster-es-slave-01
    privileged: true
    environment:
      - node.name=es02
      - cluster.name=elk-cluster-es
      - discovery.seed_hosts=es01,es03
      - cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      #加入跨域配置
      - http.cors.enabled=true
      - http.cors.allow-origin=*
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - "TAKE_FILE_OWNERSHIP=true"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - /elk/es/slave01/data:/usr/share/elasticsearch/data
      - /elk/es/slave01/logs:/usr/share/elasticsearch/logs
    networks:
      - elastic
  es03:
    image: elasticsearch:7.11.1
    container_name: elk-cluster-es-slave-02
    privileged: true
    environment:
      - node.name=es03
      - cluster.name=elk-cluster-es
      - discovery.seed_hosts=es01,es02
      - cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      #加入跨域配置
      - http.cors.enabled=true
      - http.cors.allow-origin=*
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - "TAKE_FILE_OWNERSHIP=true"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - /elk/es/slave02/data:/usr/share/elasticsearch/data
      - /elk/es/slave02/logs:/usr/share/elasticsearch/logs
    networks:
      - elastic
 
volumes:
  data01:
    driver: local
  data02:
    driver: local
  data03:
    driver: local
 
networks:
  elastic:
    driver: bridge

docker-compose -f es-cluster.yml up -d

装es-head可视化插件管理ES集群

  • 命令:
    docker pull mobz/elasticsearch-head:5
    docker run -d --name elk-cluster-es-head -p 9100:9100 mobz/elasticsearch-head:5

Kibana搭建

  • 命令:
    docker pull kibana:7.11.1
    docker run --name elk-cluster-kibana --restart=always -p 5601:5601 -d kibana:7.11.1

nginx反向代理搭建

拉取镜像

  • 命令:
    docker pull nginx:stable-alpine-perl

启动nginx服务,并设置为开机自启动

  • 命令:docker run --name elk-cluster-nginx --restart=always -p 80:80 -v /elk/nginx:/kibana -d nginx:stable-alpine-perl

添加kibana代理
kibana.conf配置文件如下:

server {
        listen 80;
        server_name kibana;
        auth_basic "Restricted Access";
        auth_basic_user_file /kibana/kibana-user;
        location / {
                proxy_pass http://192.168.1.120:5601;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
        }
}

listen:访问端口
server_name:服务名称
auth_basic_user_file:访问验证文件配置,该文件目前还不存在,我们后面会在前面启动命令中提到的数据映射目录下/elk/nginx生成一个kibana-user文件
proxy_pass:kibana访问请求路径

安装生成访问验证文件工具httpd-tools

  • 命令:
    yum -y install epel-release
    yum -y install nginx httpd-tools
    生成访问验证文件kibana-user
    htpasswd -cm /elk/nginx/kibana-user kibana
    输入密码

重启nginx容器

  • 命令:
    docker restart elk-cluster-nginx

logstash搭建

-- logstash是一个无状态的流处理软件,本身是没有集群方案的

拉取镜像

  • 命令:
    docker pull logstash:7.11.1

docker-compose启动配置文件logstash-cluster.yml如下:

#elk集群版logstash配置
version: '3'
services:
 logstash-01:
   image: logstash:7.11.1
   container_name: elk-cluster-logstash-01
   hostname: logstash
   restart: always
   ports:
     - 9600:9600
     - 5044:5044
 logstash-02:
   image: logstash:7.11.1
   container_name: elk-cluster-logstash-02
   hostname: logstash
   restart: always
   ports:
     - 9601:9600
     - 5045:5044
 logstash-03:
   image: logstash:7.11.1
   container_name: elk-cluster-logstash-03
   hostname: logstash
   restart: always
   ports:
     - 9602:9600
     - 5046:5044

docker-compose 启动logstash集群

  • 命令:
    docker-compose -f logstash-cluster.yml -p logstash up -d
    -- 特别说明:这里因为前面已经使用docker-compose启动过es集群,所以我们加一个 -p的参数作为区别,不然容器创建的目录是相同的,会有一个警告,不加也不影响,作者这里就加上了。

修改logstash集群默认配置:

进入容器,vi编辑器修改logstash.yml配置
命令:docker exec -it elk-cluster-logstash-01 /bin/bash

ls
cd config
ls
vi logstash.yml
xpack.monitoring.elasticsearch.hosts:[192.168.1.120:8200] //修改为es集群地址

进入容器,vi编辑器修改logstash.conf配置
命令:docker exec -it elk-cluster-logstash-01 /bin/bash

ls
cd pipeline/
ls
vi logstash.conf
---------------------------------
input{
       #方式一:直接通过logback收集日志 
       tcp{
           port => 5044
           type => "samplelog"
           codec => "json_lines"
       }
       #方式二:kafka方式
}
 
output{
    if [type] == 'samplelog'{
        elasticsearch {
            #es地址
            hosts => "192.168.1.120:9200"
            #索引
            index => "elk-cluster-logstash-01-%{[app]}-%{+YYYY.MM.dd}"
        }
    }
    #kafka方式
}
-------------------------------

--- 注意:这里只是elk-cluster-logstash-01的配置修改,其它俩个的修改同上。区别只在于将output中的index索引换成自己的。这里其它部分一致,只以01,02,03区别。

重启logstash集群

命令:docker-compose -f logstash-cluster.yml -p logstash restart

验证logstash是否可以收集数据

(1)使用es-head查看数据
(2)使用kibana查看数据

kafka集群搭建

--- 由于kafka集群是依赖zookeeper实现通信的,我们也需要搭建一套zookeeper集群,本节中我们依旧采用docker-compose的方式搭建我们的kafka集群,同时为了便于管理我们的kafka集群,我们也会安装俩个辅助的工具管理、监控我们的kafka集群,分别为kafka-manager与kafka-offset-monitor,话不多说,开始我们的正文。

拉取镜像:

命令:docker pull <镜像>:<版本号>
zookeeper 3.7.0
kafka
kafka-manager
kafkaoffsetmonitor

docker-compose启动容器超时
在使用docker-compose启动多个容器时,在其默认的启动时间60s内无法全部启动完成,容器就会整个启动失败。这里我们将此参数调大到1000s。使用vi编辑器修改系统变量文件/etc/profile,在文件的末尾添加俩个参数,然后更新系统参数,使新添加的参数配置生效。
export DOCKER_CLIENT_TIMEOUT=1000
export COMPOSE_HTTP_TIMEOUT=1000

vi /etc/profile,在文件的末尾添加俩个参数,然后更新系统参数,使新添加的参数配置生效。
source /etc/profile

创建kafka-cluster.yml启动脚本

#kafka-cluster.yml文件
version: '3.1'
 
services:
  #zk集群
  zk1:
    image: zookeeper:3.7.0
    restart: always
    container_name: elk-cluster-zk1
    hostname: zk1
    ports:
      - 2181:2181
    volumes:
      - "/elk/zookeeper/zk1/data:/data"
      - "/elk/zookeeper/zk1/logs:/datalog"
    environment:
      ZOO_MY_ID: 1
      ZOO_SERVERS: server.1=0.0.0.0:2888:3888;2181 server.2=zk2:2888:3888;2181 server.3=zk3:2888:3888;2181  
  zk2:
    image: zookeeper:3.7.0
    restart: always
    container_name: elk-cluster-zk2
    hostname: zk2
    ports:
      - 2182:2181
    volumes:
      - "/elk/zookeeper/zk2/data:/data"
      - "/elk/zookeeper/zk2/logs:/datalog"
    environment:
      ZOO_MY_ID: 2
      ZOO_SERVERS: server.1=zk1:2888:3888;2181 server.2=0.0.0.0:2888:3888;2181 server.3=zk3:2888:3888;2181
  zk3:
    image: zookeeper:3.7.0
    restart: always
    container_name: elk-cluster-zk3
    hostname: zk3
    ports:
      - 2183:2181
    volumes:
      - "/elk/zookeeper/zk3/data:/data"
      - "/elk/zookeeper/zk3/logs:/datalog"
    environment:
      ZOO_MY_ID: 3
      ZOO_SERVERS: server.1=zk1:2888:3888;2181 server.2=zk2:2888:3888;2181 server.3=0.0.0.0:2888:3888;2181
  #kafka集群
  kafka1:
    image: wurstmeister/kafka:2.13-2.7.0
    restart: always
    container_name: elk-cluster-kafka1
    hostname: kafka1
    ports:
      - "9091:9092"
      - "9991:9991"
    depends_on:
      - zk1
      - zk2
      - zk3
    environment:
      KAFKA_BROKER_ID: 1
      KAFKA_ADVERTISED_HOST_NAME: kafka1
      KAFKA_ADVERTISED_PORT: 9091
      KAFKA_HOST_NAME: kafka1
      KAFKA_ZOOKEEPER_CONNECT: zk1:2181,zk2:2181,zk3:2181
      KAFKA_LISTENERS: PLAINTEXT://kafka1:9092
      KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://192.168.1.120:9091
      JMX_PORT: 9991
      KAFKA_JMX_OPTS: "-Djava.rmi.server.hostname=kafka1 -Dcom.sun.management.jmxremote.port=9991 -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.managementote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false"
    volumes:
      - "/elk/kafka/kafka1/:/kafka"
  kafka2:
    image: wurstmeister/kafka:2.13-2.7.0
    restart: always
    container_name: elk-cluster-kafka2
    hostname: kafka2
    ports:
      - "9092:9092"
      - "9992:9992"
    depends_on:
      - zk1
      - zk2
      - zk3
    environment:
      KAFKA_BROKER_ID: 2
      KAFKA_ADVERTISED_HOST_NAME: kafka2
      KAFKA_ADVERTISED_PORT: 9092
      KAFKA_HOST_NAME: kafka2
      KAFKA_ZOOKEEPER_CONNECT: zk1:2181,zk2:2181,zk3:2181
      KAFKA_LISTENERS: PLAINTEXT://kafka2:9092
      KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://192.168.1.120:9092
      JMX_PORT: 9992
      KAFKA_JMX_OPTS: "-Djava.rmi.server.hostname=kafka2 -Dcom.sun.management.jmxremote.port=9992 -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.managementote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false"
    volumes:
      - "/elk/kafka/kafka2/:/kafka"
  kafka3:
    image: wurstmeister/kafka:2.13-2.7.0
    restart: always
    container_name: elk-cluster-kafka3
    hostname: kafka3
    ports:
      - "9093:9092"
      - "9993:9993"
    depends_on:
      - zk1
      - zk2
      - zk3
    environment:
      KAFKA_BROKER_ID: 3
      KAFKA_ADVERTISED_HOST_NAME: kafka3
      KAFKA_ADVERTISED_PORT: 9093
      KAFKA_HOST_NAME: kafka3
      KAFKA_ZOOKEEPER_CONNECT: zk1:2181,zk2:2181,zk3:2181
      KAFKA_LISTENERS: PLAINTEXT://kafka3:9092
      KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://192.168.1.120:9093
      JMX_PORT: 9993
      KAFKA_JMX_OPTS: "-Djava.rmi.server.hostname=kafka3 -Dcom.sun.management.jmxremote.port=9993 -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.managementote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false"
    volumes:
      - "/elk/kafka/kafka3/:/kafka"
  #kafka管理工具
  'kafka-manager':
    container_name: kafka-manager
    image: sheepkiller/kafka-manager:stable
    restart: always
    ports:
      - 9000:9000
    depends_on:
      - kafka1
      - kafka2
      - kafka3
    environment:
      KM_VERSION: 1.3.3.18
      ZK_HOSTS: zk1:2181,zk2:2181,zk3:2181
  #kafka监控工具
  'kafka-offset-monitor':
    container_name: kafka-offset-monitor
    image: 564239555/kafkaoffsetmonitor:latest
    restart: always
    volumes:
      - /elk/kafkaoffsetmonitor/conf:/kafkaoffsetmonitor
    ports:
      - 9001:8080
    depends_on:
      - kafka1
      - kafka2
      - kafka3
    environment:
      ZK_HOSTS: zk1:2181,zk2:2181,zk3:2181
      KAFKA_BROKERS: kafka1:9092,kafka2:9092,kafka3:9092
      REFRESH_SECENDS: 10
      RETAIN_DAYS: 2

启动kafka集群

命令:docker-compose -f kafka-cluster.yml -p kafka up -d
说明:
(1)-f :指定我们的启动文件
(2)-p:指定容器启动的项目目录,如果我们有多个docker-compose启动项目,如果不指定项目目录,会有项目目录冲突的警告
(3)-d:后台启动

验证kafka集群

访问工具kafka-manager地址:http://192.168.1.120:9000
访问http://192.168.1.120:9001/工具kafka-offset-monitor地址,这里可以实现简单的kafka集群监控。

filebeat服务搭建

--- filebeat是轻量级的日志收集工具

拉取镜像

命令:docker pull elastic/filebeat:7.11.1

启动filebeat临时镜像

说明:因为filebeat的配置文件修改需要权限,我们不能直接在容器中修改,所以我们就临时启动一个filebeat镜像服务,将我们的filebeat容器中的配置文件拷贝与我们的虚拟机,在虚拟机中授权修改配置文件,然后同步到我们的容器中。
命令:docker run -d --name=elk-cluster-filebeat elastic/filebeat:7.11.1
拷贝filebeat容器中的配置文件
(1)拷贝配置文件:docker cp elk-cluster-filebeat:/usr/share/filebeat /elk/
(2)授权:chmod 777 -R /elk/
(3)给filebeat的配置文件filebeat.yml授权
(4)创建一个atp目录,用于存放同步的日志文件

vi修改filebeat.yml配置

--- 这里我们只需要配置一下我们收集的文件路径/usr/share/filebeat/samplelog/*.log和kafka集群的服务地址hosts: ["192.168.1.120:9091", "192.168.1.120:9092", "192.168.1.120:9093"]以及订阅的kafka主题atp。
订阅主题我们在kafka集群搭建一节中已经创建,这里直接使用就ok了。

#数据输入配置
filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /usr/share/filebeat/samplelog/*.log
 
filebeat.config:
  modules:
    path: ${path.config}/modules.d/*.yml
    reload.enabled: false
 
processors:
  - add_cloud_metadata: ~
  - add_docker_metadata: ~
 
#数据输出到kafka配置
output.kafka:
  # initial brokers for reading cluster metadata
  hosts: ["192.168.1.120:9091", "192.168.1.120:9092", "192.168.1.120:9093"]
 
  # message topic selection + partitioning
  topic: 'samplelog'
  partition.round_robin:
    reachable_only: false
 
  required_acks: 1
  compression: gzip
  max_message_bytes: 1000000

移除我们的临时filebeat容器

命令:docker rm -f elk-cluster-filebeat

重新启动一个filebeat容器

命令:docker run -d --name=elk-cluster-filebeat --restart=always --user=root --privileged=true -v /elk/filebeat:/usr/share/filebeat elastic/filebeat:7.11.1

通过查看启动日志确认filebeat服务是否已经正常启动

命令:docker logs elk-cluster-filebeat

elk集群验证

修改我们logstash服务的配置文件,拉取kafka的主题消息。然后重启logstash服务。
我们这里只以 elk-cluster-logstash-01容器的修改为例,其它的容器修改相同,这里不再介绍。

修改我们logstash服务的配置文件

input{
       #方式一:直接通过logback收集日志 
       tcp{
           port => 5044
           type => "samplelog"
           codec => "json_lines"
       }
       #方式二:kafka方式
       kafka {
           type => 'kafka'
           bootstrap_servers => "192.168.1.120:9091,192.168.1.120:9092,192.168.1.120:9093"
           topics => "samplelog"
           group_id => "elk"
    }
}
 
output{
    if [type] == 'samplelog'{
        elasticsearch {
            #es地址
            hosts => "192.168.1.120:9200"
            #索引
            index => "elk-cluster-logstash-01-%{[app]}-%{+YYYY.MM.dd}"
        }
    }
    #kafka方式
    if [type] == 'kafka'{
        elasticsearch {
            #es地址
            hosts => "192.168.1.120:9200"
            #索引
            index => "elk-samplelog-%{+YYYY.MM.dd}"
        }
    }
}

重启logstash集群的服务

docker-compose -f logstash-cluster.yml -p logstash restart

posted @ 2022-06-10 17:23  芝幽幽  阅读(1221)  评论(0编辑  收藏  举报