docker-compose部署elastiflow
docker-compose导入导出命令
涉及的命令有export、import、save、load
save
- 命令
docker save [options] images [images...] - 示例
docker save -o nginx.tar nginx:latest
或
docker save > nginx.tar nginx:latest
其中-o和>表示输出到文件,nginx.tar为目标文件,nginx:latest是源镜像名(name:tag)
load
- 命令
docker load [options] - 示例
docker load -i nginx.tar
或
docker load < nginx.tar
其中-i和<表示从文件输入。会成功导入镜像及相关元数据,包括tag信息
export
- 命令
docker export [options] container - 示例
docker export -o nginx-test.tar nginx-test
其中-o表示输出到文件,nginx-test.tar为目标文件,nginx-test是源容器名(name)
import
- 命令
docker import [options] file|URL|- [REPOSITORY[:TAG]] - 示例
docker import nginx-test.tar nginx:imp
或
cat nginx-test.tar | docker import - nginx:imp
区别
- export命令导出的tar文件略小于save命令导出的
- export命令是从容器(container)中导出tar文件,而save命令则是从镜像(images)中导出
- 基于第二点,export导出的文件再import回去时,无法保留镜像所有历史(即每一层layer信息,不熟悉的可以去看Dockerfile),不能进行回滚操作;而save是依据镜像来的,所以导入时可以完整保留下每一层layer信息。如下图所示,
nginx:latest是save导出load导入的,nginx:imp是export导出import导入的。
建议
可以依据具体使用场景来选择命令
- 若是只想备份images,使用save、load即可
- 若是在启动容器后,容器内容有变化,需要备份,则使用export、import
先将三个镜像用docker load -i 导入(镜像自己想办法)
docker-compose.yml
version: '3'
services:
elastiflow-elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.8.1
container_name: elastiflow-elasticsearch
restart: 'no'
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 131072
hard: 131072
nproc: 8192
fsize: -1
network_mode: host
volumes:
# 使用如下命令创建数据目录
# mkdir /docker/elastiflow/data && chown -R 1000:1000 /docker/elastiflow/data
- /docker/elastiflow/data:/usr/share/elasticsearch/data
environment:
# JVM Heap size
# - this should be at least 2GB for simple testing, receiving only a few flows per second.
# - for production environments upto 31GB is recommended.
ES_JAVA_OPTS: '-Xms4g -Xmx4g'
cluster.name: elastiflow
bootstrap.memory_lock: 'true'
network.host: 0.0.0.0
http.port: 9200
discovery.type: 'single-node'
indices.query.bool.max_clause_count: 8192
search.max_buckets: 250000
action.destructive_requires_name: 'true'
elastiflow-kibana:
image: docker.elastic.co/kibana/kibana:7.8.1
container_name: elastiflow-kibana
restart: 'no'
depends_on:
- elastiflow-elasticsearch
network_mode: host
environment:
SERVER_HOST: 0.0.0.0
SERVER_PORT: 5601
SERVER_MAXPAYLOADBYTES: 8388608
ELASTICSEARCH_HOSTS: "http://127.0.0.1:9200"
ELASTICSEARCH_REQUESTTIMEOUT: 132000
ELASTICSEARCH_SHARDTIMEOUT: 120000
KIBANA_DEFAULTAPPID: "dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5"
KIBANA_AUTOCOMPLETETIMEOUT: 3000
KIBANA_AUTOCOMPLETETERMINATEAFTER: 2500000
LOGGING_DEST: stdout
LOGGING_QUIET: 'false'
elastiflow-logstash:
image: robcowart/elastiflow-logstash:4.0.1
container_name: elastiflow-logstash
restart: 'no'
depends_on:
- elastiflow-elasticsearch
network_mode: host
environment:
# JVM Heap size - this MUST be at least 3GB (4GB preferred)
LS_JAVA_OPTS: '-Xms4g -Xmx4g'
# ElastiFlow global configuration
ELASTIFLOW_AGENT_ID: elastiflow
ELASTIFLOW_GEOIP_CACHE_SIZE: 16384
ELASTIFLOW_GEOIP_LOOKUP: 'true'
ELASTIFLOW_ASN_LOOKUP: 'true'
ELASTIFLOW_OUI_LOOKUP: 'false'
ELASTIFLOW_POPULATE_LOGS: 'true'
ELASTIFLOW_KEEP_ORIG_DATA: 'true'
ELASTIFLOW_DEFAULT_APPID_SRCTYPE: '__UNKNOWN'
# Name resolution option
ELASTIFLOW_RESOLVE_IP2HOST: 'false'
ELASTIFLOW_NAMESERVER: '127.0.0.1'
ELASTIFLOW_DNS_HIT_CACHE_SIZE: 25000
ELASTIFLOW_DNS_HIT_CACHE_TTL: 900
ELASTIFLOW_DNS_FAILED_CACHE_SIZE: 75000
ELASTIFLOW_DNS_FAILED_CACHE_TTL: 3600
ELASTIFLOW_ES_HOST: '127.0.0.1:9200'
#ELASTIFLOW_ES_USER: 'elastic'
#ELASTIFLOW_ES_PASSWD: 'changeme'
ELASTIFLOW_NETFLOW_IPV4_PORT: 2055
ELASTIFLOW_NETFLOW_UDP_WORKERS: 2
ELASTIFLOW_NETFLOW_UDP_QUEUE_SIZE: 4096
ELASTIFLOW_NETFLOW_UDP_RCV_BUFF: 33554432
ELASTIFLOW_SFLOW_IPV4_PORT: 6343
ELASTIFLOW_SFLOW_UDP_WORKERS: 2
ELASTIFLOW_SFLOW_UDP_QUEUE_SIZE: 4096
ELASTIFLOW_SFLOW_UDP_RCV_BUFF: 33554432
ELASTIFLOW_IPFIX_UDP_IPV4_PORT: 4739
ELASTIFLOW_IPFIX_UDP_WORKERS: 2
ELASTIFLOW_IPFIX_UDP_QUEUE_SIZE: 4096
ELASTIFLOW_IPFIX_UDP_RCV_BUFF: 33554432
