Docker - 整合ELKC(elasticsearch、logstash、kibana、cerebro)篇
目录
- 一、安装Elasticsearch
-
- Step 1:下载elasticsearch
- Step 2:配置JVM
- Step 3:配置挂载路径
- Step 4:配置elasticsearch.yml
- Step 4:运行elasticsearch
- 二、安装es-head可视化插件
- 三、安装cerebro集群监控插件
- 四、安装Kibana
-
- Step 1:配置挂载路径
- Step 2:配置Kibana.yml
- Step 3:运行Kibana
- 五、安装LogStash
-
- Step 1:配置挂载路径
- Step 2:拷贝logstash配置文件
- Step 3:MySQL驱动安装
-
- 方式一 容器内下载:
- 方式二 数据卷挂载:
- Step 4:配置jdbc.conf
- Step 5:配置logstash.yml
- Step 6:配置pipelines.yml
- Step 7:运行logstash
-
- ==注:我自己使用logstash是为了同步MySQL数据到ES索引库中,所以jdbc.conf这个配置文件里面已经配置好了,启动logstash后数据就会同步到索引库。==
一、安装Elasticsearch
Step 1:下载elasticsearch
docker pull elasticsearch:7.6.2Step 2:配置JVM
PS:目的是为了避免报错“max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]”
查看当前值sysctl -a|grep vm.max_map_count临时修改sysctl -w vm.max_map_count=262144永久修改vim /etc/sysctl.confvm.max_map_count=262144sysctl -pStep 3:配置挂载路径
/opt/elasticsearch/config/elasticsearch.yml/opt/elasticsearch/data/opt/elasticsearch/pluginsStep 4:配置elasticsearch.yml
# 设置集群名称cluster.name: "docker-cluster"# 设置网络network.host: 0.0.0.0# 解决跨域http.cors.enabled: truehttp.cors.allow-origin: "*"Step 4:运行elasticsearch
docker run --name elasticsearch --restart=always --network=commons-es-network -p 9200:9200 -p 9300:9300 \-e ES_JAVA_OPS="-Xms1027m -Xmx2048m" \-e "discovery.type=single-node" \-v /opt/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml \-v /opt/elasticsearch/data:/usr/share/elasticsearch/data \-v /opt/elasticsearch/plugins:/usr/share/elasticsearch/plugins \-d elasticsearch:7.6.2成功运行界面
二、安装es-head可视化插件
docker pull mobz/elasticsearch-head:5docker run --name elasticsearch-head --restart=always -d -p 9100:9100 mobz/elasticsearch-head:5解决docker安装es-head后无法查看数据
进入head插件安装目录 ,编辑
vi /usr/src/app/_site/vendor.js修改:
application/x-www-form-urlencoded为:
application/json;charset=UTF-8tips:文件内容较多,可以使用 “/” + 关键字 搜索内容
成功运行界面
三、安装cerebro集群监控插件
docker pull lmenezes/cerebrodocker run --name=cerebro -d -p 9500:9000 --network=commons-es-network 
四、安装Kibana
版本号一定要和es版本保持一致
docker pull kibana:7.6.2Step 1:配置挂载路径
/opt/kibana/config/Kibana.yml/opt/kibana/data/opt/kibana/pluginsStep 2:配置Kibana.yml
# 默认值: 5601 Kibana 由后端服务器提供服务,该配置指定使用的端口号。server.port: 5601# 默认值: "localhost" 指定后端服务器的主机地址。server.host: "0"# 设置为中文i18n.locale: "zh-CN"# 设置服务名称server.name: "kibana"# 设置hostselasticsearch.hosts: ["http://localhost:9200"]# 设置请求超时时间elasticsearch.requestTimeout: 99999Step 3:运行Kibana
docker run -it -p 5601:5601 --restart=always --name kibana --network=commons-es-network \-v /opt/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml \-v /opt/kibana/data:/usr/share/kibana/data \-v /opt/kibana/data/plugins:/usr/share/kibana/plugins \-d 镜像ID五、安装LogStash
tips:版本要和ES版本一致
Step 1:配置挂载路径
/opt/logstash/:/usr/share/logstash/config/ /opt/logstash/:/usr/share/logstash/data//opt/logstash/:/usr/share/logstash/logstash-core/lib/jars//opt/logstash/:/usr/share/logstash/pipeline/Step 2:拷贝logstash配置文件
docker cp logstash:/usr/share/logstash/config/ /opt/logstashdocker cp logstash:/usr/share/logstash/pipeline/ /opt/logstashdocker cp logstash:/usr/share/logstash/logstash-core/lib/jars/ /opt/logstashStep 3:MySQL驱动安装
方式一 容器内下载:
下载JDBC驱动(如果已经挂载了就不需要在容器内部安装)修改Gemfile数据源地址将Gemfile的source换成https://gems.ruby-china.com/修改Gemfile.lock文件,将GEM remote修改为https://gems.ruby-china.com/./logstash-plugin install logstash-integration-jdbc方式二 数据卷挂载:
将MySQL驱动放到对应挂载的路径下重启容器即可,我这里映射的挂载路径为:
/opt/logstash/:/usr/share/logstash/logstash-core/lib/jars/所以要放到宿主机的/opt/logstash/jars/下。
Step 4:配置jdbc.conf
配置文件的内容如下:
input{ # 多个数据库的话,复制jdbc组就行,组和组之间不加逗号 jdbc{ tags => "pb_pro_sub" jdbc_connection_string => "jdbc:mysql://IP:port/pb_projects?serverTimezone=Asia/Shanghai&characterEncoding=utf8&useSSL=false" jdbc_user => "root" jdbc_password => "NQULaJwY7u" jdbc_driver_library => "/usr/share/logstash/logstash-core/lib/jars/mysql-connector-java-8.0.21.jar" jdbc_driver_class => "com.mysql.cj.jdbc.Driver" jdbc_paging_enabled => "true" jdbc_page_size => "50000" jdbc_default_timezone => "Asia/Shanghai" statement => "你想要查询的SQL语句 " clean_run => false # 每30分钟更新一次 默认为1分钟一次 # schedule => "0 */30 * * * *" } jdbc{ tags => "pb_pro" jdbc_connection_string => "jdbc:mysql://IP:port/pb_projects?serverTimezone=Asia/Shanghai&characterEncoding=utf8&useSSL=false" jdbc_user => "root" jdbc_password => "NQULaJwY7u" jdbc_driver_library => "/usr/share/logstash/logstash-core/lib/jars/mysql-connector-java-8.0.21.jar" jdbc_driver_class => "com.mysql.cj.jdbc.Driver" jdbc_paging_enabled => "true" jdbc_page_size => "50000" jdbc_default_timezone => "Asia/Shanghai" statement => 你想要查询的SQL语句 " clean_run => false # 每30分钟更新一次 默认为1分钟一次 # schedule => "0 */30 * * * *" } jdbc{ tags => "party_department" jdbc_connection_string => "jdbc:mysql://IP:port/pb_projects?serverTimezone=Asia/Shanghai&characterEncoding=utf8&useSSL=false" jdbc_user => "root" jdbc_password => "NQULaJwY7u" jdbc_driver_library => "/usr/share/logstash/logstash-core/lib/jars/mysql-connector-java-8.0.21.jar" jdbc_driver_class => "com.mysql.cj.jdbc.Driver" jdbc_paging_enabled => "true" jdbc_page_size => "50000" jdbc_default_timezone => "Asia/Shanghai" statement => "你想要查询的SQL语句 " clean_run => false # 每30分钟更新一次 默认为1分钟一次 # schedule => "0 */30 * * * *" }}output{ elasticsearch { hosts => "ES服务地址" # 索引名 index => "%{tags}" document_id => "%{id}" }stdout{ codec => json_lines } }tips:配置文件下载传送
https://download.csdn.net/download/liyu109766/19830675
Step 5:配置logstash.yml
挂载数据卷路径:
/opt/logstash/piplines/config/logstash.ymlhttp.host: "0.0.0.0"xpack.monitoring.elasticsearch.hosts: [ "http://localhost:9200" ]Step 6:配置pipelines.yml
挂载数据卷路径:
/opt/logstash/piplines/config/pipelines.yml- pipeline.id: main path.config: "/usr/share/logstash/pipeline/jdbc.conf"Step 7:运行logstash
docker run -d --privileged=true --restart=always --network commons-es-network \-v /opt/logstash/pipeline:/usr/share/logstash/pipeline \-v /opt/logstash/jars:/usr/share/logstash/logstash-core/lib/jars \-v /opt/logstash/config:/usr/share/logstash/config \--name=logstash logstash:7.6.2注:我自己使用logstash是为了同步MySQL数据到ES索引库中,所以jdbc.conf这个配置文件里面已经配置好了,启动logstash后数据就会同步到索引库。
