一、實(shí)驗(yàn)環(huán)境

操作系統(tǒng)： CentOS7.5 Mininal

配置： 4核8G

IP： 192.68.1.106

二、安裝docker

# setenforce 0

# sed? -i? 's/^SELINUX=.*/SELINUX=permissive/g'? /etc/selinux/config

# systemctl stop firewalld.service

# systemctl disable firewalld.service

#??sysctl -w vm.max_map_count=262144?

# echo "vm.max_map_count=262144" >> /etc/sysctl.conf

# sysctl -p

?# yum -y install? yum-utils device-mapper-persistent-data lvm2

#?yum-config-manager? ?--add-repo? ? https://download.docker.com/linux/centos/docker-ce.repo

#?yum list docker-ce? --showduplicates| sort? -r?

#??yum -y install docker-ce-18.06.0.ce??

# systemctl? start docker?

# systemctl? status docker?

# systemctl? enable? docker?

# docker version?

三、初始化docker swarm

# docker swarm? init? ?--listen-addr? 192.168.1.106:2377? ?--advertise-addr??192.168.1.106:2377

# docker node ls

# docker swarm init --help

四、拉取ELK鏡像

設(shè)置鏡像加速

#??curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io?

# systemctl restart docker??

#?docker pull elasticsearch:5.6.5??

#?docker pull logstash:5.6.5?

#?docker pull kibana:5.6.5

# docker images

四、創(chuàng)建服務(wù)目錄，編寫服務(wù)編排文件

# mkdir? ?-p? /opt/elk/elasticsearch/data??

# mkdir? -p??/opt/elk/logstash??

#? vim??/opt/elk/logstash/logstash.conf?

##################################

input {

? gelf {

? }

}

output {

? elasticsearch {

? ? hosts => "elasticsearch:9200"

? }

}

#####################################

# chown 999:999???/opt/elk/logstash/logstash.conf? ?

# vim??/opt/elk/elk.yml

##################################################

version: "3"

services:

? elasticsearch:

? ? image: elasticsearch:5.6.5

? ? deploy:

? ? ? replicas: 1

? ? ? resources:

? ? ? ? limits:

? ? ? ? ? cpus: '2'

? ? ? ? ? memory: 2G

? ? ? restart_policy:

? ? ? ? condition: on-failure

? ? ? ? delay: 5s

? ? ? ? max_attempts: 3

? ? environment:

? ? ? ES_JAVA_OPTS: "-Xms2g -Xmx2g"

? ? volumes:

? ? ? - /opt/elk/elasticsearch/data:/usr/share/elasticsearch/data

? ? ports:

? ? ? - "9200:9200"

? ? ? - "9300:9300"

? logstash:

? ? image: logstash:5.6.5

? ? deploy:

? ? ? replicas: 1

? ? ? resources:

? ? ? ? limits:

? ? ? ? ? cpus: '1'

? ? ? ? ? memory: 1G

? ? ? restart_policy:

? ? ? ? condition: on-failure

? ? ? ? delay: 5s

? ? ? ? max_attempts: 3

? ? command: ["logstash","-f","/etc/logstash.conf"]

? ? volumes:

? ? ? - /opt/elk/logstash/logstash.conf:/etc/logstash.conf

? ? ports:

? ? ? ? - "12201:12201/udp"

? kibana:

? ? image: kibana:5.6.5

? ? deploy:

? ? ? replicas: 1

? ? ? resources:

? ? ? ? limits:

? ? ? ? ? cpus: '2'

? ? ? ? ? memory: 1G

? ? ? restart_policy:

? ? ? ? condition: on-failure

? ? ? ? delay: 5s

? ? ? ? max_attempts: 3

? ? environment:

? ? ? ELASTICSEARCH_URL: "http://elasticsearch:9200"

? ? ports:

? ? ? - "5601:5601"

##NETWORK###

networks:

? default:

? ? ? driver: overlay

#####################################################

五、部署服務(wù)

# docker stack deploy elk -c /opt/elk/elk.yml --with-registry-auth

# docker stack ls??

# docker service ls??

瀏覽器訪問： http://192.168.1.106:5601

七、參考

Docker入門教程

https://github.com/jaywcjlove/docker-tutorial

配置 Docker 鏡像站

https://www.daocloud.io/mirror

What’s the Docker Swarm “–advertise-addr”?

https://boxboat.com/2016/08/17/whats-docker-swarm-advertise-addr

Install Elasticsearch with Docker

https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html

docker swarm集群日志管理ELK實(shí)戰(zhàn)

https://blog.csdn.net/dkfajsldfsdfsd/article/details/79987753

swarm-elk, 使用v3編寫文件的示例 ELK

https://www.helplib.com/GitHub/article_151240

ELK Stack in Swarm Mode

https://github.com/ahromis/swarm-elk

Elasticsearch Reference

https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html

GrokDebug

http://grokdebug.herokuapp.com

Logstash?最佳實(shí)踐

http://udn.yyuap.com/doc/logstash-best-practice-cn/filter/grok.html?

Logstash 正則匹配?

https://github.com/logstash-plugins/logstash-patterns-core/blob/master/patterns/grok-patterns?