docker搭建ELK日志采集系统(一)
参考:https://zhuanlan.zhihu.com/p/107346014?from_voters_page=true
环境:
| 服务器 | 系统 | IP | 掩码 |
| elk | centos 7 | 10.99.101.232 | 255.255.255.0 |
一、docker安装elasticsearch
docker pull elasticsearch:7.6.0 mkdir /home/elk/ mkdir /home/elk/elasticsearchconfig/ ######获取配置文件 docker run -d --name elasticsearch -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" elasticsearch:7.6.0 docker cp elasticsearch:/usr/share/elasticsearch/config/ /home/elk/elasticsearchconfig/ #停止container docker container stop elasticsearch #删除 container docker container rm elasticsearch ######获取配置文件结束 chmod +777 /home/elk/elasticsearchconfig/config/ -R mkdir /home/elk/elasticsearchconfig/data chmod +777 /home/elk/elasticsearchconfig/data -R vi /home/elk/elasticsearchconfig/config/elasticsearch.yml cluster.name: "docker-cluster" network.host: 0.0.0.0 #访问ID限定,0.0.0.0为不限制,生产环境请设置为固定IP transport.host: 0.0.0.0 #elasticsearch节点名称 node.name: node-1 #elasticsearch节点信息 cluster.initial_master_nodes: ["node-1"] #下面的配置是关闭跨域验证(可以不开启) http.cors.enabled: true http.cors.allow-origin: "*" vi /etc/sysctl.conf 末尾添加 vm.max_map_count=262144 sysctl -p docker run --name elasticsearch -v /home/elk/elasticsearchconfig/config/:/usr/share/elasticsearch/config -v /home/elk/elasticsearchconfig/data/:/usr/share/elasticsearch/data -p 9200:9200 -p 9300:9300 --privileged=true -d elasticsearch:7.6.0 docker container ls -a #添加container自启动 docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES cac0c775dffe elasticsearch:7.6.0 "/usr/local/bin/do..." 2 minutes ago Up 2 minutes 0.0.0.0:9200->9200/tcp, 0.0.0.0:9300->9300/tcp elasticsearch docker update --restart=always cac0c775dffe firewall-cmd --add-port=9200/tcp --permanent firewall-cmd --reload
正常运行
