beats系列~2.elastic stack部署

大数据、beat、elastic stack
Beats、elastic_stack
发布日期:   2021-11-19
更新日期:   2021-11-24
作者: 王海飞
阅读次数:  

前言

​ 本文中将使用docker-compose容器化的形式来安装部署elastic stack(ELK)服务,部署方式可参考地址:https://github.com/deviantony/docker-elk#initial-setup

1. 部署

基于安装地址提供的方式进行安装,安装过程如下图所示:

docker-elk

通过以上方式将Elasticsearch、Logstash、Kibana安装成功。默认安装成功后,所有web端可访问站点的默认账号为elastic 密码为changeme

2. network网络

使用docker-compose.yml进行部署,需要了解docker-compse中定义的内容:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
version: '3.2'

services:
  elasticsearch:
    build:
      context: elasticsearch/
      args:
        ELK_VERSION: $ELK_VERSION
    volumes:
      - type: bind
        source: ./elasticsearch/config/elasticsearch.yml
        target: /usr/share/elasticsearch/config/elasticsearch.yml
        read_only: true
      - type: volume
        source: elasticsearch
        target: /usr/share/elasticsearch/data
    ports:
      - "9200:9200"
      - "9300:9300"
    environment:
      ES_JAVA_OPTS: "-Xmx256m -Xms256m"
      ELASTIC_PASSWORD: changeme
      # Use single node discovery in order to disable production mode and avoid bootstrap checks.
      # see: https://www.elastic.co/guide/en/elasticsearch/reference/current/bootstrap-checks.html
      discovery.type: single-node
    networks:
      - elk

  logstash:
    build:
      context: logstash/
      args:
        ELK_VERSION: $ELK_VERSION
    volumes:
      - type: bind
        source: ./logstash/config/logstash.yml
        target: /usr/share/logstash/config/logstash.yml
        read_only: true
      - type: bind
        source: ./logstash/pipeline
        target: /usr/share/logstash/pipeline
        read_only: true
    ports:
      - "5044:5044"
      - "5000:5000/tcp"
      - "5000:5000/udp"
      - "9600:9600"
    environment:
      LS_JAVA_OPTS: "-Xmx256m -Xms256m"
    networks:
      - elk
    depends_on:
      - elasticsearch

  kibana:
    build:
      context: kibana/
      args:
        ELK_VERSION: $ELK_VERSION
    volumes:
      - type: bind
        source: ./kibana/config/kibana.yml
        target: /usr/share/kibana/config/kibana.yml
        read_only: true
    ports:
      - "5601:5601"
    networks:
      - elk
    depends_on:
      - elasticsearch

networks:
  elk:
    driver: bridge

volumes:
  elasticsearch:

以上的配置需要了解一下几点:

  • bridge网络:docker-compose.yml中定义了容器elasticsearch、logstash、kibana,并分别都定义了elk的network,表明这三个容器都是用bridge网络(表示连接到同一个网桥的docker容器可以相互通信)。
  • 查看当前docker-compose up -d运行后的网络,可通过docker network ls进行查看,可以发现名称为docker-elk_elk的bridge网桥。
  • services下定义的elasticsearch、logstash、kibana会自动加到名为docker-elk_elk的bridge网桥中,并在网桥中分别叫elasticsearch、logstash、kibana。因此在logstash中如需访问kibana或者elasticsearch,可以直接访问http://kibana:5601 或者http://elasticsearch:9200
  • 如果其他的容器也想访问elasticsearch、logstash、kibana这三个docker服务,即需要将待启动的容器加入到docker-elk_elk网络中即可。即 启动命令中添加network参数:docker run -itd –network docker-elk_elk …….
文章作者: 王海飞
文章链接: http://coco.github.io/2021/11/19/beats-elasticstack-bu-shu-2/
版权声明: 本博客所有文章除特別声明外,均采用 CC BY 4.0 许可协议。转载请注明来源 王海飞 !
大数据、beat、elastic stack
  目录