摸索Elastic技术栈已经有一个多星期,走了不少弯路,这里记录下来。记住:最好的解决方法永远是看官方文档。
Elastic官网
Elastic Docker资源官网
本次实验是采用7.3.2版本来构建elastic技术栈,所以下载的所有镜像都是7.3.2版本
0x00.准备工作
从elastic docker官网下载资源:
docker pull docker.elastic.co/elasticsearch/elasticsearch:7.3.2
docker pull docker.elastic.co/kibana/kibana:7.3.2
docker pull docker.elastic.co/beats/filebeat:7.3.2
本地建好一个project,用来管理docker命令、docker-compose文件、配置文件,文件结构如下:
|____elastic-stack
| |____docker
| | |____compose
| | | |____es
| | | | |____docker-compose.yml
| | | |____kibana
| | | | |____docker-compose.yml
| | | |____filebeat
| | | | |____docker-compose.yml
| | |____run
| |____settings
| | |____es
| | | |____config
| | | | |____master01.yml
| | | | |____master02.yml
| | | | |____master03.yml
| | | |____data
| | | | |____master01
| | | | |____master02
| | | | |____master03
| | | |____filebeat
| | | | |____registry
| | | | |____filebeat.yml
另外我们这里采集的laravel日志,工程目录如下:
|____web
| |____rw-admin
| | |____storage
| | | |____logs
| | | | |____laravel-2020-03-12.log
| |____rw-common
| | |____storage
| | | |____logs
| | | | |____laravel-2020-03-12.log
0x01.编写ES配置文件
我们打算模拟一个3节点的es集群,所以我这里创建了3个配置文件,文件内容如下:
master01.yml:
# elastic-stack/settings/es/config/master01.yml
# ---------------------------------- Cluster -----------------------------------
cluster.name: elasticsearch-cluster
cluster.initial_master_nodes:
- master01
- master02
- master03
# ------------------------------------ Node ------------------------------------
node.name: master01
http.cors.enabled: true
http.cors.allow-origin: "*"
# ------------------------------------ Network ------------------------------------
http.port: 9201 # 设置对外服务的http端口,默认为9200。
transport.tcp.port: 9301 # 设置节点之间交互的tcp端口,默认是9300。
network.publish_host: 172.19.0.11 # 【这里注意改成你本地的IP】设置其它节点和该节点交互的ip地址,如果不设置它会自动判断,值必须是个真实的ip地址。
network.bind_host: 0.0.0.0 # 设置绑定的ip地址,可以是ipv4或ipv6的,默认为0.0.0.0,绑定这台机器的任何一个ip。
# --------------------------------- Discovery ----------------------------------
discovery.seed_hosts: ["172.19.0.11:9301", "172.19.0.12:9302", "172.19.0.13:9303"] #写入候选主节点的设备地址,在开启服务后可以被选为主节点
master02.yml:
# elastic-stack/settings/es/config/master02.yml
# ---------------------------------- Cluster -----------------------------------
cluster.name: elasticsearch-cluster
cluster.initial_master_nodes:
- master01
- master02
- master03
# ------------------------------------ Node ------------------------------------
node.name: master02
http.cors.enabled: true
http.cors.allow-origin: "*"
# ------------------------------------ Network ------------------------------------
http.port: 9202 # 设置对外服务的http端口,默认为9200。
transport.tcp.port: 9302 # 设置节点之间交互的tcp端口,默认是9300。
network.publish_host: 172.19.0.12 # 【这里注意改成你本地的IP】设置其它节点和该节点交互的ip地址,如果不设置它会自动判断,值必须是个真实的ip地址。
network.bind_host: 0.0.0.0 # 设置绑定的ip地址,可以是ipv4或ipv6的,默认为0.0.0.0,绑定这台机器的任何一个ip。
# --------------------------------- Discovery ----------------------------------
discovery.seed_hosts: ["172.19.0.11:9301", "172.19.0.12:9302", "172.19.0.13:9303"] #写入候选主节点的设备地址,在开启服务后可以被选为主节点
master03.yml:
# elastic-stack/settings/es/config/master03.yml
# ---------------------------------- Cluster -----------------------------------
cluster.name: elasticsearch-cluster
cluster.initial_master_nodes:
- master01
- master02
- master03
# ------------------------------------ Node ------------------------------------
node.name: master03
http.cors.enabled: true
http.cors.allow-origin: "*"
# ------------------------------------ Network ------------------------------------
http.port: 9203 # 设置对外服务的http端口,默认为9200。
transport.tcp.port: 9303 # 设置节点之间交互的tcp端口,默认是9300。
network.publish_host: 172.19.0.13 # 【这里注意改成你本地的IP】设置其它节点和该节点交互的ip地址,如果不设置它会自动判断,值必须是个真实的ip地址。
network.bind_host: 0.0.0.0 # 设置绑定的ip地址,可以是ipv4或ipv6的,默认为0.0.0.0,绑定这台机器的任何一个ip。
# --------------------------------- Discovery ----------------------------------
discovery.seed_hosts: ["172.19.0.11:9301", "172.19.0.12:9302", "172.19.0.13:9303"] #写入候选主节点的设备地址,在开启服务后可以被选为主节点
0x02.启动ES集群
第一种方式直接采用docker run命令,分别启动3个ES实例,操作代码如下:
docker run -e ES_JAVA_OPTS="-Xms256m -Xmx256m" -d -p 9201:9201 -p 9301:9301 -v ~/【项目工程目录】/elastic-stack/settings/es/config/master01.yml:/usr/share/elasticsearch/config/elasticsearch.yml -v ~/【项目工程目录】/elastic-stack/settings/es/data/master01:/usr/share/elasticsearch/data -v ~/【项目工程目录】/elastic-stack/settings/es/logs/master01:/usr/share/elasticsearch/log --name es_master_01 docker.elastic.co/elasticsearch/elasticsearch:7.3.2
docker run -e ES_JAVA_OPTS="-Xms256m -Xmx256m" -d -p 9202:9202 -p 9302:9302 -v ~/【项目工程目录】/elastic-stack/settings/es/config/master02.yml:/usr/share/elasticsearch/config/elasticsearch.yml -v ~/【项目工程目录】/elastic-stack/settings/es/data/master02:/usr/share/elasticsearch/data -v ~/【项目工程目录】/elastic-stack/settings/es/logs/master02:/usr/share/elasticsearch/log --name es_master_02 docker.elastic.co/elasticsearch/elasticsearch:7.3.2
docker run -e ES_JAVA_OPTS="-Xms256m -Xmx256m" -d -p 9202:9202 -p 9302:9302 -v ~/【项目工程目录】/elastic-stack/settings/es/config/master02.yml:/usr/share/elasticsearch/config/elasticsearch.yml -v ~/【项目工程目录】/elastic-stack/settings/es/data/master02:/usr/share/elasticsearch/data -v ~/【项目工程目录】/elastic-stack/settings/es/logs/master02:/usr/share/elasticsearch/log --name es_master_02 docker.elastic.co/elasticsearch/elasticsearch:7.3.2
启动完成以后执行 docker ps 查看运行情况:
image.png
后面我们为了操作方便,直接使用docker-compose方式操作启动和关停容器,我们编写docker-compose.yml文件:
# elastic-stack/docker/compose/es/docker-compose.yml
version: '2.0'
services:
es_master_01:
image: docker.elastic.co/elasticsearch/elasticsearch:7.3.2
container_name: es_master_01
tty: true
ports:
- "9201:9201"
- "9301:9301"
networks:
extnetwork:
ipv4_address: 172.19.0.11
volumes:
- ~/【项目工程目录】/elastic-stack/settings/es/config/master01.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- ~/【项目工程目录】/elastic-stack/settings/es/data/master01:/usr/share/elasticsearch/data
- ~/【项目工程目录】/elastic-stack/settings/es/logs/master01:/usr/share/elasticsearch/log
environment:
- "ES_JAVA_OPTS=-Xms256m -Xmx256m"
- TZ=Asia/Shanghai
es_master_02:
image: docker.elastic.co/elasticsearch/elasticsearch:7.3.2
container_name: es_master_02
tty: true
ports:
- "9202:9202"
- "9302:9302"
networks:
extnetwork:
ipv4_address: 172.19.0.12
volumes:
- ~/【项目工程目录】/elastic-stack/settings/es/config/master02.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- ~/【项目工程目录】/elastic-stack/settings/es/data/master02:/usr/share/elasticsearch/data
- ~/【项目工程目录】/elastic-stack/settings/es/logs/master02:/usr/share/elasticsearch/log
environment:
- "ES_JAVA_OPTS=-Xms256m -Xmx256m"
- TZ=Asia/Shanghai
depends_on:
- es_master_01
es_master_03:
image: docker.elastic.co/elasticsearch/elasticsearch:7.3.2
container_name: es_master_03
tty: true
ports:
- "9203:9203"
- "9303:9303"
networks:
extnetwork:
ipv4_address: 172.19.0.13
volumes:
- ~/【项目工程目录】/elastic-stack/settings/es/config/master03.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- ~/【项目工程目录】/elastic-stack/settings/es/data/master03:/usr/share/elasticsearch/data
- ~/【项目工程目录】/elastic-stack/settings/es/logs/master03:/usr/share/elasticsearch/log
environment:
- "ES_JAVA_OPTS=-Xms256m -Xmx256m"
- TZ=Asia/Shanghai
depends_on:
- es_master_02
networks:
extnetwork:
ipam:
config:
- subnet: 172.19.0.0/16
gateway: 172.19.0.1
我们的ES集群工作正常了,打开ES head插件可以看到一个3节点的集群正常运行
image.png
0x03.配置kibana
kibana.yml文件内容如下:
# elastic-stack/settings/kibana/config/kibaba.yml
server.port: 5601
server.host: "0"
elasticsearch.hosts: ["http://172.16.128.124:9201","http://172.16.128.124:9202","http://172.16.128.124:9203"]
xpack.monitoring.ui.container.elasticsearch.enabled: true
docker-compose.yml
# elastic-stack/docker/compose/kibana/docker-compose.yml
version: '2.0'
services:
kibana:
image: docker.elastic.co/kibana/kibana:7.3.2
container_name: kibana
tty: true
ports:
- "5601:5601"
volumes:
- ~/【项目工程目录】/elastic-stack/settings/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml
environment:
- TZ=Asia/Shanghai
0x04.启动kibana
使用docker-compose启动kibana:
cd ~/【项目工程目录】/elastic-stack/docker/compose/kibana
docker-compose up -d
启动完成以后访问 http://127.0.0.1:5601/,看到kibana界面。
image.png
0x05.配置filebeat
filebeat.yml
# elastic-stack/settings/filebeat/filebeat.yml
filebeat.inputs:
- type: log
paths: # 这里是容器内的path
- /web/rw-admin/storage/logs/*.log
encoding: utf-8
multiline:
pattern: '^\[\d{4}-\d{2}-\d{2}\ \d{2}:\d{2}:\d{2}'
negate: true
match: after
max_lines: 50
timeout: 5
fields:
appName: rw-admin
fields_under_root: true
tail_files: true
- type: log
paths: # 这里是容器内的path
- /web/rw-common/storage/logs/*.log
encoding: utf-8
multiline:
pattern: '^\[\d{4}-\d{2}-\d{2}\ \d{2}:\d{2}:\d{2}'
negate: true
match: after
max_lines: 50
timeout: 5
fields:
appName: rw-common
fields_under_root: true
tail_files: true
output:
redis:
hosts: ["127.0.0.1:6379"]
datatype: "list"
keys:
- key: "filebeat:log"
password: xxxxxx
db: 1
timeout: 60
编写docker-compose文件
# elastic-stack/docker/compose/filebeat/docker-compose.yml
version: '2.0'
services:
filebeat:
image: docker.elastic.co/beats/filebeat:7.3.2
container_name: filebeat
tty: true
environment:
- TZ=Asia/Shanghai
command: filebeat -e
volumes:
- ~/【项目工程目录】/web:/web
- ~/【项目工程目录】/elastic-stack/settings/filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml
- ~/【项目工程目录】/elastic-stack/settings/filebeat/registry/:/usr/share/filebeat/data/
0x06.启动filebeat
cd ~/【项目工程目录】/elastic-stack/docker/compose/filebeat
docker-compose up -d
启动之后我们看到registry目录生成了几个文件,主要是filebeat用来监视文件位置的,我们把filebeat采集到的日志输出到redis里面,如果所示:
image.png
0x07.将redis日志导入ES
我这里采用的是php脚本定时把数据刷写到ES,也可以采用logstash,后面我会同步制作过程,敬请期待。。。
网友评论