1、场景:三台主机,172.31.1.14 部署 logstash+kafka;172.31.1.15部署es节点1(数据节点)+kabana;172.31.1.30 部署es节点2(数据节点)+es节点3(非数据节点)
2、容器化方式:docker-compose 单机编排
3、坑点:1、容器之间需要打通网络,否则es集群无法建立;
2、配置文件外挂,经常调整的参数要写入配置文件,固定的配置可以写入docker-compose.yml的环境变量里,否认后期改动配置,需要重建容器影响比较大。
3、es集群至少3个节点,2个节点无法建立集群
4、索引分片提前规划好,7.x版本默认为1个
5、最好自己指定容器网络,否则默认网络会影响主机通信(有时候容器网络和主机网络同一个)
6、挂载目录及文件创建好需要添加权限,chmod 777 目录 -R
4、docker-compose.yml文件内容
4.1 logstash+kafka
version: '3.3'
services:
zookeeper:
image: wurstmeister/zookeeper
container_name: zookeeper
restart: always
#自定义网络
networks:
extnetwork:
ipv4_address: 10.1.1.3 #指定IP
ports:
- "2181:2181"
kafka:
image: wurstmeister/kafka
container_name: kafka
restart: always
depends_on:
- zookeeper
#自定义网络
networks:
extnetwork:
ipv4_address: 10.1.1.4 #指定IP
extra_hosts:
- "kafka:10.1.1.4"
- "zookeeper:10.1.1.3"
environment:
- KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181
- KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://kafka:9092
- KAFKA_LISTENERS=PLAINTEXT://kafka:9092
volumes:
- /var/run/docker.sock:/var/run/docker.sock
ports:
- 9092:9092
logstash:
image: logstash:7.7.0
container_name: elk_logstash
restart: always
depends_on:
- kafka
#自定义网络
networks:
extnetwork:
ipv4_address: 10.1.1.5 #指定IP
volumes:
- /data/elk/logstash/logstash.conf:/usr/share/logstash/pipeline/logstash.conf #挂载logstash的配置文件
- /data/elk/logstash/jvm.options:/usr/share/logstash/config/jvm.options
- /data/elk/logstash/pipelines.yml:/usr/share/logstash/config/pipelines.yml
- /data/elk/logstash/GeoLite2-City.mmdb:/usr/share/logstash/config/GeoLite2-City.mmdb
extra_hosts:
- "elasticsearch:172.31.1.15"
- "kafka:10.1.1.4"
- "zookeeper:10.1.1.3"
#指定网络配置
networks:
extnetwork:
ipam:
config:
- subnet: 10.1.1.0/24
4.2 es节点1(数据节点)+kabana
version: '3.3'
services:
elasticsearch:
image: elasticsearch:7.7.0 #镜像
container_name: elk_elasticsearch #定义容器名称
restart: always #开机启动,失败也会一直重启
#自定义网络
networks:
extnetwork:
ipv4_address: 10.1.1.3 #指定IP
environment:
- "ES_JAVA_OPTS=-Xms10g -Xmx10g" #设置使用jvm内存大小
- "node.name=node0"
- "bootstrap.memory_lock=true"
volumes:
- /data/elk/elasticsearch/plugins:/usr/share/elasticsearch/plugins #插件文件挂载
- /data/elk/elasticsearch/data:/usr/share/elasticsearch/data #数据文件挂载
- /data/elk/elasticsearch/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- /etc/localtime:/etc/localtime
extra_hosts:
- "node0:10.1.1.3"
- "node1:10.1.2.30"
- "node2:10.1.2.31"
ulimits:
memlock:
soft: -1
hard: -1
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9200"] # 设置检测程序
interval: 5m # 设置检测间隔
timeout: 10s # 设置检测超时时间
retries: 3 # 设置重试次数
ports:
- 9200:9200
- 9300:9300
kibana:
image: kibana:7.7.0
container_name: elk_kibana
restart: always
#自定义网络
networks:
extnetwork:
ipv4_address: 10.1.1.4 #指定IP
extra_hosts:
- "elasticsearch:172.31.1.15"
depends_on:
- elasticsearch #kibana在elasticsearch启动之后再启动
environment:
- ELASTICSEARCH_URL=http://elasticsearch:9200 #设置访问elasticsearch的地址
volumes:
- /data/elk/kibana/kibana:.yml:/usr/share/kibana/config/kibana.yml
- /etc/localtime:/etc/localtime
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:5601"] # 设置检测程序
interval: 5m # 设置检测间隔
timeout: 10s # 设置检测超时时间
retries: 3 # 设置重试次数
ports:
- 5601:5601
#指定网络配置
networks:
extnetwork:
ipam:
config:
- subnet: 10.1.1.0/24
4.3 部署es节点2(数据节点)+es节点3(非数据节点)
version: '3.3'
services:
elasticsearch:
image: elasticsearch:7.7.0 #镜像
container_name: elk_elasticsearch_node1 #定义容器名称
restart: always #开机启动,失败也会一直重启
networks:
extnetwork:
ipv4_address: 10.1.2.30 #指定IP
environment:
- "bootstrap.memory_lock=true"
- "ES_JAVA_OPTS=-Xms8g -Xmx8g" #设置使用jvm内存大小
volumes:
- /data/elk/elasticsearch/plugins:/usr/share/elasticsearch/plugins #插件文件挂载
- /data/elk/elasticsearch/data:/usr/share/elasticsearch/data #数据文件挂载
- /data/elk/elasticsearch/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- /etc/localtime:/etc/localtime
extra_hosts:
- "node1:10.1.2.30"
- "node0:10.1.1.3"
- "node2:10.1.2.31"
ulimits:
memlock:
soft: -1
hard: -1
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9200"] # 设置检测程序
interval: 5m # 设置检测间隔
timeout: 10s # 设置检测超时时间
retries: 3 # 设置重试次数
ports:
- 9200:9200
- 9300:9300
elasticsearch_node2:
image: elasticsearch:7.7.0 #镜像
container_name: elk_elasticsearch_node2 #定义容器名称
restart: always #开机启动,失败也会一直重启
networks:
extnetwork:
ipv4_address: 10.1.2.31 #指定IP
environment:
- "bootstrap.memory_lock=true"
- "ES_JAVA_OPTS=-Xms4g -Xmx4g" #设置使用jvm内存大小
volumes:
- /data/elk/elasticsearch/elasticsearch_slave.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- /etc/localtime:/etc/localtime
extra_hosts:
- "node1:10.1.2.30"
- "node0:10.1.1.3"
- "node2:10.1.2.31"
ulimits:
memlock:
soft: -1
hard: -1
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9200"] # 设置检测程序
interval: 5m # 设置检测间隔
timeout: 10s # 设置检测超时时间
retries: 3 # 设置重试次数
ports:
- 9201:9200
- 9301:9300
networks:
extnetwork:
ipam:
config:
- subnet: 10.1.2.0/24
5、es容器所在主机打通网络,通过添加路由实现
172.31.1.15:
route add -net 10.1.2.0/24 gw 172.31.1.30
172.31.1.30:
route add -net 10.1.1.0/24 gw 172.31.1.15
6、验证es集群状态
curl http://172.31.1.30:9200/_cat/health?v
epoch timestamp cluster status node.total node.data shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent
1638934652 03:37:32 elasticsearch green 3 2 130 92 0 0 0 0 - 100.0%