docker-部署elk-6.1.3

1、更新daocker版本

2、pull官方的镜像

https://www.elastic.co/guide/en/elasticsearch/reference/6.1/docker.html

https://www.elastic.co/guide/en/kibana/6.1/_pulling_the_image.html

https://www.elastic.co/guide/en/logstash/6.1/docker.html

选择正常版本：

# docker pull docker.elastic.co/elasticsearch/elasticsearch:6.1.3

# docker pull docker.elastic.co/kibana/kibana:6.1.3

# docker pull docker.elastic.co/logstash/logstash:6.1.3

3、创建容器，使用docker-compose

1）创建三个目录，分别存放配置文件

#mkdir  /data/{elasticsearch,logstash,kibana}

#mkdir /data/tt  #用来存放插件，有的时候在容器内无法安装

# cat elasticsearch.yml

action.auto_create_index: true
#script.groovy.sandbox.enabled: true
#script.engine.groovy.inline.aggs: true
#Set a custom allowed content length:
http.max_content_length: 500mb
cluster.routing.allocation.disk.watermark.low: 90% 
cluster.routing.allocation.disk.watermark.high: 95% 
indices.fielddata.cache.size:  20%
indices.breaker.fielddata.limit: 60%
network.host: 0.0.0.0
xpack.security.enabled: false

# cat kibana.yml

---
# Default Kibana configuration from kibana-docker.

server.name: kibana
server.host: "0.0.0.0"
elasticsearch.url: http://elasticsearch:9200
xpack.monitoring.ui.container.elasticsearch.enabled: false
server.port: 5601
xpack.security.enabled: false

#cat  jvm.options

## JVM configuration

################################################################
## IMPORTANT: JVM heap size
################################################################
##
## You should always set the min and max JVM heap
## size to the same value. For example, to set
## the heap to 4 GB, set:
##
## -Xms4g
## -Xmx4g
##
## See https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html
## for more information
##
################################################################

# Xms represents the initial size of total heap space
# Xmx represents the maximum size of total heap space

-Xms2g
-Xmx2g

################################################################
## Expert settings
################################################################
##
## All settings below this section are considered
## expert settings. Don't tamper with them unless
## you understand what you are doing
##
################################################################

## GC configuration
-XX:+UseConcMarkSweepGC
-XX:CMSInitiatingOccupancyFraction=75
-XX:+UseCMSInitiatingOccupancyOnly

## G1GC Configuration
# NOTE: G1GC is only supported on JDK version 10 or later.
# To use G1GC uncomment the lines below.
# 10-:-XX:-UseConcMarkSweepGC
# 10-:-XX:-UseCMSInitiatingOccupancyOnly
# 10-:-XX:+UseG1GC
# 10-:-XX:InitiatingHeapOccupancyPercent=75

## optimizations

# pre-touch memory pages used by the JVM during initialization
-XX:+AlwaysPreTouch

## basic

# explicitly set the stack size
-Xss1m

# set to headless, just in case
-Djava.awt.headless=true

# ensure UTF-8 encoding by default (e.g. filenames)
-Dfile.encoding=UTF-8

# use our provided JNA always versus the system one
-Djna.nosys=true

# turn off a JDK optimization that throws away stack traces for common
# exceptions because stack traces are important for debugging
-XX:-OmitStackTraceInFastThrow

# flags to configure Netty
-Dio.netty.noUnsafe=true
-Dio.netty.noKeySetOptimization=true
-Dio.netty.recycler.maxCapacityPerThread=0

# log4j 2
-Dlog4j.shutdownHookEnabled=false
-Dlog4j2.disable.jmx=true

-Djava.io.tmpdir=${ES_TMPDIR}

## heap dumps

# generate a heap dump when an allocation from the Java heap fails
# heap dumps are created in the working directory of the JVM
-XX:+HeapDumpOnOutOfMemoryError

# specify an alternative path for heap dumps; ensure the directory exists and
# has sufficient space
-XX:HeapDumpPath=data

# specify an alternative path for JVM fatal error logs
-XX:ErrorFile=logs/hs_err_pid%p.log

## JDK 8 GC logging

8:-XX:+PrintGCDetails
8:-XX:+PrintGCDateStamps
8:-XX:+PrintTenuringDistribution
8:-XX:+PrintGCApplicationStoppedTime
8:-Xloggc:logs/gc.log
8:-XX:+UseGCLogFileRotation
8:-XX:NumberOfGCLogFiles=32
8:-XX:GCLogFileSize=64m

# JDK 9+ GC logging
9-:-Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m
# due to internationalization enhancements in JDK 9 Elasticsearch need to set the provider to COMPAT otherwise
# time/date parsing will break in an incompatible way for some date patterns and locals
9-:-Djava.locale.providers=COMPAT

# temporary workaround for C2 bug with JDK 10 on hardware with AVX-512
10-:-XX:UseAVX=2

#cat docker-compose.yml

version: '2'

services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:6.1.3
    ports:
      - "9200:9200"
      - "9300:9300"
    environment:
      - ES_JAVA_OPTS: "-Xms30g -Xmx30g"
   
      - cluster.name=docker-cluster

        - bootstrap.memory_lock=true

      ulimits:
        memlock:
          soft: -1
          hard: -1

    networks:
      - docker_elk
    volumes:
      - ./elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
      - /data/elasticsearch1:/usr/share/elasticsearch/data
      - /data/tt:/usr/share/elasticsearch/plugins/

      - /data/backups:/usr/share/elasticsearch/backups

      - /data/longterm_backups:/usr/share/elasticsearch/longterm_backups

      - ./elasticsearch/config/jvm.options:/usr/share/elasticsearch/config/jvm.options


  logstash:
    image: docker.elastic.co/logstash/logstash:6.1.3
    command: -f /etc/logstash/conf.d/ --config.reload.automatic 
    volumes:
      - ./logstash/config:/etc/logstash/conf.d
    ports:
      - "5001:5001"
      - "5044:5044"
    networks:
      - docker_elk
    depends_on:
      - elasticsearch
  kibana:
    image: docker.elastic.co/kibana/kibana:6.1.3
    volumes:
      - /tmp/:/etc/archives/
      - ./kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml
     # - /data/tt:/usr/share/kibana/plugins/
    ports:
      - "5601:5601"
    networks:
      - docker_elk
    depends_on:
      - elasticsearch
networks:
  docker_elk:
    driver: bridge

提前将插件下载到/data/tt目录下面。x-pack一定要安装到elasticsearch，下载x-pack:

# wget https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-6.1.3.zip

仅保留elasticsearch目录，其他的都删掉，并将elasticsearch重命名为x-pack

#mv elasticsearch  x-pack

重启elasticsearch。

 修改系统参数：

vim /etc/sysctl.conf
vm.max_map_count=262144

使参数生效
sysctl -p

chown -R  1000:1000  /data/elasticsearch1

4、启动容器

在docker-compose文件的目录下：

#docker-compose  up  -d 

5、配置nginx反向代理

server {
        listen *:80;
      client_max_body_size 2048m;
      client_body_timeout 300000000s;
      send_timeout 3000000000s;
      auth_basic "Protected Elasticsearch";
      auth_basic_user_file /etc/nginx/.htpasswd;
      access_log  /var/log/nginx/elk_access.log;
      error_log   /var/log/nginx/elk_error.log;


        server_name elk.xget.com;


        location / {
                proxy_pass http://10.10.1.2:5601;
                 proxy_read_timeout  200000s;
                 proxy_send_timeout  200000s;
        }

}
    

server {
        listen *:9200;
        location / {
                proxy_pass http://10.10.1.2:9200;
        }
}

server {
        client_max_body_size 2048m;
        client_body_timeout 300000000s;
        send_timeout 300000000s;
        listen *:9300;
        location / {
                proxy_pass http://10.10.1.2:9300;
                 proxy_read_timeout  20000s;
                 proxy_send_timeout  20000s;
        }
}

FAQ:

1、启动过程elasticsearch报错，配置文件里面的x-pack相关配置，加载不了。此时可以先把配置文件里面x-pack相关想注释掉，启动后再添加上。然后重启elasticsearch。

2、kibana启动后访问界面，需要认证，可以在elasticsearch和kibana的配置文件里面添加如下内容，禁用认证：

xpack.security.enabled: false