部署Elastic全家桶搜集Docker日志

开个新坑,算是All in boom系列,家里有了服务器之后Docker里运行的东西几乎可以撑得起一个小厂所需的所有基础设施。这么多服务搜集日志绝对是个费力不讨好的活,因此我们需要一些更为集中式的日志搜集、管理方式,在我这个场景里,最理想的方法就是通过elastic提供的logging插件,直接以Docker Drive的方式将日志流重定向至Elasticsearch。

当然,实际上也有别的办法,比如将某个容器的日志写到一个具体的文件,然后在Docker内或者Docker本身的宿主机部署Filebeat或者Logstash将日志写入ES,这种方法灵活性很高,而且还可以对日志进行各种各样的处理,甚至日志不直接写进ES,而是写入Kafka、RabbitMQ等消息队列削峰,之后在通过各种方式进行ETL,架构想搞的多复杂真的完全取决于你大脑的进化程度。

我之所以采用logging插件,是因为这玩意完全符合我的预期,它可以直接搜集日志并写入ES,并且我不需要对日志格式进行处理,所以没必要再部署个filebeat、logstash来增加我架构的复杂性。再一个是这玩意的配置也很简单,只需要对每个容器配置logging即可,在docker-compose配置文件面前,这个要求可以说是毫无压力

部署Elastic全家桶

我这的全家桶指的是Elasticsearch + Kibana + Fleet Server + Fleet Agent,后两个对于搜集日志没什么帮助,我有一些其他的用途。也许后面有心情写博客的时候会讲到。

这部分我就偷点懒,全家桶的部署还是要稍稍踩一些坑的,主要集中在配置文件中的配置项方面,再一个就是Docker部署的ES默认是开着X-Pack的,有一些相关的知识还是需要掌握的,我就偷懒不讲了,遇到问题丢进Google基本上都能搜索到解决方案或者文档。我就只贴一下我的docker-compose文件好了

version: '3'
services:
  elasticsearch:
    image: elasticsearch:8.2.3
    container_name: elasticsearch
    restart: unless-stopped
    environment:
      - TZ=Asia/Shanghai
      - node.name=elasticsearch.s.home.mxd
      - cluster.name=elasticsearch.s.home.mxd
      - discovery.type=single-node
      - bootstrap.memory_lock=true
      - ES_JAVA_OPTS=-Xms512m -Xmx2g
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
    - /volume1/docker/elastic/elasticsearch/data:/usr/share/elasticsearch/data
    - /volume1/docker/elastic/elasticsearch/plugins:/usr/share/elasticsearch/plugins
    - /volume1/docker/elastic/elasticsearch/config:/usr/share/elasticsearch/config
    - /volume1/docker/elastic/elasticsearch/crack/x-pack-core-8.2.3.jar:/usr/share/elasticsearch/modules/x-pack-core/x-pack-core-8.2.3.jar
    logging:
      driver: 'json-file'
      options:
        max-size: '10m'
        max-file: '1'
    hostname: elasticsearch
    mac_address: '62:62:62:00:ff:01'
    networks: 
      dhcp:

  kibana:
    image: kibana:8.2.3
    container_name: kibana
    restart: unless-stopped
    environment:
      - TZ=Asia/Shanghai
    volumes:
    - /volume1/docker/elastic/kibana/data:/usr/share/kibana/data
    - /volume1/docker/elastic/kibana/config:/usr/share/kibana/config
    - /volume1/docker/elastic/kibana/plugins:/usr/share/kibana/plugins
    logging:
      driver: 'json-file'
      options:
        max-size: '10m'
        max-file: '1'
    hostname: kibana
    mac_address: '62:62:62:00:ff:02'
    networks: 
      dhcp:

  fleet-server:
    image: elastic/elastic-agent:8.2.3
    container_name: fleet-server
    restart: unless-stopped
    environment:
      - TZ=Asia/Shanghai
      - FLEET_SERVER_ENABLE=true
      - ELASTICSEARCH_HOSTS=http://elasticsearch.s.home.mxd:9200
      - ELASTICSEARCH_USERNAME=elastic
      - ELASTICSEARCH_PASSWORD=elastic
      - FLEET_SERVER_SERVICE_TOKEN=AAEAAWVsYXN0aWMvZmxlZXQtc2VydmVyL3Rva2VuLTE2NTYwNjcyOTE2Njc6bUpwSmNHU0dTV21KX1hiVlVsQk9oZw
      - FLEET_SERVER_POLICY_ID=fleet-server-policy
    volumes:
    - /volume1/docker/tmp:/docker-tmp
    logging:
      driver: 'json-file'
      options:
        max-size: '10m'
        max-file: '1'
    hostname: fleet-server
    mac_address: '62:62:62:00:ff:03'
    networks: 
      dhcp:

  fleet-agent:
    image: elastic/elastic-agent:8.2.3
    container_name: fleet-agent
    restart: unless-stopped
    user: root
    environment:
      - TZ=Asia/Shanghai
      - FLEET_ENROLL=1
      - FLEET_URL=https://fleet-server.s.home.mxd:8220
      - FLEET_ENROLLMENT_TOKEN=bWREN29vRUJ6ZTVtVVVhVUNIckY6WmVHZTBnenFScXlOR0JHcXlXNm5Qdw==
      - FLEET_INSECURE=true
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock:rw
    - /volume1/docker/tmp:/docker-tmp
    logging:
      driver: 'json-file'
      options:
        max-size: '10m'
        max-file: '1'
    hostname: fleet-agent
    mac_address: '62:62:62:00:ff:04'
    networks: 
      dhcp:

  heartbeat:
    image: docker.elastic.co/beats/heartbeat:8.2.3
    container_name: heartbeat
    restart: unless-stopped
    user: heartbeat
    environment:
      - TZ=Asia/Shanghai
      - ELASTICSEARCH_HOSTS=http://elasticsearch.s.home.mxd:9200
      - ELASTICSEARCH_USERNAME=elastic
      - ELASTICSEARCH_PASSWORD=elastic
    volumes:
    - /volume1/docker/elastic/heartbeat/heartbeat.docker.yml:/usr/share/heartbeat/heartbeat.yml
    - /volume1/docker/tmp:/docker-tmp
    logging:
      driver: 'json-file'
      options:
        max-size: '10m'
        max-file: '1'
    hostname: heartbeat
    mac_address: '62:62:62:00:ff:05'
    networks: 
      dhcp:

  enterprisesearch:
    image: docker.elastic.co/enterprise-search/enterprise-search:8.2.3
    container_name: enterprisesearch
    restart: unless-stopped
    environment:
      - TZ=Asia/Shanghai
      - SERVERNAME=enterprisesearch.s.home.mxd
      - ent_search.external_url=http://enterprisesearch.s.home.mxd:3002
      - secret_management.encryption_keys=['n&Yn*8KxU^!N1F4JOiyecUEA$DiVp6he']
      - allow_es_settings_modification=true
      - elasticsearch.host=http://elasticsearch.s.home.mxd:9200
      - elasticsearch.username=elastic
      - elasticsearch.password=elastic
      - kibana.external_url=http://kibana.s.home.mxd:5601
    volumes:
    - /volume1/docker/elastic/elasticsearch/config:/usr/share/enterprise-search/es-config:ro
    logging:
      driver: 'json-file'
      options:
        max-size: '10m'
        max-file: '1'
    hostname: enterprisesearch
    mac_address: '62:62:62:00:ff:06'
    networks: 
      dhcp:

networks:
  dhcp:
    external:
      name: dhcp

玩脱了的奶鱼

相关文章

  • 没有相关文章!
0 个评论
来吐个槽(ノ*・ω・)ノ)