ELK 8.0 Docker 配置ElasticSearch配置创建volume 删除 volume 运行es 重置密

ElasticSearch配置

创建volume

mkdir -p /data/elk/{es-config,es-data,es-log}
docker volume create --name es-config -d local -o type=none -o o=bind -o device=/data/elk/es-config
docker volume create --name es-data -d local -o type=none -o o=bind -o device=/data/elk/es-data
docker volume create --name es-log -d local -o type=none -o o=bind -o device=/data/elk/es-log

删除 volume

docker volume rm es-config
docker volume rm es-data
docker volume rm es-log

运行es

docker run -d --name=es01 -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" \
-v es-config:/usr/share/elasticsearch/config \
-v es-data:/usr/share/elasticsearch/data \
-v es-log:/usr/share/elasticsearch/log \
docker.elastic.co/elasticsearch/elasticsearch:8.11.3

重置密码

bin/elasticsearch-reset-password -u elastic 
yEiQ63S7quAUYH*jUYBe

查看node

curl --cacert /data/elk/es-config/certs/http_ca.crt -u elastic https://localhost:9200/_cat/nodes?v

输出:
root@dev:/data# curl --cacert /data/elk/es-config/certs/http_ca.crt -u elastic https://localhost:9200/_cat/nodes?v
Enter host password for user 'elastic':
ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name
172.17.0.4 11 97 5 0.37 0.36 0.16 cdfhilmrstw * 7028c6958e7a

Logstash配置

赋值es证书到logstash目录

mkdir -p /data/logstash-config/certs 
cp -r /data/elk/es-config/certs/* /data/logstash-config/certs/

logstash es output 配置

  elasticsearch   {    hosts   => "172.17.0.4:9200"    cacert => '/usr/share/logstash/config/certs/http_ca.crt'    timeout => 60    action   => "create"    index   => "loginfo-%{+YYYYMMdd}"    user => "elastic"    password => "yEiQ63S7quAUYH*jUYBe"    ssl => true    ssl_certificate_verification => true      }

运行logstash容器

docker run \
-v /data/logstash-config:/usr/share/logstash/config \
-v /applogs:/usr/share/logstash/applogs \
logstash-database:8.11.3

logstash-database dockerfile

# logstash-database DockerfileFROM docker.elastic.co/logstash/logstash:8.11.3
# delete default configurationRUN rm -f /usr/share/logstash/pipeline/logstash.confCOPY ./mysql-connector-java-8.0.30.jar /usr/share/logstash/mysql-connector-java-8.0.30.jarRUN logstash-plugin install --no-verify logstash-output-jdbc

Kibana配置

docker run -d --name kib01 -p 5601:5601 docker.elastic.co/kibana/kibana:8.11.3

es中生成kibana token

elasticsearch@61f3f62e0ccf:~$ elasticsearch-create-enrollment-token -scope 

kibanaeyJ2ZXIiOiI4LjExLjMiLCJhZHIiOlsiMTcyLjE3LjAuNDo5MjAwIl0sImZnciI6Ijk5NmEwMThjMTM0ZDM3NmRkNzcyOWJkZDRiZWRlNzhjODlkODY4NmY1MDk3ZjczMDYyMWJjOTA2NjlmMzUzNDkiLCJrZXkiOiJhU1BSN1l3QmZjUzhraDhGY3Z3YzppbjNpdFpnZlNzNmVMekF0UVpEeWVnIn0=

后续出现的问题

1. ERROR: Elasticsearch exited unexpectedly, with exit code 137

表现看是es所在节点内存不足导致的异常终止

重启过一会儿通过docker stats查看内存, 发现占用了4G多, 确实是非常耗内存, 随想着对其内存加以限制

CONTAINER ID   NAME      CPU %     MEM USAGE / LIMIT    MEM %     NET I/O           BLOCK I/O         PIDS
c5cb39a81334   kib01     4.23%     565.8MiB / 7.77GiB   7.11%     54.9MB / 68.5MB   254GB / 16.4kB    12
7028c6958e7a   es01      5.53%     4.599GiB / 7.77GiB   59.18%    12.1MB / 9.16MB   148MB / 52.2MB    121

在docker run的参数中增加了环境变量的设置, 实测有效

--env ES_JAVA_OPTS="-Xmx1g"