麻烦点点文章广告，点点赞

院长简介

作者：院长

职位：运维开发工程师

擅长【虚拟化，容器化，自动化运维，CICD，监控，日志，中间件，双机热备，分布式存储，数据库，认证，组网隧道，Kali 安全渗透，网络攻击，负载均衡，Html，Css，Js，Jq，Vue3，Shell，Python，Go，前后端框架】

ELK介绍

ELK是三个开源软件的缩写，分别表示：Elasticsearch , Logstash, Kibana 。新增了一个FileBeat，它是一个轻量级的日志收集处理工具(Agent)，Filebeat占用资源少，适合于在各个服务器上搜集日志后传输给Logstash，官方也推荐此工具。

组件介绍

Elasticsearch

是个开源分布式搜索引擎，提供搜集、分析、存储数据三大功能。它的特点有：分布式，零配置，自动发现，索引自动分片，索引副本机制，restful风格接口，多数据源，自动搜索负载等。主要负责将日志索引并存储起来，方便业务方检索查询。

Logstash

主要是用来日志的搜集、分析、过滤日志的工具，支持大量的数据获取方式。一般工作方式为c/s架构，client端安装在需要收集日志的主机上，server端负责将收到的各节点日志进行过滤、修改等操作在一并发往elasticsearch上去。是一个日志收集、过滤、转发的中间件，主要负责将各条业务线的各类日志统一收集、过滤后，转发给 Elasticsearch 进行下一步处理。

Kibana

是一个开源和免费的工具，Kibana可以为 Logstash 和 ElasticSearch 提供的日志分析友好的 Web 界面，可以帮助汇总、分析和搜索重要数据日志。

Filebeat

Filebeat隶属于Beats。目前Beats包含四种工具：Packetbeat（搜集网络流量数据） Topbeat（搜集系统、进程和文件系统级别的 CPU 和内存使用情况等数据） Filebeat（搜集文件数据） Winlogbeat（搜集 Windows 事件日志数据）

部署服务

其他配置文件如果需要，请联系院长，可通过公众号私信，或者加入微信群联系院长

version: "3"

services:
  setup:
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    # volumes:
      # - certs:/usr/share/elasticsearch/config/certs
    user: "0"
    command: >
      bash -c '
        if [ x${ELASTIC_PASSWORD} == x ]; then
          echo "Set the ELASTIC_PASSWORD environment variable in the .env file";
          exit 1;
        elif [ x${KIBANA_PASSWORD} == x ]; then
          echo "Set the KIBANA_PASSWORD environment variable in the .env file";
          exit 1;
        fi;
        if [ ! -f certs/ca.zip ]; then
          echo "Creating CA";
          bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
          unzip config/certs/ca.zip -d config/certs;
        fi;
        if [ ! -f certs/certs.zip ]; then
          echo "Creating certs";
          echo -ne \
          "instances:\n"\
          "  - name: es01\n"\
          "    dns:\n"\
          "      - es01\n"\
          "      - localhost\n"\
          "    ip:\n"\
          "      - 127.0.0.1\n"\
          "  - name: es02\n"\
          "    dns:\n"\
          "      - es02\n"\
          "      - localhost\n"\
          "    ip:\n"\
          "      - 127.0.0.1\n"\
          "  - name: es03\n"\
          "    dns:\n"\
          "      - es03\n"\
          "      - localhost\n"\
          "    ip:\n"\
          "      - 127.0.0.1\n"\
          > config/certs/instances.yml;
          bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
          unzip config/certs/certs.zip -d config/certs;
        fi;
        echo "Setting file permissions"
        chown -R root:root config/certs;
        find . -type d -exec chmod 750 \{\} \;;
        find . -type f -exec chmod 640 \{\} \;;
        echo "Waiting for Elasticsearch availability";



    
        until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
        echo "Setting kibana_system password";
        until curl -s -X POST --cacert config/certs/ca/ca.crt -u elastic:${ELASTIC_PASSWORD} -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;
        echo "All done!";
      '
    healthcheck:
      test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"]
      interval: 1s
      timeout: 5s
      retries: 120

  es01:
    depends_on:
      setup:
        condition: service_healthy
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    volumes:
      # - certs:/usr/share/elasticsearch/config/certs
      - ../volumes/data/es01/logs:/usr/share/es/logs:rw
      - ../volumes/data/es01/data:/usr/share/es/data:rw
    ports:
      - ${ES_PORT}:9200
    environment:
      - node.name=es01
      - cluster.name=${CLUSTER_NAME}
      - cluster.initial_master_nodes=es01,es02,es03
      - discovery.seed_hosts=es02,es03
      - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
      - bootstrap.memory_lock=true
      - xpack.security.enabled=true
      # - xpack.security.http.ssl.enabled=true
      # - xpack.security.http.ssl.key=certs/es01/es01.key
      # - xpack.security.http.ssl.certificate=certs/es01/es01.crt
      # - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      # - xpack.security.http.ssl.verification_mode=certificate
      # - xpack.security.transport.ssl.enabled=true
      # - xpack.security.transport.ssl.key=certs/es01/es01.key
      # - xpack.security.transport.ssl.certificate=certs/es01/es01.crt
      # - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      # - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
    mem_limit: ${MEM_LIMIT}
    networks: 
      - stack
    ulimits:
      memlock:
        soft: -1
        hard: -1
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120

  es02:
    depends_on:
      - es01
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    volumes:
      # - certs:/usr/share/elasticsearch/config/certs
      - ../volumes/data/es02/logs:/usr/share/es/logs:rw
      - ../volumes/data/es02/data:/usr/share/es/data:rw
    environment:
      - node.name=es02
      - cluster.name=${CLUSTER_NAME}
      - cluster.initial_master_nodes=es01,es02,es03
      - discovery.seed_hosts=es01,es03
      - bootstrap.memory_lock=true
      - xpack.security.enabled=true
      # - xpack.security.http.ssl.enabled=true
      # - xpack.security.http.ssl.key=certs/es02/es02.key
      # - xpack.security.http.ssl.certificate=certs/es02/es02.crt
      # - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      # - xpack.security.http.ssl.verification_mode=certificate
      # - xpack.security.transport.ssl.enabled=true
      # - xpack.security.transport.ssl.key=certs/es02/es02.key
      # - xpack.security.transport.ssl.certificate=certs/es02/es02.crt
      # - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      # - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
    mem_limit: ${MEM_LIMIT}
    networks: 
      - stack
    ulimits:
      memlock:
        soft: -1
        hard: -1
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120

  es03:
    depends_on:
      - es02
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    volumes:
      # - certs:/usr/share/elasticsearch/config/certs
      - ../volumes/data/es03/logs:/usr/share/es/logs:rw
      - ../volumes/data/es03/data:/usr/share/es/data:rw
    environment:
      - node.name=es03
      - cluster.name=${CLUSTER_NAME}
      - cluster.initial_master_nodes=es01,es02,es03
      - discovery.seed_hosts=es01,es02
      - bootstrap.memory_lock=true
      - xpack.security.enabled=true
      # - xpack.security.http.ssl.enabled=true
      # - xpack.security.http.ssl.key=certs/es03/es03.key
      # - xpack.security.http.ssl.certificate=certs/es03/es03.crt
      # - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      # - xpack.security.http.ssl.verification_mode=certificate
      # - xpack.security.transport.ssl.enabled=true
      # - xpack.security.transport.ssl.key=certs/es03/es03.key
      # - xpack.security.transport.ssl.certificate=certs/es03/es03.crt
      # - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      # - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
    mem_limit: ${MEM_LIMIT}
    networks: 
      - stack
    ulimits:
      memlock:
        soft: -1
        hard: -1
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120

  kibana:
    depends_on:
      es01:
        condition: service_healthy
      es02:
        condition: service_healthy
      es03:
        condition: service_healthy
    image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
    volumes:
      # - certs:/usr/share/kibana/config/certs
      - ../volumes/data/kibanadata:/usr/share/kibana/data:rw
    ports:
      - ${KIBANA_PORT}:5601
    environment:
      - SERVERNAME=kibana
      - ELASTICSEARCH_HOSTS=https://es01:9200
      - ELASTICSEARCH_USERNAME=kibana_system
      - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
      # - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
    mem_limit: ${MEM_LIMIT}
    networks: 
      - stack
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120

  logstash:
    image: logstash:8.0.0
    container_name: logstash
    volumes:
      - ./config/logstash-springboot.conf:/usr/share/logstash/pipeline/logstash.conf #挂载logstash的配置文件
      - ./config/logstash.yml:/usr/share/logstash/config/logstash.yml
      - ./config/lili_goods.json:/usr/share/logstash/templates/lili_goods.json
    networks: 
      - stack
    depends_on: ['elasticsearch']
    ports: 
      - 4560:4560

volumes:
  certs:
    driver: local
  esdata01:
    driver: local
  esdata02:
    driver: local
  esdata03:
    driver: local
  kibanadata:
    driver: local
networks: 
  stack:
    driver: bridge