使用elk(elasticsearch+logstash+kibana)不需要openssh,搭建openssh是为了方便往elasticsearch里添加数据。
因为安装过程用到了service,亲测centos7的基础镜像不能用。用service起的命令可以手动起,也可以安装centos7.2版本,然后用 –privileged 赋予容器root权限
1.安装openssh 1.1创建容器 1
2
3
4
5
rosyMacBook-Pro:~ rosy$ docker run -tid --privileged yasanbee/centos7.2-systemd /bin/bash
a435707cf766d50b517b61ffb74b86539bb0ce208965af566ee5e688726b041f
rosyMacBook-Pro:~ rosy$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a435707cf766 yasanbee/centos7.2-systemd "/usr/sbin/init /bin/" 5 seconds ago Up 4 seconds hungry_darwin
进入容器,如果启动的时候就进入,亲测会出现无法退出的问题,所以建议先创建后进入容器。
1
rosyMacBook-Pro:~ rosy$ docker exec -ti a435 /bin/bash
1.2安装passwd 1
[root@a435707cf766 /]# yum install passwd -y
1.3修改centos密码 1
2
3
4
5
6
[root@a435707cf766 /]# passwd
Changing password for user root.
New password: #此处输入密码并记住它,ssh连接需要
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
1.4安装openssh 1
[root@a435707cf766 /]# yum install openssh-server -y
1.5生成公钥、私钥 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
[root@a435707cf766 /]# ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): #回车
Enter same passphrase again: #回车
Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
The key fingerprint is:
f7:eb:32:e9:26:6a:ec:82:e7:0d:ae:2e:1a:61:38:f7 root@a435707cf766
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| |
|. |
|+.. S . |
|.+ . . . |
|. .E. .. |
|....ooo . = . |
|ooo+o++. +.+o |
+-----------------+
[root@a435707cf766 /]# ssh-keygen -t rsa -f /etc/ssh/ssh_host_ecdsa_key
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): #回车
Enter same passphrase again: #回车
Your identification has been saved in /etc/ssh/ssh_host_ecdsa_key.
Your public key has been saved in /etc/ssh/ssh_host_ecdsa_key.pub.
The key fingerprint is:
62:d8:41:ed:de:8f:26:4d:61:3b:66:37:d7:3e:7c:3f root@a435707cf766
The key's randomart image is:
+--[ RSA 2048]----+
| .. |
| . . |
| .. |
| o .. o |
| . +.So o . |
| . .. B o . .|
| = = o.. |
| . + . Eo|
| o *|
+-----------------+
[root@a435707cf766 /]# ssh-keygen -t rsa -f /etc/ssh/ssh_host_ed25519_key
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): #回车
Enter same passphrase again: #回车
Your identification has been saved in /etc/ssh/ssh_host_ed25519_key.
Your public key has been saved in /etc/ssh/ssh_host_ed25519_key.pub.
The key fingerprint is:
cb:6f:98:dc:b0:65:83:dd:d0:aa:25:c1:c2:ab:cb:7d root@a435707cf766
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| . . . |
| o o . . |
| oS+ + |
| ..+.B . |
| . .o% . |
| ... E.o |
| o... .. |
+-----------------+
1.6编写启动脚本 1
2
3
4
[root@a435707cf766 /]# vi /run.sh
#!/bin/bash
/usr/sbin/sshd -D
[root@a435707cf766 /]# chmod +x /run.sh
1.7修改SSH默认端口 1
2
[root@a435707cf766 /]# vi /etc/ssh/sshd_config
Port 222
1.8退出容器并将其保存为镜像 1
2
3
4
5
rosyMacBook-Pro:~ rosy$ docker commit a435 sshd_centos7.2:centos7.2
sha256:8857ac6591c67e1a573a51faace20e958f148730ffe2e7ac49d26272cded8a51
rosyMacBook-Pro:~ rosy$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
sshd_centos7.2 centos7.2 8857ac6591c6 25 seconds ago 427.7 MB
2.搭建elk 添加数据和展示数据用elasticsearch和kibana就足够了,暂时用不到logstash,可以需要的时候再添加。1
rosyMacBook-Pro:~ rosy$ python -m SimpleHTTPServer 8080
在容器里面下载并保存在/root/下面:1
[root@39e9e27c9863 /]# curl -o /root/elk.zip 192.168.234.52:8080/elk.zip
将elk.zip解压缩,如果容器里面没有unzip命令,需要安装:1
2
3
4
5
[root@39e9e27c9863 /]# yum install unzip
[root@39e9e27c9863 ~]# unzip /root/elk.zip
[root@39e9e27c9863 ~]# cd /root/elk
[root@39e9e27c9863 elk]# ls
elasticsearch-1.7.3.noarch.rpm kibana-4.1.2-linux-x64.tar.gz logstash-1.5.4-1.noarch.rpm logstash-forwarder-0.4.0-1.x86_64.rpm
2.1安装环境和安装包 2.1.1安装环境
2.1.2安装包
elasticsearch-1.7.3.noarch.rpm
kibana-4.1.2-linux-x64.tar.gz
2.1.2创建容器 基于我们生产的sshd镜像创建容器。1
2
3
rosyMacBook-Pro:~ rosy$ docker run -tid --privileged sshd_centos7.2:centos7.2 /bin/bash
39e9e27c98630d10461621e71d12074a91d0d4a7a69f836a5155cd3a84493d30
rosyMacBook-Pro:~ rosy$ docker exec -ti 39e9e /bin/bash
也可以点击elk.zip 下载相关安装包
2.2安装jdk1.7 1
[root@39e9e27c9863 /]# yum install java-1.7.0-openjdk
2.3安装elasticsearch 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
[root@39e9e27c9863 ~]# cd /root/elk
[root@39e9e27c9863 elk]# yum localinstall elasticsearch-1.7.3.noarch.rpm
[root@39e9e27c9863 elk]# systemctl daemon-reload
[root@39e9e27c9863 elk]# systemctl enable elasticsearch.service (设置开机自启动)
Created symlink from /etc/systemd/system/multi-user.target.wants/elasticsearch.service to /usr/lib/systemd/system/elasticsearch.service.
[root@39e9e27c9863 elk]# systemctl start elasticsearch.service (开启服务)
[root@39e9e27c9863 elk]# systemctl status elasticsearch.service (查询服务状态)
● elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2017-02-27 12:09:14 UTC; 9s ago
Docs: http://www.elastic.co
Main PID: 271 (java)
CGroup: /docker/39e9e27c98630d10461621e71d12074a91d0d4a7a69f836a5155cd3a84493d30/system.slice/elasticsearch.service
└─271 java -Xms256m -Xmx1g -Djava.awt.headless=true -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupa...
Feb 27 12:09:14 39e9e27c9863 systemd[1]: Started Elasticsearch.
Feb 27 12:09:14 39e9e27c9863 systemd[1]: Starting Elasticsearch...
查看服务状态,看到服务在运行,则证明elasticsearch安装完成,对外提供服务的端口为9200。
2.4安装kibana 1
2
3
4
5
6
[root@39e9e27c9863 elk]# tar zxf /root/elk/kibana-4.1.2-linux-x64.tar.gz -C /usr/local/
[root@39e9e27c9863 elk]# cd /usr/local/
[root@39e9e27c9863 local]# mv kibana-4.1.2-linux-x64/ kibana
[root@39e9e27c9863 local]# cd /usr/local/kibana/bin
[root@39e9e27c9863 bin]# ls
kibana kibana.bat
此时运行./kibana 即可开启,将启动kibana写到service里面:1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
[root@39e9e27c9863 local]# vi /etc/systemd/system/kibana.service
[Service]
ExecStart=/usr/local/kibana/bin/kibana
[Install]
WantedBy=multi-user.target
[root@39e9e27c9863 bin]# systemctl enable kibana.service
Created symlink from /etc/systemd/system/multi-user.target.wants/kibana.service to /etc/systemd/system/kibana.service.
[root@39e9e27c9863 bin]# systemctl start kibana.service
[root@39e9e27c9863 bin]# systemctl status kibana.service
● kibana.service
Loaded: loaded (/etc/systemd/system/kibana.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2017-02-27 12:22:18 UTC; 7s ago
Main PID: 348 (node)
CGroup: /docker/39e9e27c98630d10461621e71d12074a91d0d4a7a69f836a5155cd3a84493d30/system.slice/kibana.service
└─348 /usr/local/kibana/bin/../node/bin/node /usr/local/kibana/bin/../src/bin/kibana.js
Feb 27 12:22:18 39e9e27c9863 systemd[1]: Started kibana.service.
Feb 27 12:22:18 39e9e27c9863 systemd[1]: Starting kibana.service...
Feb 27 12:22:23 39e9e27c9863 kibana[348]: {"name":"Kibana","hostname":"39e9e27c9863","pid":348,"level":30,"msg":"No existing kibana index found","time":"2017-0...3Z","v":0}
Feb 27 12:22:23 39e9e27c9863 kibana[348]: {"name":"Kibana","hostname":"39e9e27c9863","pid":348,"level":30,"msg":"Listening on 0.0.0.0:5601","time":"2017-02-27T...9Z","v":0}
Hint: Some lines were ellipsized, use -l to show in full.
查看服务状态,看到服务在运行,则证明kibana安装完成,kibana对外提供服务的端口为5601。
2.5退出容器并将其保存为镜像 1
2
3
4
5
6
7
8
rosyMacBook-Pro:~ rosy$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
39e9e27c9863 sshd_centos7.2:centos7.2 "/usr/sbin/init /bin/" 3 hours ago Up About an hour ecstatic_liskov
rosyMacBook-Pro:~ rosy$ docker commit 39e9e elk:sshd_centos7.2
sha256:fe5366107fa2ddc79edc3a73091ef78789f3d28ecb8b2d88884ce69cb13511be
rosyMacBook-Pro:~ rosy$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
elk sshd_centos7.2 fe5366107fa2 11 seconds ago 1.027 GB
3.验证elk镜像 3.1验证kibana 1
2
rosyMacBook-Pro:~ rosy$ docker run -tid --privileged -p 5050:5601 -p 223:222 --name elk_test elk:sshd_centos7.2 /run.sh
d2db917f76f5e176a2bec7fb2ce19c74078d22ba567395406b092171f174bb7b
打开浏览器,输入ip地址和对外映射的端口5050,可以访问kibana的网页:如果不是在本机上进行的访问,则需要注意关闭防火墙或者开启相应的端口。 1
2
rosyMacBook-Pro:~ rosy$ systemctl disable firewalld.service
rosyMacBook-Pro:~ rosy$ systemctl stop firewalld.service
防火墙开启端口:1
2
3
4
rosyMacBook-Pro:~ rosy$ firewall-cmd --permanent --add-port=5601/tcp (防火墙开启5601端口)
success
rosyMacBook-Pro:~ rosy$ firewall-cmd --reload (重载防火墙)
success
3.2验证ssh 远程ssh登录,启动容器对外映射的端口为223。1
2
3
4
5
6
7
8
9
10
rosyMacBook-Pro:~ rosy$ sudo ssh 192.168.234.52 -p 223
Password:
The authenticity of host '[192.168.234.52]:223 ([192.168.234.52]:223)' can't be established.
RSA key fingerprint is f7:eb:32:e9:26:6a:ec:82:e7:0d:ae:2e:1a:61:38:f7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.234.52]:223' (RSA) to the list of known hosts.
root@192.168.234.52's password:
System is booting up. See pam_nologin(8)
[root@d2db917f76f5 ~]# ls
anaconda-ks.cfg elk elk.zip
ssh成功连接容器。
3.3验证elasticsearch 在容器中添加一条数据,ssh连接或者进入容器均可1
2
3
4
5
6
7
[root@d2db917f76f5 ~]# curl -XPUT 'http://localhost:9200/twitter/tweet/1' -d '{
"user" : "kimchy",
"post_date" : "2017-1-15T14:12:12",
"message" : "trying out Elasticsearch"
}'
{"_index":"twitter","_type":"tweet","_id":"1","_version":1,"created":true}[root@d2db917f76f5 ~]#
[root@d2db917f76f5 ~]#
在网页中打开kibana,在setting中选择关键字“twitter”可以看见我们添加的数据:
至此,elk的镜像便搭好了,至于elasticsearch和kibana的用法,会另起一篇叨叨。
本文参考了以下博客:http://www.cnblogs.com/zhenyuyaodidiao/p/4948000.html http://www.cnblogs.com/zhenyuyaodidiao/p/4512249.html
