阅读量:3
[root@VM-24-17-centos ~]# cat /proc/sys/vm/max_map_count 65530 [root@VM-24-17-centos ~]# sysctl -w vm.max_map_count=262144 vm.max_map_count = 262144 #先创建出相应目录:/opt/dockerV/es/… docker run -e ES_JAVA_OPTS="-Xms512m -Xmx512m" -d -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" \ -v /opt/dockerV/es/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml \ -v /opt/dockerV/es/data:/usr/share/elasticsearch/data \ -v /opt/dockerV/es/plugins:/usr/share/elasticsearch/plugins \ --name ES01 elasticsearch:7.17.5 #报错了:docker: error pulling image configuration: download failed after attempts=6: dial tcp 104.18.124.25:443: i/o timeout.
解决方案:配置阿里云/腾讯云镜像地址: “registry-mirrors”: [“https://yxzrazem.mirror.aliyuncs.com”]
sudo mkdir -p /etc/docker sudo tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://mirror.ccs.tencentyun.com"] } EOF sudo systemctl daemon-reload sudo systemctl restart docker 
再次启动es docker:报错"Caused by: java.nio.file.AccessDeniedException: /usr/share/elasticsearch/data/nodes",
解决:权限不够:
chmod 777 /opt/dockerV/es/**
再次启动:ok
配置插件:ik_smart:
配置扩展字典:
创建my.dic文件:
酸衡子
樊孤殷衡
见路不走
重启容器:
因为一些特殊原因:没能打开防火墙端口:先通过nginx转发去操作:
下载logstash:[root@VM-24-17-centos opt]# wget https://artifacts.elastic.co/downloads/logstash/logstash-7.17.0-linux-x86_64.tar.gz 解压:[root@VM-24-17-centos opt]# tar -xvf logstash-7.17.0-linux-x86_64.tar.gz 备份:
配置:
input { file { type => "docker" path => "/var/lib/docker/containers/*/*.log" start_position => "beginning" sincedb_path => "/dev/null" codec => "json" } } output { elasticsearch { hosts => ["localhost:9200"] index => "docker-%{+YYYY.MM.dd}" document_type => "docker" } } 
#启动logstash:
cd /opt/logstash-7.17.0 && ./bin/logstash -f config/docker.conf & 
———————附录:本机mac m1 安装kibana-----------
本机再启动一个kibana实例:
jelex@jelexxudeMacBook-Pro ~ % docker run --name kibana-tencent -e ELASTICSEARCH_HOSTS=http://101.43.xxx.xx -p 5602:5601 -d arm64v8/kibana:7.17.5 430b2c038fd79c41dca524bcd2dfc58452bbc9f770166b2d6ece1b5e2b2eacab jelex@jelexxudeMacBook-Pro ~ % docker ps | grep kibana 430b2c038fd7 arm64v8/kibana:7.17.5 "/bin/tini -- /usr/l…" 10 seconds ago Up 9 seconds 0.0.0.0:5602->5601/tcp kibana-tencent jelex@jelexxudeMacBook-Pro ~ % 
GET _analyze
{
“text”: “hello,world 徐…”
}
————#添加认证:————
# 配置X-Pack http.cors.enabled: true http.cors.allow-origin: "*" http.cors.allow-headers: Authorization xpack.security.enabled: true xpack.security.transport.ssl.enabled: true 
#重启es:
#设置es密码:
[root@VM-24-17-centos dockerV]# docker exec -it ES01 bash root@1701f055dbb0:/usr/share/elasticsearch/bin# ./elasticsearch-setup-passwords interactive 
kibana配置认证:
jelex@jelexxudeMacBook-Pro ~ % docker exec -it kibana-tencent bash
#把配置文件复制出来:
jelex@jelexxudeMacBook-Pro ~ % docker cp kibana-tencent:/usr/share/kibana/config /Users/jelex/Desktop 
#删除容器:重新来,加上配置卷映射:
#把桌面上刚从容器中复制出来的配置文件放到容器卷中:
编辑配置:认证
docker run --name kibana-tencent -e ELASTICSEARCH_HOSTS=http://101.43.xxx.xx -p 5602:5601 -v /Users/jelex/dockerV/kibana-tencent/config:/usr/share/kibana/config -d arm64v8/kibana:7.17.5 
访问kibana:http://localhost:5602/login?next=%2Fapp%2Fdev_tools#/console
#输入elastic / xxxx密码 用户名和密码:注意:用户名不是kibana
此时顶部就没有未认证warning了:
logstash加入认证:
#杀死原来的进程,重新启动:
cd /opt/logstash-7.17.0 && ./bin/logstash -f config/docker.conf &
#如果不行,再试试:
xpack.monitoring.enabled: true xpack.monitoring.elasticsearch.username: xxxxusername xpack.monitoring.elasticsearch.password: xxxxxpwd xpack.monitoring.elasticsearch.hosts: ["http://localhost:9200"] 详细学习可查看:https://www.elastic.co/guide/en/logstash/current/ls-security.html
可以查看用户:
搜索:
