通過 docker-compose 安裝 ELK 的問題總結
ofollow,noindex" target="_blank">docker-elk Git repo
X-Pack support
如果需要 X-Pack 功能支援,需要選擇docker-elk 的 x-pack 分支
映象拉取超時
如果使用了阿里雲的容器映象服務,可以用阿里雲的映象加速器
sudo mkdir -p /etc/docker sudo tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://yourcode.mirror.aliyuncs.com"] } EOF sudo systemctl daemon-reload sudo systemctl restart docker
failed to authenticate user [logstash_system]
建立了 logstash 的 pipline,但是資料卻沒有被索引到 elasticsearch
解決方案:需要自己新建一個 user 和 role,分配足夠的許可權
在 Kibana UI 上新建 logstash pipeline 不生效
解決方案:可以更改倉庫中的配置檔案,重啟映象後 pipeline 可生效
疑問:如何讓介面配置的 logstash pipeline 可以生效呢?
logstash 映象不能安裝 mongo-shell
新增USER root
到 logstash dockerfile,然後重新 build 映象
然後執行:
docker-compose up -d --force-recreate --build
Elasticsearch health is Yellow
設定索引副本為 0
curl -H "Content-Type: application/json" -XPUT http://localhost:9200/nginx*/_settings -d '{"index":{"number_of_replicas":"0"}}'
刪除已經生成的索引
curl -X DELETE "http://localhost:9200/nginx*"
如何持久化資料?
在docker-compose.yml
加入以下配置:
elasticsearch: volumes: - /path/to/storage:/usr/share/elasticsearch/data
Error: Address already in use
5000 埠已經被使用:
[2018-09-14T15:26:05,003][INFO ][org.logstash.beats.Server] Starting server on port: 5000 [2018-09-14T15:26:11,256][ERROR][logstash.pipeline] A plugin had an unrecoverable error. Will restart this plugin. Pipeline_id:nginx_log Plugin: <LogStash::Inputs::Beats port=>5000, id=>"2f86f95bf2055694fb69b6c74e35dfe71c1ad2125d68ddbdd92c28429ad222cc", enable_metric=>true, codec=><LogStash::Codecs::Plain id=>"plain_7000b63c-197c-4165-b2c2-b716246aff4e", enable_metric=>true, charset=>"UTF-8">, host=>"0.0.0.0", ssl=>false, add_hostname=>true, ssl_verify_mode=>"none", ssl_peer_metadata=>false, include_codec_tag=>true, ssl_handshake_timeout=>10000, tls_min_version=>1, tls_max_version=>1.2, cipher_suites=>["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"], client_inactivity_timeout=>60, executor_threads=>2> Error: Address already in use Exception: Java::JavaNet::BindException Stack: sun.nio.ch.Net.bind0(Native Method) sun.nio.ch.Net.bind(sun/nio/ch/Net.java:433) sun.nio.ch.Net.bind(sun/nio/ch/Net.java:425)
解決方案:去掉預設的 pipeline.yml 中的 main pipeline
如何在 Dockerfile 中安裝 mongo-shell?
新增以下程式碼到 Dockerfile:
RUN touch /etc/yum.repos.d/mongodb-org-4.0.repo RUN echo $'[mongodb-org-4.0]\n\ name=MongoDB Repository\n\ baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.0/x86_64/\n\ gpgcheck=1\n\ enabled=1\n\ gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc\n'\ >> /etc/yum.repos.d/mongodb-org-4.0.repo RUN yum install -y mongodb-org-shell