fix bugs

doc/script/docker/elk/README.md

@@ -0,0 +1,27 @@
+## 一、调整内存：max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]（elasticsearch用户拥有的内存权限太小，至少需要262144）
+
+#### 1.修改配置sysctl.conf
+[root@localhost ~]# vi /etc/sysctl.conf
+#### 2.添加下面配置：
+vm.max_map_count=262144
+#### 3.重新加载：
+[root@localhost ~]# sysctl -p
+#### 4.最后重新启动elasticsearch，即可启动成功。
+
+
+## 二、Docker 命令自动补全
+#### 1.安装依赖工具bash-complete
+[root@localhost ~]# yum install -y bash-completion
+
+[root@localhost ~]# source /usr/share/bash-completion/completions/docker
+
+[root@localhost ~]# source /usr/share/bash-completion/bash_completion
+
+## 三、将本文件夹内的文件拷贝至服务器
+#### 1.对sh脚本赋予执行权限
+
+#### 2.执行 ./deploy.sh
+
+#### 3.等待服务启动完毕即可
+
+#### 4.卸载执行 ./undeploy.sh

doc/script/docker/elk/deploy.sh

@@ -0,0 +1,88 @@
+#./bin/bash
+# 定义颜色
+BLUE_COLOR="\033[36m"
+RED_COLOR="\033[31m"
+GREEN_COLOR="\033[32m"
+VIOLET_COLOR="\033[35m"
+RES="\033[0m"
+
+echo -e "${BLUE_COLOR}# ######################################################################${RES}"
+echo -e "${BLUE_COLOR}#                       Docker ELK Deploy Script                       #${RES}"
+echo -e "${BLUE_COLOR}# ######################################################################${RES}"
+
+# 创建目录
+echo -e "${BLUE_COLOR}---> create [elasticsearch]directory start.${RES}"
+if [ ! -d "./elasticsearch/" ]; then
+mkdir -p ./elasticsearch/master/conf ./elasticsearch/master/data ./elasticsearch/master/logs \
+    ./elasticsearch/slave1/conf ./elasticsearch/slave1/data ./elasticsearch/slave1/logs \
+    ./elasticsearch/slave2/conf ./elasticsearch/slave2/data ./elasticsearch/slave2/logs
+fi
+
+echo -e "${RED_COLOR}---> create [kibana]directory start.${RES}"
+if [ ! -d "./kibana/" ]; then
+mkdir -p ./kibana/conf ./kibana/logs
+fi
+
+ echo -e "${GREEN_COLOR}---> create [logstash]directory start.${RES}"
+ if [ ! -d "./logstash/" ]; then
+ mkdir -p ./logstash/conf ./logstash/logs
+ fi
+
+echo -e "${GREEN_COLOR}---> create [filebeat]directory start.${RES}"
+if [ ! -d "./filebeat/" ]; then
+mkdir -p ./filebeat/conf ./filebeat/logs ./filebeat/data
+fi
+
+echo -e "${VIOLET_COLOR}---> create [nginx]directory start.${RES}"
+if [ ! -d "./nginx/" ]; then
+mkdir -p ./nginx/conf ./nginx/logs ./nginx/www
+fi
+echo -e "${BLUE_COLOR}===> create directory success.${RES}"
+
+# 目录授权(data/logs 都要授读/写权限)
+echo -e "${BLUE_COLOR}---> directory authorize start.${RES}"
+if [ -d "./elasticsearch/" ]; then
+chmod 777 ./elasticsearch/master/data/ ./elasticsearch/master/logs/ \
+    ./elasticsearch/slave1/data/ ./elasticsearch/slave1/logs/ \
+    ./elasticsearch/slave2/data/ ./elasticsearch/slave2/logs
+fi
+
+if [ -d "./filebeat/" ]; then
+chmod 777 ./filebeat/data/ ./filebeat/logs/
+fi
+echo -e "${BLUE_COLOR}===> directory authorize success.${RES}"
+
+# 移动配置文件
+echo -e "${BLUE_COLOR}---> move [elasticsearch]config file start.${RES}"
+if [ -f "./es-master.yml" ] && [ -f "./es-slave1.yml" ] && [ -f "./es-slave2.yml" ]; then
+mv ./es-master.yml ./elasticsearch/master/conf
+mv ./es-slave1.yml ./elasticsearch/slave1/conf
+mv ./es-slave2.yml ./elasticsearch/slave2/conf
+fi
+
+echo -e "${RED_COLOR}---> move [kibana]config file start.${RES}"
+if [ -f "./kibana.yml" ]; then
+mv ./kibana.yml ./kibana/conf
+fi
+
+echo -e "${GREEN_COLOR}---> move [logstash]config file start.${RES}"
+if [ -f "./logstash.yml" ] && [ -f "./logstash-filebeat.conf" ]; then
+mv ./logstash-filebeat.conf ./logstash/conf
+mv ./logstash.yml ./logstash/conf
+fi
+
+echo -e "${GREEN_COLOR}---> move [filebeat]config file start.${RES}"
+if [ -f "./filebeat.yml" ]; then
+mv ./filebeat.yml ./filebeat/conf
+fi
+
+echo -e "${VIOLET_COLOR}---> move [nginx]config file start.${RES}"
+if [ -f "./nginx.conf" ]; then
+mv ./nginx.conf ./nginx/conf
+fi
+echo -e "${BLUE_COLOR}===> move config files success.${RES}"
+echo -e "${GREEN_COLOR}>>>>>>>>>>>>>>>>>> The End <<<<<<<<<<<<<<<<<<${RES}"
+
+# 部署项目
+echo -e "${BLUE_COLOR}==================> Docker deploy Start <==================${RES}"
+docker-compose up --build -d

doc/script/docker/elk/docker-compose.yml

@@ -0,0 +1,115 @@
+version: "3"
+services:
+  es-master:
+    container_name: es-master
+    hostname: es-master
+    image: elasticsearch:7.1.1
+    restart: always
+    ports:
+      - 9200:9200
+      - 9300:9300
+    volumes:
+      - ./elasticsearch/master/conf/es-master.yml:/usr/share/elasticsearch/config/elasticsearch.yml
+      - ./elasticsearch/master/data:/usr/share/elasticsearch/data
+      - ./elasticsearch/master/logs:/usr/share/elasticsearch/logs
+    environment:
+      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
+
+  es-slave1:
+    container_name: es-slave1
+    image: elasticsearch:7.1.1
+    restart: always
+    ports:
+      - 9201:9200
+      - 9301:9300
+    volumes:
+      - ./elasticsearch/slave1/conf/es-slave1.yml:/usr/share/elasticsearch/config/elasticsearch.yml
+      - ./elasticsearch/slave1/data:/usr/share/elasticsearch/data
+      - ./elasticsearch/slave1/logs:/usr/share/elasticsearch/logs
+    environment:
+      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
+
+  es-slave2:
+    container_name: es-slave2
+    image: elasticsearch:7.1.1
+    restart: always
+    ports:
+      - 9202:9200
+      - 9302:9300
+    volumes:
+      - ./elasticsearch/slave2/conf/es-slave2.yml:/usr/share/elasticsearch/config/elasticsearch.yml
+      - ./elasticsearch/slave2/data:/usr/share/elasticsearch/data
+      - ./elasticsearch/slave2/logs:/usr/share/elasticsearch/logs
+    environment:
+      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
+
+  es-head:
+    container_name: es-head
+    image: mobz/elasticsearch-head:5
+    restart: always
+    ports:
+      - 9100:9100
+    depends_on:
+      - es-master
+      - es-slave1
+      - es-slave2
+
+  kibana:
+    container_name: kibana
+    hostname: kibana
+    image: kibana:7.1.1
+    restart: always
+    ports:
+      - 5601:5601
+    volumes:
+      - ./kibana/conf/kibana.yml:/usr/share/kibana/config/kibana.yml
+    environment:
+      - elasticsearch.hosts=http://es-master:9200
+    depends_on:
+      - es-master
+      - es-slave1
+      - es-slave2
+
+  filebeat:
+    # 容器名称
+    container_name: filebeat
+    # 主机名称
+    hostname: filebeat
+    # 镜像
+    image: docker.elastic.co/beats/filebeat:7.1.1
+    # 重启机制
+    restart: always
+    # 持久化挂载
+    volumes:
+      - ./filebeat/conf/filebeat.yml:/usr/share/filebeat/filebeat.yml
+      # 映射到容器中[作为数据源]
+      - ./logs:/home/project/elk/logs
+      - ./filebeat/logs:/usr/share/filebeat/logs
+      - ./filebeat/data:/usr/share/filebeat/data
+    # 将指定容器连接到当前连接，可以设置别名，避免ip方式导致的容器重启动态改变的无法连接情况
+    links:
+      - logstash
+    ports:
+      - 9000:9000
+    # 依赖服务[可无]
+    depends_on:
+      - es-master
+      - es-slave1
+      - es-slave2
+
+  logstash:
+    container_name: logstash
+    hostname: logstash
+    image: logstash:7.1.1
+    command: logstash -f ./conf/logstash-filebeat.conf
+    restart: always
+    volumes:
+      # 映射到容器中
+      - ./logstash/conf/logstash-filebeat.conf:/usr/share/logstash/conf/logstash-filebeat.conf
+      - ./logstash/conf/logstash.yml:/usr/share/logstash/config/logstash.yml
+    ports:
+      - 5044:5044
+    depends_on:
+      - es-master
+      - es-slave1
+      - es-slave2

doc/script/docker/elk/es-master.yml

@@ -0,0 +1,28 @@
+# 集群名称
+cluster.name: es-cluster
+# 节点名称
+node.name: es-master
+# 是否可以成为master节点
+node.master: true
+# 是否允许该节点存储数据,默认开启
+node.data: false
+# 网络绑定
+network.host: 0.0.0.0
+# 设置对外服务的http端口
+http.port: 9200
+# 设置节点间交互的tcp端口
+transport.port: 9300
+# 集群发现
+discovery.seed_hosts:
+  - es-master
+  - es-slave1
+  - es-slave2
+# 手动指定可以成为 mater 的所有节点的 name 或者 ip，这些配置将会在第一次选举中进行计算
+cluster.initial_master_nodes:
+  - es-master
+# 支持跨域访问
+http.cors.enabled: true
+http.cors.allow-origin: "*"
+# 安全认证
+xpack.security.enabled: false
+#http.cors.allow-headers: "Authorization"

doc/script/docker/elk/es-slave1.yml

@@ -0,0 +1,28 @@
+# 集群名称
+cluster.name: es-cluster
+# 节点名称
+node.name: es-slave1
+# 是否可以成为master节点
+node.master: true
+# 是否允许该节点存储数据,默认开启
+node.data: true
+# 网络绑定
+network.host: 0.0.0.0
+# 设置对外服务的http端口
+http.port: 9201
+# 设置节点间交互的tcp端口
+#transport.port: 9301
+# 集群发现
+discovery.seed_hosts:
+  - es-master
+  - es-slave1
+  - es-slave2
+# 手动指定可以成为 mater 的所有节点的 name 或者 ip，这些配置将会在第一次选举中进行计算
+cluster.initial_master_nodes:
+  - es-master
+# 支持跨域访问
+http.cors.enabled: true
+http.cors.allow-origin: "*"
+# 安全认证
+xpack.security.enabled: false
+#http.cors.allow-headers: "Authorization"

doc/script/docker/elk/es-slave2.yml

@@ -0,0 +1,28 @@
+# 集群名称
+cluster.name: es-cluster
+# 节点名称
+node.name: es-slave2
+# 是否可以成为master节点
+node.master: true
+# 是否允许该节点存储数据,默认开启
+node.data: true
+# 网络绑定
+network.host: 0.0.0.0
+# 设置对外服务的http端口
+http.port: 9202
+# 设置节点间交互的tcp端口
+#transport.port: 9302
+# 集群发现
+discovery.seed_hosts:
+  - es-master
+  - es-slave1
+  - es-slave2
+# 手动指定可以成为 mater 的所有节点的 name 或者 ip，这些配置将会在第一次选举中进行计算
+cluster.initial_master_nodes:
+  - es-master
+# 支持跨域访问
+http.cors.enabled: true
+http.cors.allow-origin: "*"
+# 安全认证
+xpack.security.enabled: false
+#http.cors.allow-headers: "Authorization"

doc/script/docker/elk/filebeat.yml

@@ -0,0 +1,37 @@
+filebeat.inputs:
+  - type: log
+    enabled: true
+    paths:
+      # 当前目录下的所有.log文件
+      - /home/project/elk/logs/*.log
+    multiline.pattern: ^\[
+    multiline.negate: true
+    multiline.match: after
+  - type: tcp
+    enabled: true
+    max_message_size: 10MiB
+    host: "0.0.0.0:9000"
+
+filebeat.config.modules:
+  path: ${path.config}/modules.d/*.yml
+  reload.enabled: false
+
+setup.template.settings:
+  index.number_of_shards: 1
+
+setup.dashboards.enabled: false
+
+setup.kibana:
+  host: "http://kibana:5601"
+
+# 不直接传输至ES
+#output.elasticsearch:
+# hosts: ["http://es-master:9200"]
+# index: "filebeat-%{[beat.version]}-%{+yyyy.MM.dd}"
+
+output.logstash:
+  hosts: ["logstash:5044"]
+
+processors:
+  - add_host_metadata: ~
+  - add_cloud_metadata: ~

doc/script/docker/elk/kibana.yml

@@ -0,0 +1,8 @@
+# 服务端口
+server.port: 5601
+# 服务IP
+server.host: "0.0.0.0"
+# ES
+elasticsearch.hosts: ["http://es-master:9200"]
+# 汉化
+i18n.locale: "zh-CN"

doc/script/docker/elk/logstash-filebeat.conf

@@ -0,0 +1,23 @@
+input {
+    # 来源beats
+    beats {
+        # 端口
+        port => "5044"
+    }
+}
+# 分析、过滤插件，可以多个
+filter {
+    grok {
+        match => { "message" => "%{COMBINEDAPACHELOG}"}
+    }
+    geoip {
+        source => "clientip"
+    }
+}
+output {
+    # 选择elasticsearch
+    elasticsearch {
+        hosts => ["http://es-master:9200"]
+        index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
+    }
+}

doc/script/docker/elk/logstash.yml

@@ -0,0 +1,8 @@
+# 服务IP
+http.host: "0.0.0.0"
+# ES
+xpack.monitoring.elasticsearch.hosts: [ "http://es-master:9200" ]
+
+xpack.monitoring.enabled: true
+
+xpack.management.enabled: false

doc/script/docker/elk/undeploy.sh

@@ -0,0 +1,16 @@
+#./bin/bash
+# 定义颜色
+BLUE_COLOR="\033[36m"
+RED_COLOR="\033[31m"
+GREEN_COLOR="\033[32m"
+VIOLET_COLOR="\033[35m"
+RES="\033[0m"
+
+echo -e "${BLUE_COLOR}# ######################################################################${RES}"
+echo -e "${BLUE_COLOR}#                       Docker ELK UnDeploy Script                     #${RES}"
+echo -e "${BLUE_COLOR}# ######################################################################${RES}"
+
+# 部署项目
+echo -e "${BLUE_COLOR}==================> Docker UnDeploy Start <==================${RES}"
+docker-compose stop
+docker-compose rm