一、项目背景
由于自己的项目不是采用Spring Cloud架构写的,而是用Maven POM的形式来构建自己项目的微服架构。通过把一个微服,用Docker进行独立部署。测试过程中,发送一个问题,就是一个用户请求过来,无法快速定位,用户是访问了哪台机器上的微服服务,得从Portainer上,一个一个看Docker的日志比较麻烦。所以想到了日志归集的问题。
经了解日志归集,一般用ELK(Elasticsearch+Logstash+Kibana)。经过部署发现真的很不错,很实用。能够实时查询访问日志。
二、部署
闲话少说,开干。由于ELK安装是没有用户密码的,为了安全,所以通过Docker安装了nginx,通过nginx反向代理,来实现登录EK,输入用户名和密码的功能。由于Docker的方便性,这里自定义了nginx镜像,nginx方向代理Docker Stack内部服务。只要暴露nginx端口,即可访问提供对外访问。具体步骤如下:
1、安装httpd-tools
$ yum install httpd-tools -y
2、设置一个用户密码
$ mkdir elk
$ cd elk
$ cd /app/services/elk
$ htpasswd -c passwd.db [email protected]
3、创建nginx配置文件site.conf
server {
listen 80;
server_name localhost;
auth_basic "Protected Website";
auth_basic_user_file /etc/nginx/passwd.db;
#ssl on;
location / {
proxy_pass http://kibana:5601;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 150;
proxy_send_timeout 100;
proxy_read_timeout 100;
proxy_buffers 4 32k;
client_max_body_size 8m;
client_body_buffer_size 128;
}
}
4、制作定制化的nginx dockerfile
FROM nginx:latest
MAINTAINER TaoLi <[email protected]>
ADD nginx.conf /etc/nginx/conf.d/default.conf
COPY passwd.db /etc/nginx
CMD ["nginx", "-g","daemon off;"]
EXPOSE 80
5、编写生成定制化的nginx镜像的执行脚本
$ touch nginx-build.sh
$ vi ./nginx-build.sh
#!/bin/bash
docker build -t registry.test.com:5000/nginx:v1.0.0 -f nginxDockerfile .
docker push registry.test.com:5000/nginx:v1.0.0
$ chmod +x nginx-build.sh
$ sh nginx-build.sh
6、编写logstash.conf
$ mkdir -p ./logstash
$ touch ./logstash/logstash.conf
$ vi ./logstash/logstash.conf
input {
udp {
port => 5000
codec => json
}
}
filter {
if [docker][image] =~ /logstash/ {
drop { }
}
}
output {
elasticsearch { hosts => ["elasticsearch:9200"] }
stdout { codec => rubydebug }
}
7、编写docker-stack.yaml
$ vi docker-stack.yaml
input {
udp {
port => 5000
codec => json
}
}
filter {
if [docker][image] =~ /logstash/ {
drop { }
}
}
output {
elasticsearch { hosts => ["elasticsearch:9200"] }
stdout { codec => rubydebug }
}
[root@master2 elk]# clear
[root@master2 elk]# cat docker-stack.yml
version: '3.3'
networks:
net:
driver: overlay
attachable: true
volumes:
esdata:
driver: local
configs:
logstash_config:
file: ./logstash/logstash.conf
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:5.3.2
networks:
- net
environment:
ES_JAVA_OPTS: '-Xms256m -Xmx256m'
xpack.security.enabled: 'false'
xpack.monitoring.enabled: 'false'
xpack.graph.enabled: 'false'
xpack.watcher.enabled: 'false'
volumes:
- esdata:/usr/share/elasticsearch/data
deploy:
mode: replicated
replicas: 1
placement:
constraints:
- node.role == manager
logstash:
image: docker.elastic.co/logstash/logstash:5.3.2
networks:
- net
depends_on:
- elasticsearch
deploy:
replicas: 1
configs:
- source: logstash_config
target: /usr/share/logstash/pipeline/logstash.conf
logspout:
image: bekt/logspout-logstash
networks:
- net
environment:
ROUTE_URIS: 'logstash://logstash:5000'
volumes:
- /var/run/docker.sock:/var/run/docker.sock
depends_on:
- logstash
deploy:
mode: global
restart_policy:
condition: on-failure
delay: 30s
kibana:
image: docker.elastic.co/kibana/kibana:5.3.2
container_name: kibana
networks:
- net
ports:
- '5601:5601'
depends_on:
- elasticsearch
environment:
ELASTICSEARCH_URL: 'http://elasticsearch:9200'
XPACK_SECURITY_ENABLED: 'false'
XPACK_MONITORING_ENABLED: 'false'
deploy:
mode: replicated
replicas: 1
placement:
constraints:
- node.role == manager
nginx:
image: registry.tester.com:5555/nginx:v1.0.0
container_name: nginx
networks:
- net
ports:
- '3001:80'
depends_on:
- kibana
links:
- kibana
deploy:
mode: replicated
replicas: 1
placement:
constraints:
- node.role == manager
8、部署ELK
$ docker stack deploy -c docker-stack.yml elk
9、访问kibana
第一次进来,需要配置filter,选默认logstash-*就好了,点击Discover,输入:docker.image,就可以过滤docker的服务。
http://$IP:3001