1
一键脚本快速安装容器版GrayLog
source link: https://blog.51cto.com/u_64214/8925093
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
一键脚本快速安装容器版本GrayLog
脚本graylog_docker_install.sh
#!/bin/bash
sed -i 's/enforcing/disabled/g' /etc/selinux/config
setenforce 0
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
# step 1: 安装必要的一些系统工具
yum install -y yum-utils device-mapper-persistent-data lvm2
# Step 2: 添加软件源信息
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# Step 3
sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
# Step 4: 更新并安装Docker-CE
yum makecache fast
yum -y install docker-ce
# Step 4: 开启Docker服务
mkdir -p /data/docker
sed -i "s#ExecStart=/usr/bin/dockerd -H fd://#ExecStart=/usr/bin/dockerd -g /data/docker -H fd://#g" /lib/systemd/system/docker.service
cat /lib/systemd/system/docker.service | grep ExecStart
systemctl daemon-reload
mkdir -p /etc/docker/
touch /etc/docker/daemon.json
cat > /etc/docker/daemon.json << \EOF
{
"bip": "10.112.0.1/24",
"registry-mirrors": ["https://XXXX.mirror.aliyuncs.com"]
}
EOF
systemctl enable docker
systemctl restart docker
docker version
cat > /opt/docker-compose.yml<< \EOF
version: '2'
services:
# MongoDB: https://hub.docker.com/_/mongo/
mongodb:
image: mongo:4.2
container_name: graylog_mongodb
volumes:
- /data/graylog/mongodb:/data/db
network_mode: bridge
# Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/7.10/docker.html
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
container_name: graylog_elasticsearch
volumes:
- /data/graylog/es_data:/usr/share/elasticsearch/data
environment:
- http.host=0.0.0.0
- transport.host=localhost
- network.host=0.0.0.0
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
mem_limit: 1g
network_mode: bridge
# Graylog: https://hub.docker.com/r/graylog/graylog/
graylog:
image: graylog/graylog:4.2
container_name: graylog
volumes:
- /data/graylog/graylog_data:/usr/share/graylog/data
entrypoint: /usr/bin/tini -- wait-for-it elasticsearch:9200 -- /docker-entrypoint.sh
links:
- mongodb:mongo
- elasticsearch
restart: always
depends_on:
- mongodb
- elasticsearch
ports:
# Graylog web interface and REST API
- 9000:9000
# Syslog TCP
- 1514:1514
# Syslog UDP
- 1514:1514/udp
# GELF TCP
- 12201:12201
# GELF UDP
- 12201:12201/udp
network_mode: bridge
# Volumes for persisting data, see https://docs.docker.com/engine/admin/volumes/volumes/
volumes:
mongo_data:
driver: local
es_data:
driver: local
graylog_data:
driver: local
networks:
default:
external: true
EOF
yum -y install docker-compose
cd /opt
echo "vm.max_map_count=262144" >> /etc/sysctl.conf
sysctl -w vm.max_map_count=262144
docker load -i /opt/graylog4.2.tar
docker-compose up -d
chmod 777 -R /data/graylog/es_data /data/graylog/graylog_data
sleep 8
docker restart graylog
sleep 8
docker cp /opt/graylog.conf graylog:/usr/share/graylog/data/config/
docker cp /opt/log4j2.xml graylog:/usr/share/graylog/data/config/
docker restart graylog
二、脚本使用演示
1、CentOS下rz上传安装包
graylog_docker_install_onekey.tar.gz
tar -zxvf graylog_docker_install_onekey.tar.gz -C /opt
cd /opt/
vim graylog_docker_install.sh
请务必修改脚本中容器镜像加速地址为自己的阿里云容器镜像加速地址
cat > /etc/docker/daemon.json << \EOF
{
"bip": "10.112.0.1/24",
"registry-mirrors": ["https://XXXX.mirror.aliyuncs.com"]
}
2、执行一键安装脚本
./graylog_docker_install.sh
- 1、脚本中graylog/graylog:4.2的镜像源拉取过慢,所以我在模板机器上导出
docker save -o graylog4.2.tar graylog/graylog:4.2
在一键安装脚本load进行本地装载 - 2、mongo和es的docker镜像通过网络进行拉取
- 3、yum源方式安装docker-compose,使用docker-compose.yml文件生成graylog容器
- 4、容器网络使用的是宿主机默认容器网络bridge (docker0)
- 5、graylog.conf中已经设置时区为Asia/Shanghai,高亮模式已经开启,admin密码已经设置为Graylog@2022
3、接下来直接访问宿主机的http://IP:9000即可访问graylog
登录密码为admin/Graylog@2022
4、关于graylog容器中使用GeoLite2-City.mmdb
docker cp /opt/GeoLite2-City.mmdb graylog:/usr/share/graylog/data/config/
docker exec -it graylog /bin/bash
docker restart graylog
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK