1

一键脚本快速安装容器版GrayLog

 8 months ago
source link: https://blog.51cto.com/u_64214/8925093
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

一键脚本快速安装容器版本GrayLog

脚本graylog_docker_install.sh 

#!/bin/bash
sed -i 's/enforcing/disabled/g' /etc/selinux/config
setenforce 0
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
# step 1: 安装必要的一些系统工具
yum install -y yum-utils device-mapper-persistent-data lvm2
# Step 2: 添加软件源信息
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# Step 3
sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
# Step 4: 更新并安装Docker-CE
yum makecache fast
yum -y install docker-ce
# Step 4: 开启Docker服务

mkdir -p /data/docker
sed -i "s#ExecStart=/usr/bin/dockerd -H fd://#ExecStart=/usr/bin/dockerd -g /data/docker -H fd://#g" /lib/systemd/system/docker.service
cat /lib/systemd/system/docker.service | grep ExecStart
systemctl daemon-reload
mkdir -p /etc/docker/
touch /etc/docker/daemon.json
cat  > /etc/docker/daemon.json << \EOF
{
  "bip": "10.112.0.1/24",
  "registry-mirrors": ["https://XXXX.mirror.aliyuncs.com"]
}
EOF
systemctl enable docker
systemctl restart docker
docker version
cat  > /opt/docker-compose.yml<< \EOF
version: '2'
services:
  # MongoDB: https://hub.docker.com/_/mongo/
  mongodb:
    image: mongo:4.2
    container_name: graylog_mongodb
    volumes:
      - /data/graylog/mongodb:/data/db
    network_mode: bridge
   # Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/7.10/docker.html
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
    container_name: graylog_elasticsearch
    volumes:
      - /data/graylog/es_data:/usr/share/elasticsearch/data
    environment:
      - http.host=0.0.0.0
      - transport.host=localhost
      - network.host=0.0.0.0
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    mem_limit: 1g
    network_mode: bridge
  # Graylog: https://hub.docker.com/r/graylog/graylog/
  graylog:
    image: graylog/graylog:4.2
    container_name: graylog
    volumes:
      - /data/graylog/graylog_data:/usr/share/graylog/data
    entrypoint: /usr/bin/tini -- wait-for-it elasticsearch:9200 --  /docker-entrypoint.sh
    links:
        - mongodb:mongo
        - elasticsearch
    restart: always
    depends_on:
      - mongodb
      - elasticsearch
    ports:
      # Graylog web interface and REST API
      - 9000:9000
      # Syslog TCP
      - 1514:1514
      # Syslog UDP
      - 1514:1514/udp
      # GELF TCP
      - 12201:12201
      # GELF UDP
      - 12201:12201/udp
    network_mode: bridge
# Volumes for persisting data, see https://docs.docker.com/engine/admin/volumes/volumes/
volumes:
  mongo_data:
    driver: local
  es_data:
    driver: local
  graylog_data:
    driver: local

networks:
  default:
    external: true
EOF
yum -y install docker-compose 
cd /opt
echo "vm.max_map_count=262144" >> /etc/sysctl.conf
sysctl -w vm.max_map_count=262144
docker load -i /opt/graylog4.2.tar
docker-compose up -d
chmod 777 -R /data/graylog/es_data  /data/graylog/graylog_data 
sleep 8
docker restart graylog
sleep 8
docker cp /opt/graylog.conf graylog:/usr/share/graylog/data/config/
docker cp /opt/log4j2.xml graylog:/usr/share/graylog/data/config/
docker restart graylog

二、脚本使用演示

1、CentOS下rz上传安装包

graylog_docker_install_onekey.tar.gz
tar -zxvf graylog_docker_install_onekey.tar.gz -C /opt
cd /opt/
vim graylog_docker_install.sh 
请务必修改脚本中容器镜像加速地址为自己的阿里云容器镜像加速地址
cat  > /etc/docker/daemon.json << \EOF
{
  "bip": "10.112.0.1/24",
  "registry-mirrors": ["https://XXXX.mirror.aliyuncs.com"]
}
一键脚本快速安装容器版GrayLog_docker
一键脚本快速安装容器版GrayLog_mongodb_02
一键脚本快速安装容器版GrayLog_mongodb_03

2、执行一键安装脚本

./graylog_docker_install.sh 

一键脚本快速安装容器版GrayLog_docker_04
  • 1、脚本中graylog/graylog:4.2的镜像源拉取过慢,所以我在模板机器上导出 docker save -o graylog4.2.tar graylog/graylog:4.2
    在一键安装脚本load进行本地装载
  • 2、mongo和es的docker镜像通过网络进行拉取
  • 3、yum源方式安装docker-compose,使用docker-compose.yml文件生成graylog容器
  • 4、容器网络使用的是宿主机默认容器网络bridge (docker0)
  • 5、graylog.conf中已经设置时区为Asia/Shanghai,高亮模式已经开启,admin密码已经设置为Graylog@2022

3、接下来直接访问宿主机的http://IP:9000即可访问graylog

登录密码为admin/Graylog@2022 

一键脚本快速安装容器版GrayLog_docker_05

4、关于graylog容器中使用GeoLite2-City.mmdb

docker cp /opt/GeoLite2-City.mmdb graylog:/usr/share/graylog/data/config/
docker exec -it graylog /bin/bash
docker restart graylog
一键脚本快速安装容器版GrayLog_mongodb_06
一键脚本快速安装容器版GrayLog_mongodb_07
一键脚本快速安装容器版GrayLog_mongodb_08
一键脚本快速安装容器版GrayLog_mongodb_09

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK