在docker compose安装的graylog单节点上扩展集群

于 2024-07-18 09:52:51 发布
阅读量197 收藏
点赞数 1
文章标签: docker graylog 容器
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_39668593/article/details/140513439
版权

这是生产上通过docker compose部署的单节点grayLog

思路是只需要扩展opensearch和graylog就行,至于mongo,在当前规模的集群下,共用即可。
欢迎交流,私信。

version: "3.8"

services:
  mongodb:
    image: "mongo:5.0"
    volumes:
      - "/home/server/graylog/mongodb:/data/db"
    restart: "on-failure"

  opensearch:
    image: "opensearchproject/opensearch:2.4.0"
    environment:
      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
      - "bootstrap.memory_lock=true"
      - "discovery.type=single-node"
      - "action.auto_create_index=false"
      - "plugins.security.ssl.http.enabled=false"
      - "plugins.security.disabled=true"
    ulimits:
      memlock:
        hard: -1
        soft: -1
      nofile:
        soft: 65536
        hard: 65536
    volumes:
      - "/home/server/graylog/opensearch:/usr/share/opensearch/data"
    restart: "on-failure"

  graylog:
    hostname: "server"
    image: "${GRAYLOG_IMAGE:-graylog/graylog:5.0}"
    depends_on:
      opensearch:
        condition: "service_started"
      mongodb:
        condition: "service_started"
    entrypoint: "/usr/bin/tini -- wait-for-it opensearch:9200 --  /docker-entrypoint.sh"
    environment:
      GRAYLOG_NODE_ID_FILE: "/usr/share/graylog/data/config/node-id"
      GRAYLOG_PASSWORD_SECRET: "${GRAYLOG_PASSWORD_SECRET:?Please configure GRAYLOG_PASSWORD_SECRET in the .env file}"
      GRAYLOG_ROOT_PASSWORD_SHA2: "${GRAYLOG_ROOT_PASSWORD_SHA2:?Please configure GRAYLOG_ROOT_PASSWORD_SHA2 in the .env file}"
      GRAYLOG_HTTP_BIND_ADDRESS: "0.0.0.0:9000"
      GRAYLOG_HTTP_EXTERNAL_URI: "http://xxxxx:9000/" #实际地址
      GRAYLOG_ELASTICSEARCH_HOSTS: "http://opensearch:9200"
      GRAYLOG_MONGODB_URI: "mongodb://mongodb:27017/graylog"
      GRAYLOG_ROOT_TIMEZONE: "Asia/Shanghai"
      GRAYLOG_ALLOW_HIGHLIGHTING: "true"
    ports:
    - "5044:5044/tcp"   # Beats
    - "5140:5140/udp"   # Syslog
    - "5140:5140/tcp"   # Syslog
    - "5555:5555/tcp"   # RAW TCP
    - "5555:5555/udp"   # RAW TCP
    - "9000:9000/tcp"   # Server API
    - "12202:12202/tcp" # GELF TCP
    - "22201:12202/udp" # GELF UDP
    #- "10000:10000/tcp" # Custom TCP port
    #- "10000:10000/udp" # Custom UDP port
    - "13301:13301/tcp" # Forwarder data
    - "13302:13302/tcp" # Forwarder config
    volumes:
      - "/home/server/graylog/graylog/graylog_data:/usr/share/graylog/data/data"
      - "/home/server/graylog/graylog/graylog_journal:/usr/share/graylog/data/journal"
    restart: "on-failure"

volumes:
  mongodb_data:
  os_data:
  graylog_data:
  graylog_journal:

修改本配置使之支持opensearch和graylog的集群模式

version: "3.8"

services:
  mongodb:
    image: "mongo:5.0"
    volumes:
      - "/home/server/graylog/mongodb:/data/db"
    restart: "on-failure"
    ports: 
      - "27017:27017" # 对外暴露mongo的端口27017

  opensearch:
    image: "opensearchproject/opensearch:2.4.0"
    environment:
      - "cluster.name=bblgGrayLogcluster" #设置集群名称
      - "node.name=master" #设置当前节点名称 
      - "discovery.type=zen" #设置集群发现模式
      - "network.publish_host=192.168.0.164" #当前节点发布地址
      - "discovery.seed_hosts=192.168.0.164,192.168.0.165" #已知的节点地址
      - "cluster.initial_cluster_manager_nodes=192.168.0.164,192.168.0.165" #可成为主节点的节点
      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
      - "bootstrap.memory_lock=true"
      # - "discovery.type=single-node" 删除
      - "action.auto_create_index=false"
      - "plugins.security.ssl.http.enabled=false"
      - "plugins.security.disabled=true"
    ulimits:
      memlock:
        hard: -1
        soft: -1
      nofile:
        soft: 65536
        hard: 65536
    volumes:
      - "/home/server/graylog/opensearch:/usr/share/opensearch/data"
    restart: "on-failure"
    ports: 
      - "9200:9200" # opensearch对外暴露的地址
      - "9300:9300" # opensearch对外暴露的地址

  graylog:
    hostname: "server"
    image: "${GRAYLOG_IMAGE:-graylog/graylog:5.0}"
    depends_on:
      opensearch:
        condition: "service_started"
      mongodb:
        condition: "service_started"
    entrypoint: "/usr/bin/tini -- wait-for-it opensearch:9200 --  /docker-entrypoint.sh"
    environment:
      GRAYLOG_IS_LEADER: true #设置当前节点是主机点
      GRAYLOG_CLUSTER_MODE_ENABLED: "true" #开启集群模式
      GRAYLOG_CLUSTER_NODES: "192.168.0.164:12900,192.168.0.165:12900" #集群节点
      GRAYLOG_CLUSTER_NODE_ID: "graylog_master" #当前节点id
      
      GRAYLOG_NODE_ID_FILE: "/usr/share/graylog/data/config/node-id"
      GRAYLOG_PASSWORD_SECRET: "${GRAYLOG_PASSWORD_SECRET:?Please configure GRAYLOG_PASSWORD_SECRET in the .env file}"
      GRAYLOG_ROOT_PASSWORD_SHA2: "${GRAYLOG_ROOT_PASSWORD_SHA2:?Please configure GRAYLOG_ROOT_PASSWORD_SHA2 in the .env file}"
      GRAYLOG_HTTP_BIND_ADDRESS: "0.0.0.0:9000"
      GRAYLOG_HTTP_EXTERNAL_URI: "http://192.168.0.164:9000/"
      GRAYLOG_HTTP_PUBLISH_URI: "http://192.168.0.164:9000/" #当前节点对外发布地址
      GRAYLOG_ELASTICSEARCH_HOSTS: "http://192.168.0.164:9200,http://192.168.0.165:9200" #直接采用跨容器的ip地址
      GRAYLOG_MONGODB_URI: "mongodb://192.168.0.164:27017/graylog" #直接采用跨容器的ip
      GRAYLOG_ROOT_TIMEZONE: "Asia/Shanghai"
      GRAYLOG_ALLOW_HIGHLIGHTING: "true"
    ports:
    - "5044:5044/tcp"   # Beats
    - "5140:5140/udp"   # Syslog
    - "5140:5140/tcp"   # Syslog
    - "5555:5555/tcp"   # RAW TCP
    - "5555:5555/udp"   # RAW TCP
    - "9000:9000/tcp"   # Server API
    - "12202:12202/tcp" # GELF TCP
    - "22201:12202/udp" # GELF UDP
    #- "10000:10000/tcp" # Custom TCP port
    #- "10000:10000/udp" # Custom UDP port
    - "13301:13301/tcp" # Forwarder data
    - "13302:13302/tcp" # Forwarder config
    volumes:
      - "/home/server/graylog/graylog/graylog_data:/usr/share/graylog/data/data"
      - "/home/server/graylog/graylog/graylog_journal:/usr/share/graylog/data/journal"
    restart: "on-failure"

volumes:
  mongodb_data:
  os_data:
  graylog_data:
  graylog_journal:

在从节点新增docker compose配置

#安装centos8的yum源
wget -O /etc/yum.repos.d/CentOS-Ali.repo http://mirrors.aliyun.com/repo/Centos-8.repo
yum cleanall
yum makecache

#关闭selinux
setenforce 0
vim /etc/selinux/config  #在这个文件里面修改SELINUX为disabled
#关闭swap
swapoff -a 
sed -i  '/ swap / s/^\(.*\)$/#\1/g'   /etc/fstab
#关闭防火墙
systemctl stop firewalld
systemctl disable firewalld.service
#如果没有yum-config-manager的话,安装
sudo yum install -y yum-utils
#添加docker的阿里巴巴yum源
sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

sudo vim /etc/docker/daemon.json
# 追加:
{
 "registry-mirrors": ["https://ogp4c6i5.mirror.aliyuncs.com"]
}
# 重启docker
sudo systemctl daemon-reload
sudo systemctl restart docker

version: "3.8"

services:

  opensearch:
    image: "opensearchproject/opensearch:2.4.0"
    environment:
      - "cluster.name=bblgGrayLogcluster"
      - "node.name=data1"
      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
      - "bootstrap.memory_lock=true"
      - "discovery.type=zen"
      - "network.publish_host=192.168.0.165"
      - "discovery.seed_hosts=192.168.0.164,192.168.0.165"
      - "cluster.initial_cluster_manager_nodes=192.168.0.164,192.168.0.165"
      - "action.auto_create_index=false"
      - "plugins.security.ssl.http.enabled=false"
      - "plugins.security.disabled=true"
    ulimits:
      memlock:
        hard: -1
        soft: -1
      nofile:
        soft: 65536
        hard: 65536
    volumes:
      - "/home/server/graylog/opensearch:/usr/share/opensearch/data"
    restart: "on-failure"
    ports: 
      - "9200:9200"
      - "9300:9300"

  graylog:
    hostname: "server2"
    image: "${GRAYLOG_IMAGE:-graylog/graylog:5.0}"
    depends_on:
      opensearch:
        condition: "service_started"
    entrypoint: "/usr/bin/tini -- wait-for-it 192.168.0.165:9200 --  /docker-entrypoint.sh"
    environment:
      GRAYLOG_IS_LEADER: false
      GRAYLOG_CLUSTER_MODE_ENABLED: "true"
      GRAYLOG_CLUSTER_NODES: "192.168.0.164:12900,192.168.0.165:12900"
      GRAYLOG_CLUSTER_NODE_ID: "graylog_data1"
      GRAYLOG_NODE_ID_FILE: "/usr/share/graylog/data/config/node-id"
      GRAYLOG_PASSWORD_SECRET: "${GRAYLOG_PASSWORD_SECRET:?Please configure GRAYLOG_PASSWORD_SECRET in the .env file}"
      GRAYLOG_ROOT_PASSWORD_SHA2: "${GRAYLOG_ROOT_PASSWORD_SHA2:?Please configure GRAYLOG_ROOT_PASSWORD_SHA2 in the .env file}"
      GRAYLOG_HTTP_BIND_ADDRESS: "0.0.0.0:9000"
      GRAYLOG_HTTP_EXTERNAL_URI: "http://192.168.0.165:9000/"
      GRAYLOG_HTTP_PUBLISH_URI: "http://192.168.0.165:9000/"
      GRAYLOG_ELASTICSEARCH_HOSTS: "http://192.168.0.164:9200,http://192.168.0.165:9200"
      GRAYLOG_MONGODB_URI: "mongodb://192.168.0.164:27017/graylog"
      GRAYLOG_ROOT_TIMEZONE: "Asia/Shanghai"
      GRAYLOG_ALLOW_HIGHLIGHTING: "true"
    ports:
    - "5044:5044/tcp"   # Beats
    - "5140:5140/udp"   # Syslog
    - "5140:5140/tcp"   # Syslog
    - "5555:5555/tcp"   # RAW TCP
    - "5555:5555/udp"   # RAW TCP
    - "9000:9000/tcp"   # Server API
    - "12202:12202/tcp" # GELF TCP
    - "22201:12202/udp" # GELF UDP
    #- "10000:10000/tcp" # Custom TCP port
    #- "10000:10000/udp" # Custom UDP port
    - "13301:13301/tcp" # Forwarder data
    - "13302:13302/tcp" # Forwarder config
    volumes:
      - "/home/server/graylog/graylog/graylog_data:/usr/share/graylog/data/data"
      - "/home/server/graylog/graylog/graylog_journal:/usr/share/graylog/data/journal"
    restart: "on-failure"
    

volumes:
  mongodb_data:
  os_data:
  graylog_data:
  graylog_journal:

安装nginx对greylog写入日志的udp流量进行负载均衡

可能需要配置本节点的文件句柄,因为udp很费句柄的

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
worker_rlimit_nofile 655360;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 32000;
    multi_accept on;
    use epoll;
}

stream{
  upstream backend_22201 {
        server 192.168.0.164:22201;
        server 192.168.0.165:22201;
    }

    server {
        listen 22201 udp reuseport;
	proxy_pass backend_22201;
	proxy_responses 0;
	#proxy_timeout 1s;
    }
}
letyoungsoon
关注
  • 1
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
DockerCompose部署系列:搭建Graylog日志环境
CancerKing的博客
12-17 1007
DockerCompose部署系列:搭建Graylog日志环境
Docker-Compose搭建Graylog分布式日志采集系统
Fall_enleaves的博客
08-17 1710
Graylog分布式日志采集
【实战】使用Docker快速搭建Graylog节点详细流程
Ji影的博客
08-16 1915
Docker快速搭建Graylog节点详细流程实战篇
Docker】10、Docker-Compose安装轻量级分布式日志服务Graylog
热门推荐
Asurplus
10-26 20万+
Graylog 是一个开源的日志聚合、分析、审计、展现和预警工具。在功能上来说,和 ELK 类似,但又比 ELK 要简很多。依靠着更加简洁,高效,部署使用的优势很快受到许多人的青睐。当然,在扩展性上面确实没有ELK好,但是其有商业版本可以选择
【Linux】DockerCompose 一键部署graylog
m0_55878559的博客
12-16 4万+
【代码】【Linux】DockerCompose 一键部署graylog
docker安装graylog
黑色鲸鱼的博客
12-18 694
点击System➡点击Inputs➡选择gelf-http➡点击Launch new input。服务器IP地址:9000访问,账号密码均为admin。就简安装,等后续用起来后在写一篇使用文章。1.1 安装或关闭以下服务。填写名称和端口,往下拉保存。1.2 本次安装环境。
docker-compose redis主从哨兵 redis多节点高可用 redis集群高可用
04-12
Docker Compose配置中,我们需要定义多个集群节点,每个节点都需要知道其他所有节点的信息,通过`CLUSTER_REPLICAS`设置副本数量,`CLUSTER_NODES`初始化集群。 在实际部署中,我们需要确保以下几点: - **网络通信...
利用dockerdocker-compose部署机kafka
01-20
【知识点详解】 本文将详细介绍如何使用DockerDocker Compose部署机版Apache Kafka,以及如何进行测试和验证其...如果需要扩展为多节点集群或者实现更复杂的应用场景,可以进一步探索Kafka的集群配置和高级特性。
基于Docker Compose构建的MySQL MHA集群.zip
11-07
1. **配置Docker Compose文件**:创建一个`docker-compose.yml`文件,声明MySQL MHA集群的各个组件,如主节点、从节点和MHA Manager。在文件中,为每个服务定义容器镜像、端口映射、环境变量(如MySQL配置)、数据卷...
docker-trino-cluster:docker容器上的多节点presto集群
05-09
特征具有docker-composedocker容器上的多节点集群预构建Trino Docker映像的分发用自定义变量覆盖目录属性Terraform模块启动基于ECS的集群 图片角色图像拉标签协调员勒瓦瓦特/三位一体协调员 标签工人Lewuathe / ...
docker-compose安装elasticsearch集群.docx
06-19
在本文中,我们将深入探讨如何使用`docker-compose`来安装Elasticsearch集群,以及相关配置文件的编写。Elasticsearch是一种流行的开源搜索引擎和分析引擎,常用于日志分析、实时应用监控、数据可视化等场景。 首先...
Docker安装graylog和详解
liuhm的博客
03-25 6350
Docker安装graylog和详解 前言 graylog我就不想介绍了,如果你看到graylog就知道它是一个日志存储服务器web 准备 安装docker 安装docker compose 1、安装graylog mkdir -p /home/graylog/mongo_data && chmod -R +777 /home/graylog/mongo_data mkdir -p /home/graylog/es_data && chmod -R +777 /home/gr
docker 安装graylog
qq_54947566的博客
09-18 631
官网:https://docs.graylog.org/en/3.0/pages/installation/docker.html 参考文章:https://www.cnblogs.com/kylingx/p/11960293.html 安装mongodb 创建映射目录 /etc/localtime /opt/mongo_data docker run \ --name mongo \ -p 27017:27017 \ -v /etc/localtime:/etc/localtime:ro \ -v.
GrayLog日志平台的基本使用-docker容器日志接入
qq_31292011的博客
12-22 1229
服务器上存在4 个内核,我们要使用 5.12.1这个版本,可以通过 grub2-set-default 0 命令或编辑 /etc/default/grub 文件来设置。在本机测试时,docker无法访问,应该是内核版本太低的问题,我这里进行了内核升级操作。方法1、通过 grub2-set-default 0 命令设置。本机测试:curl -vk http://127.0.0.1。方法2、编辑 /etc/default/grub 文件。3.2.2、设置新的内核为grub2的默认版本。1、查看当前内核版本。
如何利用graylog进行容器化日志管理?
LinkSLA的博客
02-28 1186
保存后一切正常的话,input就会进入RUNNING状态,这时就可以往这个input里面发送数据了,点击“Stop input”,input就会停止,数据的接收也会停止,“Stop input”会变成“Start input”,需要接受数据的时点击启动就可以了。配置Docker容器发送数据到Graylog时可以在运行docker run命令启动容器的时候加上如下参数:​​​​​​​。1.在当前用户目录下创建graylog目录作为部署的工作目录:​​​​​​​。具体示例:​​​​​​​。
使用docker安装graylog的命令
qq_38519364的博客
10-27 255
e GRAYLOG_MONGODB_URI=mongodb://admin:密码@mongodb IP:27017/admin \。1、elasticsearch安装命令。2、mongodb安装命令。3、graylog安装命令。
Graylog服务器docker安装
疯飙的蜗牛
04-13 6587
一、docker-compose.yml 配置文件 vim docker-compose.yml version: '2' services: mongodb: container_name: mongo image: mongo:3 volumes: - mongo_data:/data/db elasticsearch: container_name: es image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.5 volumes:
graylog 机极速安装
u014707607的博客
08-30 145
graylog docker-compose极速版
docker compose安装sentinel
最新发布
06-21
Docker Compose 是一个工具,用于定义和运行多个 Docker 容器作为应用的微服务架构。Sentinel 是阿里巴巴开源的一款分布式流量控制组件,它可以帮助你在高并发场景下实现熔断、降级、限流等功能。 要在机上使用 Docker Compose 安装 Sentinel,你需要做以下几步: 1. **创建 Docker Compose 文件(sentinel.yml)**: 首先,创建一个 `sentinel.yml` 文件,配置 Sentinel 集群所需的容器,通常包括 sentinel-server(主节点)和 sentinel-agent(客户端)服务。例如: ```yaml version: '3' services: sentinel: image: alibaba/sentinel-dashboard:latest container_name: sentinel ports: - SENTINEL_CENTER_IP=127.0.0.1 - SENTINEL_PORT=8080 # 根据实际需求配置其他环境变量 agent: image: alibaba/sentinel-agent:latest depends_on: - sentinel environment: - SENTINEL_CENTER_HOST=sentinel - SENTINEL_AGENT_PORT=8081 ``` 2. **下载并启动容器**: 在终端中,导航到包含 `sentinel.yml` 的文件夹,然后使用 `docker-compose up` 命令来启动容器: ``` $ cd path/to/your/sentinel-compose-file $ docker-compose up -d ``` `-d` 参数表示在后台运行(daemon mode)。 3. **访问 Sentinel UI**: Sentinel 启动后,可以通过浏览器访问 `http://localhost:8080` 来查看和管理流量控制策略。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值