[问题已处理]-docker安装yearning

导语：需要安装sql审计平台，以docker安装yearning为例

docker network create deepwise

## 默认账号密码admin/Yearning_admin

docker run -itd --restart=unless-stopped --name=mysql  --privileged=true --pid=host -e MYSQL_ROOT_PASSWORD=deepwise -e TZ=Asia/Shanghai    --net=deepwise -p 3306:3306   -v /var/lib/mysql:/var/lib/mysql harbor.deepwise.com/base/mysql:5.7.33 

docker exec -it mysql bash -c "mysql -uroot -pdeepwise -e 'CREATE DATABASE yearning CHARACTER SET utf8mb4 COLLATE utf8mb4_bin;'"


mkdir -p /opt/Yearning

cat > /opt/Yearning/conf.toml <<EOF
[Mysql]
Db = "Yearning"
Host = "mysql"
Port = "3306"
Password = "deepwise"
User = "root"

[General]
SecretKey = "dbcjqheupqjsuwsm"
Hours = 4


[Oidc]
Enable = false
ClientId = "yearning"
ClientSecret = "fefehelj23jlj22f3jfjdfd"
Scope = "openid profile"
AuthUrl = "https://keycloak.xxx.ca/auth/realms/master/protocol/openid-connect/auth"
TokenUrl = "https://keycloak.xxx.ca/auth/realms/master/protocol/openid-connect/token"
UserUrl = "https://keycloak.xxx.ca/auth/realms/master/protocol/openid-connect/userinfo"
RedirectUrL = "http://127.0.0.1:8000/oidc/_token-login"
UserNameKey = "preferred_username"
RealNameKey = "name"
EmailKey = "email"
SessionKey = "session_state"
EOF

## init database and start 

docker run -itd \
--name yearning \
--restart=unless-stopped  \
-p 8000:8000 \
-e MYSQL_ADDR=mysql:3306 \
-e MYSQL_USER=root \
-e MYSQL_PASSWORD=deepwise \
-e MYSQL_DB=yearning \
-e TZ="Asia/Shanghai" \
--net=deepwise \
-v /opt/Yearning/conf.toml:/opt/conf.toml \
harbor.deepwise.com/yeelabs/yearning:v2.3.2


###
mkdir /data1/elk
cat >/data1/elk/elasticsearch.yml << EOF
cluster.name: "docker-cluster"
network.host: 0.0.0.0
# 访问ID限定，0.0.0.0为不限制，生产环境请设置为固定IP
transport.host: 0.0.0.0
# elasticsearch节点名称
node.name: node-1
# elasticsearch节点信息
cluster.initial_master_nodes: ["node-1"]
# 下面的配置是关闭跨域验证
http.cors.enabled: true
http.cors.allow-origin: "*"
EOF

docker run -dit \
-p 9200:9200 \
-p 9300:9300 \
-e TZ=Asia/Shanghai \
-e ES_JAVA_OPTS="-Xms512m -Xmx512m" \
--name=elasticsearch \
--net=deepwise \
-v /data1/elk/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml \
-v /data1/elk/plugins:/usr/share/elasticsearch/plugins \
harbor.deepwise.com/infrastructure/elastic/elasticsearch:7.8.0

cat >/etc/security/limits.conf  <<EOF
* soft nofile 65536 
* hard nofile 65536
EOF

cat > /etc/sysctl.conf <<EOF
vm.max_map_count=655360
EOF

sysctl  -p


cat > /data1/elk/kibana.yml<<EOF
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://elasticsearch:9200"]
# 操作界面语言设置
i18n.locale: "zh-CN"
EOF

docker run -dit \
--name kibana \
-p 5601:5601 \
--net=deepwise \
-v /data1/elk/kibana.yml:/usr/share/kibana/config/kibana.yml \
harbor.deepwise.com/infrastructure/elastic/kibana:7.8.0


cat > /data1/elk/filebeat.docker.yml <<EOF
filebeat.inputs:
- type: log
  enabled: true
  ##配置你要收集的日志目录，可以配置多个目录
  paths:
    - /var/lib/docker/containers/*/*.log
  ##配置多行日志合并规则，已时间为准，一个时间发生的日志为一个事件      
  multiline.pattern: '^\d{4}-\d{2}-\d{2}'
  multiline.negate: true
  multiline.match: after
## 设置kibana的地址，开始filebeat的可视化  
setup.kibana.host: "http://kibana的IP:5601"
setup.dashboards.enabled: true  

output.elasticsearch:
  hosts: ["http://elastic的IP:9200"]
  index: "filebeat-%{+yyyy.MM.dd}"
setup.template.name: "tuling-log"
setup.template.pattern: "tuling-log-*"
json.keys_under_root: false
json.overwrite_keys: true  
##设置解析json格式日志的规则
processors:
- decode_json_fields:
    fields: [""]
    target: json

EOF

docker run -d \
--user=root \
-v /data1/elk/filebeat.docker.yml:/usr/share/filebeat/filebeat.yml:ro \
-v /var/lib/docker/containers:/var/lib/docker/containers:ro \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-e -strict.perms=false \
--name filebeat \
--net=deepwise \
harbor.deepwise.com/infrastructure/elastic/filebeat:7.8.0