一键脚本快速安装容器版本GrayLog
脚本graylog_docker_install.sh #!/bin/bash sed -i 's/enforcing/disabled/g' /etc/selinux/config setenforce 0 curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo # step 1: 安装必要的一些系统工具 yum install -y yum-utils device-mapper-persistent-data lvm2 # Step 2: 添加软件源信息 yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo # Step 3 sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo # Step 4: 更新并安装Docker-CE yum makecache fast yum -y install docker-ce # Step 4: 开启Docker服务 mkdir -p /data/docker sed -i "s#ExecStart=/usr/bin/dockerd -H fd://#ExecStart=/usr/bin/dockerd -g /data/docker -H fd://#g" /lib/systemd/system/docker.service cat /lib/systemd/system/docker.service | grep ExecStart systemctl daemon-reload mkdir -p /etc/docker/ touch /etc/docker/daemon.json cat > /etc/docker/daemon.json << \EOF { "bip": "10.112.0.1/24", "registry-mirrors": ["https://XXXX.mirror.aliyuncs.com"] } EOF systemctl enable docker systemctl restart docker docker version cat > /opt/docker-compose.yml<< \EOF version: '2' services: # MongoDB: https://hub.docker.com/_/mongo/ mongodb: image: mongo:4.2 container_name: graylog_mongodb volumes: - /data/graylog/mongodb:/data/db network_mode: bridge # Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/7.10/docker.html elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2 container_name: graylog_elasticsearch volumes: - /data/graylog/es_data:/usr/share/elasticsearch/data environment: - http.host=0.0.0.0 - transport.host=localhost - network.host=0.0.0.0 - "ES_JAVA_OPTS=-Xms512m -Xmx512m" ulimits: memlock: soft: -1 hard: -1 mem_limit: 1g network_mode: bridge # Graylog: https://hub.docker.com/r/graylog/graylog/ graylog: image: graylog/graylog:4.2 container_name: graylog volumes: - /data/graylog/graylog_data:/usr/share/graylog/data entrypoint: /usr/bin/tini -- wait-for-it elasticsearch:9200 -- /docker-entrypoint.sh links: - mongodb:mongo - elasticsearch restart: always depends_on: - mongodb - elasticsearch ports: # Graylog web interface and REST API - 9000:9000 # Syslog TCP - 1514:1514 # Syslog UDP - 1514:1514/udp # GELF TCP - 12201:12201 # GELF UDP - 12201:12201/udp network_mode: bridge # Volumes for persisting data, see https://docs.docker.com/engine/admin/volumes/volumes/ volumes: mongo_data: driver: local es_data: driver: local graylog_data: driver: local networks: default: external: true EOF yum -y install docker-compose cd /opt echo "vm.max_map_count=262144" >> /etc/sysctl.conf sysctl -w vm.max_map_count=262144 docker load -i /opt/graylog4.2.tar docker-compose up -d chmod 777 -R /data/graylog/es_data /data/graylog/graylog_data sleep 8 docker restart graylog sleep 8 docker cp /opt/graylog.conf graylog:/usr/share/graylog/data/config/ docker cp /opt/log4j2.xml graylog:/usr/share/graylog/data/config/ docker restart graylog
二、脚本使用演示
1、CentOS下rz上传安装包
graylog_docker_install_onekey.tar.gz tar -zxvf graylog_docker_install_onekey.tar.gz -C /opt cd /opt/ vim graylog_docker_install.sh 请务必修改脚本中容器镜像加速地址为自己的阿里云容器镜像加速地址 cat > /etc/docker/daemon.json << \EOF { "bip": "10.112.0.1/24", "registry-mirrors": ["https://XXXX.mirror.aliyuncs.com"] }
2、执行一键安装脚本
./graylog_docker_install.sh
说明:
- 1、脚本中graylog/graylog:4.2的镜像源拉取过慢,所以我在模板机器上导出 docker save -o graylog4.2.tar graylog/graylog:4.2在一键安装脚本load进行本地装载
- 2、mongo和es的docker镜像通过网络进行拉取
- 3、yum源方式安装docker-compose,使用docker-compose.yml文件生成graylog容器
- 4、容器网络使用的是宿主机默认容器网络bridge (docker0)
- 5、graylog.conf中已经设置时区为Asia/Shanghai,高亮模式已经开启,admin密码已经设置为Graylog@2022
3、接下来直接访问宿主机的http://IP:9000即可访问graylog
登录密码为admin/Graylog@2022
4、关于graylog容器中使用GeoLite2-City.mmdb
docker cp /opt/GeoLite2-City.mmdb graylog:/usr/share/graylog/data/config/ docker exec -it graylog /bin/bash docker restart graylog
下载链接
