操作步骤
# ========== 方法一:直接复制 + 重启(最简单)==========
# 步骤 1:在宿主机创建配置文件
cat > /home/data/taiyuan/es-3-new/config/log4j2.properties << 'EOF'
status = error
# ==================== 控制台输出配置 ====================
appender.console.type = Console
appender.console.name = console
appender.console.layout.type = PatternLayout
appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n
# ==================== 主日志文件配置 ====================
# 滚动文件输出器
appender.rolling.type = RollingFile
appender.rolling.name = rolling
# 当前日志文件名
appender.rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}.log
# 日志格式
appender.rolling.layout.type = PatternLayout
appender.rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%.-10000m%n
# 归档日志文件名模式(按天滚动)
appender.rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}-%i.log.gz
# 滚动策略
appender.rolling.policies.type = Policies
# 时间滚动策略:每天滚动一次
appender.rolling.policies.time.type = TimeBasedTriggeringPolicy
appender.rolling.policies.time.interval = 1
appender.rolling.policies.time.modulate = true
# 大小滚动策略:单个文件超过 1GB 就滚动
appender.rolling.policies.size.type = SizeBasedTriggeringPolicy
appender.rolling.policies.size.size = 1GB
# 删除策略:保留 180 天(6 个月)
appender.rolling.strategy.type = DefaultRolloverStrategy
appender.rolling.strategy.action.type = Delete
appender.rolling.strategy.action.basepath = ${sys:es.logs.base_path}
appender.rolling.strategy.action.condition.type = IfLastModified
# 保留 180 天
appender.rolling.strategy.action.condition.age = 180D
appender.rolling.strategy.action.PathConditions.type = IfFileName
appender.rolling.strategy.action.PathConditions.glob = ${sys:es.logs.cluster_name}-*
# 最多保留 500 个文件
appender.rolling.strategy.max = 500
# ==================== 慢查询日志配置 ====================
appender.index_search_slowlog_rolling.type = RollingFile
appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling
appender.index_search_slowlog_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_index_search_slowlog.log
appender.index_search_slowlog_rolling.layout.type = PatternLayout
appender.index_search_slowlog_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c] %marker%.-10000m%n
appender.index_search_slowlog_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_index_search_slowlog-%d{yyyy-MM-dd}.log.gz
appender.index_search_slowlog_rolling.policies.type = Policies
appender.index_search_slowlog_rolling.policies.time.type = TimeBasedTriggeringPolicy
appender.index_search_slowlog_rolling.policies.time.interval = 1
appender.index_search_slowlog_rolling.policies.time.modulate = true
# ==================== 索引慢日志配置 ====================
appender.index_indexing_slowlog_rolling.type = RollingFile
appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling
appender.index_indexing_slowlog_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_index_indexing_slowlog.log
appender.index_indexing_slowlog_rolling.layout.type = PatternLayout
appender.index_indexing_slowlog_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c] %marker%.-10000m%n
appender.index_indexing_slowlog_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_index_indexing_slowlog-%d{yyyy-MM-dd}.log.gz
appender.index_indexing_slowlog_rolling.policies.type = Policies
appender.index_indexing_slowlog_rolling.policies.time.type = TimeBasedTriggeringPolicy
appender.index_indexing_slowlog_rolling.policies.time.interval = 1
appender.index_indexing_slowlog_rolling.policies.time.modulate = true
# ==================== 弃用日志配置 ====================
appender.deprecation_rolling.type = RollingFile
appender.deprecation_rolling.name = deprecation_rolling
appender.deprecation_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation.log
appender.deprecation_rolling.layout.type = PatternLayout
appender.deprecation_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c] %marker%.-10000m%n
appender.deprecation_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation-%d{yyyy-MM-dd}.log.gz
appender.deprecation_rolling.policies.type = Policies
appender.deprecation_rolling.policies.time.type = TimeBasedTriggeringPolicy
appender.deprecation_rolling.policies.time.interval = 1
appender.deprecation_rolling.policies.time.modulate = true
# ==================== 日志级别配置 ====================
# 根日志级别:info
rootLogger.level = info
rootLogger.appenderRef.console.ref = console
rootLogger.appenderRef.rolling.ref = rolling
# 慢查询日志
logger.index_search_slowlog_rolling.name = index.search.slowlog
logger.index_search_slowlog_rolling.level = trace
logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling
logger.index_search_slowlog_rolling.additivity = false
# 索引慢日志
logger.index_indexing_slowlog.name = index.indexing.slowlog.index
logger.index_indexing_slowlog.level = trace
logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling
logger.index_indexing_slowlog.additivity = false
# 弃用日志
logger.deprecation.name = org.elasticsearch.deprecation
logger.deprecation.level = warn
logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling
logger.deprecation.additivity = false
EOF
# 步骤 2:复制到容器
docker cp /home/data/taiyuan/es-2/config/log4j2.properties elasticsearch-2:/usr/share/elasticsearch/config/
# 步骤 3:验证文件是否复制成功
docker exec elasticsearch-2 ls -l /usr/share/elasticsearch/config/log4j2.properties
# 步骤 4:查看文件权限和所有者
docker exec elasticsearch-2 ls -l /usr/share/elasticsearch/config/
# 步骤 5:重启容器
docker restart elasticsearch-2
# 步骤 6:宿主机查看日志是否生成
ls -l /home/data/taiyuan/es-2/logs
#--------------------------------------------------------------------------------------------
#方法二:重建容器:
cat > /home/data/taiyuan/es-3-new/config/custom-elasticsearch.yml << 'EOF'
network.host: 0.0.0.0
path.repo: [/usr/share/elasticsearch/data/es-backup]
bootstrap.memory_lock: true
action.auto_create_index: .security,.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*
xpack.security.enabled: true
EOF
# 设置权限
chmod 666 /home/data/taiyuan/es-3-new/config/log4j2.properties
chmod 666 /home/data/taiyuan/es-3-new/config/custom-elasticsearch.yml
# 启动容器
docker run -d \
--name elasticsearch-3-new \
--restart=always \
-p 7107:9200 \
-p 7108:9300 \
-e "ES_JAVA_OPTS=-Xms4g -Xmx4g" \
-e "ELASTIC_PASSWORD=Cjxx-2023" \
-v /home/data/taiyuan/es-3-new/data:/usr/share/elasticsearch/data \
-v /home/data/taiyuan/es-3-new/logs:/usr/share/elasticsearch/logs \
-v /home/data/taiyuan/es-3-new/config/custom-elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml \
-v /home/data/taiyuan/es-3-new/config/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties \
--ulimit memlock=-1:-1 \
elasticsearch:5.5.2
#先将配置文件中的xpack.security.enabled: true注释,重启es容器安装x-pack插件
# 在有网络的电脑上执行:
# 1. 下载插件包
wget https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-5.5.2.zip
# 2. 通过 SCP/SFTP 上传到服务器
scp x-pack-5.5.2.zip root@172.22.3.129:/tmp/
# 3. 在服务器上执行离线安装
cp /tmp/x-pack-5.5.2.zip /home/data/taiyuan/es-3-new/data/
docker exec elasticsearch-3-new \
/usr/share/elasticsearch/bin/elasticsearch-plugin install \
file:///usr/share/elasticsearch/data/x-pack-5.5.2.zip --batch
#再将配置文件中的xpack.security.enabled: true取消注释,重启es容器,容器即可正常启动
# 等待启动
sleep 15
# 检查日志文件
ls -lh /home/data/taiyuan/es-3-new/logs/
# 查看日志内容
tail -100 /home/data/taiyuan/es-3-new/logs/elasticsearch.log
