mkdir ~/elastic && cd ~/elastic
vi instances.yml
fullstack_elasticsearch_docker_compose/instances.yml
Lines 1 to 26 in 73a0445
instances: | |
- name: es01 | |
dns: | |
- es01 | |
- localhost | |
ip: | |
- 127.0.0.1 | |
- name: es02 | |
dns: | |
- es02 | |
- localhost | |
ip: | |
- 127.0.0.1 | |
- name: es03 | |
dns: | |
- es03 | |
- localhost | |
ip: | |
- 127.0.0.1 | |
- name: 'kib01' | |
dns: | |
- kib01 | |
- localhost |
vi .env
fullstack_elasticsearch_docker_compose/.env
Lines 1 to 3 in 752729a
COMPOSE_PROJECT_NAME=es | |
CERTS_DIR=/usr/share/elasticsearch/config/certificates | |
VERSION=7.13.2 |
vi kibana.yml
fullstack_elasticsearch_docker_compose/kibana.yml
Lines 1 to 15 in 752729a
server.name: "localhost" | |
server.host: "0.0.0.0" | |
server.port: 5601 | |
elasticsearch.hosts: ["https://es01:9200"] | |
elasticsearch.username: "kibana_system" | |
elasticsearch.password: "OP5J01VeD10mdkK9FDst" | |
server.ssl.enabled: true | |
server.ssl.certificate: /usr/share/elasticsearch/config/certificates/kib01/kib01.crt | |
server.ssl.key: /usr/share/elasticsearch/config/certificates/kib01/kib01.key | |
elasticsearch.ssl.certificateAuthorities: [ "/usr/share/elasticsearch/config/certificates/ca/ca.crt" ] | |
logging.dest: stdout | |
logging.silent: false | |
logging.quiet: false | |
logging.verbose: false | |
xpack.encryptedSavedObjects.encryptionKey: "ar87tpeqJ$u8XByVzR%HJY5jSMvMDTnZhM5tYnYtUp!D*@GK&@j" |
vim create-certs.yml
fullstack_elasticsearch_docker_compose/create-certs.yml
Lines 1 to 29 in 752729a
version: '2.2' | |
services: | |
create_certs: | |
image: docker.elastic.co/elasticsearch/elasticsearch:${VERSION} | |
container_name: create_certs | |
command: > | |
bash -c ' | |
yum install -y -q -e 0 unzip; | |
if [[ ! -f /certs/bundle.zip ]]; then | |
bin/elasticsearch-certutil cert --silent --pem --in config/certificates/instances.yml -out /certs/bundle.zip; | |
unzip /certs/bundle.zip -d /certs; | |
fi; | |
chown -R 1000:0 /certs | |
' | |
working_dir: /usr/share/elasticsearch | |
volumes: | |
- certs:/certs | |
- .:/usr/share/elasticsearch/config/certificates | |
networks: | |
- elastic | |
volumes: | |
certs: | |
driver: local | |
networks: | |
elastic: | |
driver: bridge |
vim docker-compose.yml
fullstack_elasticsearch_docker_compose/docker-compose.yml
Lines 1 to 127 in 0c6a432
version: '2.2' | |
services: | |
es01: | |
image: docker.elastic.co/elasticsearch/elasticsearch:${VERSION} | |
container_name: es01 | |
environment: | |
- node.name=es01 | |
- cluster.name=es-docker-cluster | |
- discovery.seed_hosts=es02,es03 | |
- cluster.initial_master_nodes=es01,es02,es03 | |
- bootstrap.memory_lock=true | |
- "ES_JAVA_OPTS=-Xms512m -Xmx512m" | |
- xpack.license.self_generated.type=basic | |
- xpack.security.enabled=true | |
- xpack.security.http.ssl.enabled=true | |
- xpack.security.http.ssl.key=$CERTS_DIR/es01/es01.key | |
- xpack.security.http.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt | |
- xpack.security.http.ssl.certificate=$CERTS_DIR/es01/es01.crt | |
- xpack.security.transport.ssl.enabled=true | |
- xpack.security.transport.ssl.verification_mode=certificate | |
- xpack.security.transport.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt | |
- xpack.security.transport.ssl.certificate=$CERTS_DIR/es01/es01.crt | |
- xpack.security.transport.ssl.key=$CERTS_DIR/es01/es01.key | |
ulimits: | |
memlock: | |
soft: -1 | |
hard: -1 | |
volumes: | |
- data01:/usr/share/elasticsearch/data | |
- certs:$CERTS_DIR | |
ports: | |
- 9200:9200 | |
networks: | |
- elastic | |
healthcheck: | |
test: curl --cacert $CERTS_DIR/ca/ca.crt -s https://localhost:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi | |
interval: 30s | |
timeout: 10s | |
retries: 5 | |
es02: | |
image: docker.elastic.co/elasticsearch/elasticsearch:${VERSION} | |
container_name: es02 | |
environment: | |
- node.name=es02 | |
- cluster.name=es-docker-cluster | |
- discovery.seed_hosts=es01,es03 | |
- cluster.initial_master_nodes=es01,es02,es03 | |
- bootstrap.memory_lock=true | |
- "ES_JAVA_OPTS=-Xms512m -Xmx512m" | |
- xpack.license.self_generated.type=basic | |
- xpack.security.enabled=true | |
- xpack.security.http.ssl.enabled=true | |
- xpack.security.http.ssl.key=$CERTS_DIR/es02/es02.key | |
- xpack.security.http.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt | |
- xpack.security.http.ssl.certificate=$CERTS_DIR/es02/es02.crt | |
- xpack.security.transport.ssl.enabled=true | |
- xpack.security.transport.ssl.verification_mode=certificate | |
- xpack.security.transport.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt | |
- xpack.security.transport.ssl.certificate=$CERTS_DIR/es02/es02.crt | |
- xpack.security.transport.ssl.key=$CERTS_DIR/es02/es02.key | |
ulimits: | |
memlock: | |
soft: -1 | |
hard: -1 | |
volumes: | |
- data02:/usr/share/elasticsearch/data | |
- certs:$CERTS_DIR | |
networks: | |
- elastic | |
es03: | |
image: docker.elastic.co/elasticsearch/elasticsearch:${VERSION} | |
container_name: es03 | |
environment: | |
- node.name=es03 | |
- cluster.name=es-docker-cluster | |
- discovery.seed_hosts=es01,es02 | |
- cluster.initial_master_nodes=es01,es02,es03 | |
- bootstrap.memory_lock=true | |
- "ES_JAVA_OPTS=-Xms512m -Xmx512m" | |
- xpack.license.self_generated.type=basic | |
- xpack.security.enabled=true | |
- xpack.security.http.ssl.enabled=true | |
- xpack.security.http.ssl.key=$CERTS_DIR/es03/es03.key | |
- xpack.security.http.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt | |
- xpack.security.http.ssl.certificate=$CERTS_DIR/es03/es03.crt | |
- xpack.security.transport.ssl.enabled=true | |
- xpack.security.transport.ssl.verification_mode=certificate | |
- xpack.security.transport.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt | |
- xpack.security.transport.ssl.certificate=$CERTS_DIR/es03/es03.crt | |
- xpack.security.transport.ssl.key=$CERTS_DIR/es03/es03.key | |
ulimits: | |
memlock: | |
soft: -1 | |
hard: -1 | |
volumes: | |
- data03:/usr/share/elasticsearch/data | |
- certs:$CERTS_DIR | |
networks: | |
- elastic | |
kib01: | |
image: docker.elastic.co/kibana/kibana:${VERSION} | |
container_name: kib01 | |
depends_on: {"es01": {"condition": "service_healthy"}} | |
ports: | |
- 5601:5601 | |
volumes: | |
- certs:$CERTS_DIR | |
- ./kibana.yml:/usr/share/kibana/config/kibana.yml | |
networks: | |
- elastic | |
volumes: | |
data01: | |
driver: local | |
data02: | |
driver: local | |
data03: | |
driver: local | |
certs: | |
driver: local | |
networks: | |
elastic: | |
driver: bridge |
docker-compose -f create-certs.yml run --rm create_certs
docker-compose up -d
docker exec es01 /bin/bash -c "bin/elasticsearch-setup-passwords \
auto --batch --url https://es01:9200"
write down the output
Changed password for user apm_system
PASSWORD apm_system = QQLaZMXVPIweAF95pAFN
Changed password for user kibana_system
PASSWORD kibana_system = OP5J01VeD10mdkK9FDst
Changed password for user kibana
PASSWORD kibana = OP5J01VeD10mdkK9FDst
Changed password for user logstash_system
PASSWORD logstash_system = rNOYXcWfVx7zW3ksvggB
Changed password for user beats_system
PASSWORD beats_system = 1FCpGAUPPNZqBqKlChbt
Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = 07s30JzSXqcJkXHpsCTh
Changed password for user elastic
PASSWORD elastic = AMGKZ7xDWcpaQtXWGzff
sed -i 's|CHANGEME|\"OP5J01VeD10mdkK9FDst\"|g' docker-compose.yml
sed -i 's|CHANGEME|OP5J01VeD10mdkK9FDst|g' kibana.yml
docker-compose down
Login to you lab kibana instance with the ip of the host. https://host.ip:5601
use elastic / AMGKZ7xDWcpaQtXWGzff from the output above to login.