mkdir ~/elastic && cd ~/elastic
vi instances.yml
fullstack_elasticsearch_docker_compose/instances.yml
Lines 1 to 26 in 73a0445
| instances: | |
| - name: es01 | |
| dns: | |
| - es01 | |
| - localhost | |
| ip: | |
| - 127.0.0.1 | |
| - name: es02 | |
| dns: | |
| - es02 | |
| - localhost | |
| ip: | |
| - 127.0.0.1 | |
| - name: es03 | |
| dns: | |
| - es03 | |
| - localhost | |
| ip: | |
| - 127.0.0.1 | |
| - name: 'kib01' | |
| dns: | |
| - kib01 | |
| - localhost |
vi .env
fullstack_elasticsearch_docker_compose/.env
Lines 1 to 3 in 752729a
| COMPOSE_PROJECT_NAME=es | |
| CERTS_DIR=/usr/share/elasticsearch/config/certificates | |
| VERSION=7.13.2 |
vi kibana.yml
fullstack_elasticsearch_docker_compose/kibana.yml
Lines 1 to 15 in 752729a
| server.name: "localhost" | |
| server.host: "0.0.0.0" | |
| server.port: 5601 | |
| elasticsearch.hosts: ["https://es01:9200"] | |
| elasticsearch.username: "kibana_system" | |
| elasticsearch.password: "OP5J01VeD10mdkK9FDst" | |
| server.ssl.enabled: true | |
| server.ssl.certificate: /usr/share/elasticsearch/config/certificates/kib01/kib01.crt | |
| server.ssl.key: /usr/share/elasticsearch/config/certificates/kib01/kib01.key | |
| elasticsearch.ssl.certificateAuthorities: [ "/usr/share/elasticsearch/config/certificates/ca/ca.crt" ] | |
| logging.dest: stdout | |
| logging.silent: false | |
| logging.quiet: false | |
| logging.verbose: false | |
| xpack.encryptedSavedObjects.encryptionKey: "ar87tpeqJ$u8XByVzR%HJY5jSMvMDTnZhM5tYnYtUp!D*@GK&@j" |
vim create-certs.yml
fullstack_elasticsearch_docker_compose/create-certs.yml
Lines 1 to 29 in 752729a
| version: '2.2' | |
| services: | |
| create_certs: | |
| image: docker.elastic.co/elasticsearch/elasticsearch:${VERSION} | |
| container_name: create_certs | |
| command: > | |
| bash -c ' | |
| yum install -y -q -e 0 unzip; | |
| if [[ ! -f /certs/bundle.zip ]]; then | |
| bin/elasticsearch-certutil cert --silent --pem --in config/certificates/instances.yml -out /certs/bundle.zip; | |
| unzip /certs/bundle.zip -d /certs; | |
| fi; | |
| chown -R 1000:0 /certs | |
| ' | |
| working_dir: /usr/share/elasticsearch | |
| volumes: | |
| - certs:/certs | |
| - .:/usr/share/elasticsearch/config/certificates | |
| networks: | |
| - elastic | |
| volumes: | |
| certs: | |
| driver: local | |
| networks: | |
| elastic: | |
| driver: bridge |
vim docker-compose.yml
fullstack_elasticsearch_docker_compose/docker-compose.yml
Lines 1 to 127 in 0c6a432
| version: '2.2' | |
| services: | |
| es01: | |
| image: docker.elastic.co/elasticsearch/elasticsearch:${VERSION} | |
| container_name: es01 | |
| environment: | |
| - node.name=es01 | |
| - cluster.name=es-docker-cluster | |
| - discovery.seed_hosts=es02,es03 | |
| - cluster.initial_master_nodes=es01,es02,es03 | |
| - bootstrap.memory_lock=true | |
| - "ES_JAVA_OPTS=-Xms512m -Xmx512m" | |
| - xpack.license.self_generated.type=basic | |
| - xpack.security.enabled=true | |
| - xpack.security.http.ssl.enabled=true | |
| - xpack.security.http.ssl.key=$CERTS_DIR/es01/es01.key | |
| - xpack.security.http.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt | |
| - xpack.security.http.ssl.certificate=$CERTS_DIR/es01/es01.crt | |
| - xpack.security.transport.ssl.enabled=true | |
| - xpack.security.transport.ssl.verification_mode=certificate | |
| - xpack.security.transport.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt | |
| - xpack.security.transport.ssl.certificate=$CERTS_DIR/es01/es01.crt | |
| - xpack.security.transport.ssl.key=$CERTS_DIR/es01/es01.key | |
| ulimits: | |
| memlock: | |
| soft: -1 | |
| hard: -1 | |
| volumes: | |
| - data01:/usr/share/elasticsearch/data | |
| - certs:$CERTS_DIR | |
| ports: | |
| - 9200:9200 | |
| networks: | |
| - elastic | |
| healthcheck: | |
| test: curl --cacert $CERTS_DIR/ca/ca.crt -s https://localhost:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi | |
| interval: 30s | |
| timeout: 10s | |
| retries: 5 | |
| es02: | |
| image: docker.elastic.co/elasticsearch/elasticsearch:${VERSION} | |
| container_name: es02 | |
| environment: | |
| - node.name=es02 | |
| - cluster.name=es-docker-cluster | |
| - discovery.seed_hosts=es01,es03 | |
| - cluster.initial_master_nodes=es01,es02,es03 | |
| - bootstrap.memory_lock=true | |
| - "ES_JAVA_OPTS=-Xms512m -Xmx512m" | |
| - xpack.license.self_generated.type=basic | |
| - xpack.security.enabled=true | |
| - xpack.security.http.ssl.enabled=true | |
| - xpack.security.http.ssl.key=$CERTS_DIR/es02/es02.key | |
| - xpack.security.http.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt | |
| - xpack.security.http.ssl.certificate=$CERTS_DIR/es02/es02.crt | |
| - xpack.security.transport.ssl.enabled=true | |
| - xpack.security.transport.ssl.verification_mode=certificate | |
| - xpack.security.transport.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt | |
| - xpack.security.transport.ssl.certificate=$CERTS_DIR/es02/es02.crt | |
| - xpack.security.transport.ssl.key=$CERTS_DIR/es02/es02.key | |
| ulimits: | |
| memlock: | |
| soft: -1 | |
| hard: -1 | |
| volumes: | |
| - data02:/usr/share/elasticsearch/data | |
| - certs:$CERTS_DIR | |
| networks: | |
| - elastic | |
| es03: | |
| image: docker.elastic.co/elasticsearch/elasticsearch:${VERSION} | |
| container_name: es03 | |
| environment: | |
| - node.name=es03 | |
| - cluster.name=es-docker-cluster | |
| - discovery.seed_hosts=es01,es02 | |
| - cluster.initial_master_nodes=es01,es02,es03 | |
| - bootstrap.memory_lock=true | |
| - "ES_JAVA_OPTS=-Xms512m -Xmx512m" | |
| - xpack.license.self_generated.type=basic | |
| - xpack.security.enabled=true | |
| - xpack.security.http.ssl.enabled=true | |
| - xpack.security.http.ssl.key=$CERTS_DIR/es03/es03.key | |
| - xpack.security.http.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt | |
| - xpack.security.http.ssl.certificate=$CERTS_DIR/es03/es03.crt | |
| - xpack.security.transport.ssl.enabled=true | |
| - xpack.security.transport.ssl.verification_mode=certificate | |
| - xpack.security.transport.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt | |
| - xpack.security.transport.ssl.certificate=$CERTS_DIR/es03/es03.crt | |
| - xpack.security.transport.ssl.key=$CERTS_DIR/es03/es03.key | |
| ulimits: | |
| memlock: | |
| soft: -1 | |
| hard: -1 | |
| volumes: | |
| - data03:/usr/share/elasticsearch/data | |
| - certs:$CERTS_DIR | |
| networks: | |
| - elastic | |
| kib01: | |
| image: docker.elastic.co/kibana/kibana:${VERSION} | |
| container_name: kib01 | |
| depends_on: {"es01": {"condition": "service_healthy"}} | |
| ports: | |
| - 5601:5601 | |
| volumes: | |
| - certs:$CERTS_DIR | |
| - ./kibana.yml:/usr/share/kibana/config/kibana.yml | |
| networks: | |
| - elastic | |
| volumes: | |
| data01: | |
| driver: local | |
| data02: | |
| driver: local | |
| data03: | |
| driver: local | |
| certs: | |
| driver: local | |
| networks: | |
| elastic: | |
| driver: bridge |
docker-compose -f create-certs.yml run --rm create_certs
docker-compose up -d
docker exec es01 /bin/bash -c "bin/elasticsearch-setup-passwords \
auto --batch --url https://es01:9200"
write down the output
Changed password for user apm_system
PASSWORD apm_system = QQLaZMXVPIweAF95pAFN
Changed password for user kibana_system
PASSWORD kibana_system = OP5J01VeD10mdkK9FDst
Changed password for user kibana
PASSWORD kibana = OP5J01VeD10mdkK9FDst
Changed password for user logstash_system
PASSWORD logstash_system = rNOYXcWfVx7zW3ksvggB
Changed password for user beats_system
PASSWORD beats_system = 1FCpGAUPPNZqBqKlChbt
Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = 07s30JzSXqcJkXHpsCTh
Changed password for user elastic
PASSWORD elastic = AMGKZ7xDWcpaQtXWGzff
sed -i 's|CHANGEME|\"OP5J01VeD10mdkK9FDst\"|g' docker-compose.yml
sed -i 's|CHANGEME|OP5J01VeD10mdkK9FDst|g' kibana.yml
docker-compose down
Login to you lab kibana instance with the ip of the host. https://host.ip:5601
use elastic / AMGKZ7xDWcpaQtXWGzff from the output above to login.