Advertisement
G0nz0uk

elk yaml

Oct 28th, 2024
179
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
YAML 5.71 KB | None | 0 0
  1. cat elasticsearch_kibana_compose.yml
  2. version: "2.2"
  3.  
  4. services:
  5.   setup:
  6.     image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
  7.     volumes:
  8.      - certs:/usr/share/elasticsearch/config/certs
  9.       - certs:/usr/share/kibana/config/certs
  10.       - /etc/certs:/usr/share/elasticsearch/config/certificates
  11.     user: "0"
  12.     command: >
  13.      bash -c '
  14.         if [ x${ELASTIC_PASSWORD} == x ]; then
  15.           echo "Set the ELASTIC_PASSWORD environment variable in the .env file";
  16.           exit 1;
  17.         elif [ x${KIBANA_PASSWORD} == x ]; then
  18.           echo "Set the KIBANA_PASSWORD environment variable in the .env file";
  19.           exit 1;
  20.         fi;
  21.         if [ ! -f config/certs/ca.zip ]; then
  22.           echo "Creating CA";
  23.           bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
  24.           unzip config/certs/ca.zip -d config/certs;
  25.         fi;
  26.         if [ ! -f config/certs/certs.zip ]; then
  27.           echo "Creating certs";
  28.           echo -ne \
  29.           "instances:\n"\
  30.           "  - name: es01\n"\
  31.           "    dns:\n"\
  32.           "      - es01\n"\
  33.           "      - localhost\n"\
  34.           "    ip:\n"\
  35.           "      - 127.0.0.1\n"\
  36.           > config/certs/instances.yml;
  37.           bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
  38.           unzip config/certs/certs.zip -d config/certs;
  39.         fi;
  40.         echo "Setting file permissions"
  41.         chown -R root:root config/certs;
  42.         find . -type d -exec chmod 750 \{\} \;;
  43.         find . -type f -exec chmod 640 \{\} \;;
  44.         echo "Waiting for Elasticsearch availability";
  45.         until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
  46.         echo "Setting kibana_system password";
  47.         until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;
  48.         echo "All done!";
  49.       '
  50.     healthcheck:
  51.       test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"]
  52.       interval: 1s
  53.       timeout: 5s
  54.       retries: 120
  55.  
  56.   es01:
  57.     depends_on:
  58.       setup:
  59.         condition: service_healthy
  60.     image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
  61.     volumes:
  62.      - certs:/usr/share/elasticsearch/config/certs
  63.       - certs:/usr/share/kibana/config/certs
  64.       - /etc/certs:/usr/share/elasticsearch/config/certificates
  65.       - esdata01:/usr/share/elasticsearch/data
  66.     ports:
  67.      - ${ES_PORT}:9200
  68.     environment:
  69.      - node.name=es01
  70.       - cluster.name=${CLUSTER_NAME}
  71.       - cluster.initial_master_nodes=es01
  72.       - discovery.seed_hosts=es01
  73.       - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
  74.       - bootstrap.memory_lock=true
  75.  
  76.       - xpack.security.enabled=true
  77.       - xpack.security.http.ssl.enabled=true
  78.       - xpack.security.http.ssl.key=/usr/share/elasticsearch/config/certificates/node.key
  79.       - xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/certificates/node.crt
  80.       - xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/certificates/ca.crt
  81.       - xpack.security.http.ssl.verification_mode=none
  82.  
  83.       - xpack.security.transport.ssl.enabled=true
  84.       - xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/certificates/node.key
  85.       - xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/certificates/node.crt
  86.       - xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/certificates/ca.crt
  87.       - xpack.security.transport.ssl.verification_mode=certificate
  88.  
  89. #      - xpack.security.enabled=true
  90. #      - xpack.security.http.ssl.enabled=true
  91. #      - xpack.security.http.ssl.key=certs/es01/es01.key
  92. #      - xpack.security.http.ssl.certificate=certs/es01/es01.crt
  93. #      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
  94.  
  95. #      - xpack.security.transport.ssl.enabled=true
  96. #      - xpack.security.transport.ssl.key=certs/es01/es01.key
  97. #      - xpack.security.transport.ssl.certificate=certs/es01/es01.crt
  98. #      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
  99. #      - xpack.security.transport.ssl.verification_mode=certificate
  100.  
  101.       - xpack.license.self_generated.type=${LICENSE}
  102.     mem_limit: ${MEM_LIMIT}
  103.     ulimits:
  104.       memlock:
  105.         soft: -1
  106.         hard: -1
  107.     healthcheck:
  108.       test:
  109.        [
  110.           "CMD-SHELL",
  111.           "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
  112.         ]
  113.       interval: 10s
  114.       timeout: 10s
  115.       retries: 120
  116.   kibana:
  117.     depends_on:
  118.       es01:
  119.         condition: service_healthy
  120.     image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
  121.     volumes:
  122.      - certs:/usr/share/kibana/config/certs
  123.       - kibanadata:/usr/share/kibana/data
  124.     ports:
  125.      - ${KIBANA_PORT}:5601
  126.     environment:
  127.      - SERVERNAME=kibana
  128.       - ELASTICSEARCH_HOSTS=https://es01:9200
  129.       - ELASTICSEARCH_USERNAME=kibana_system
  130.       - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
  131.       - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
  132.     mem_limit: ${MEM_LIMIT}
  133.     healthcheck:
  134.       test:
  135.        [
  136.           "CMD-SHELL",
  137.           "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
  138.         ]
  139.       interval: 10s
  140.       timeout: 10s
  141.       retries: 120
  142.  
  143. volumes:
  144.   certs:
  145.     driver: local
  146.   esdata01:
  147.     driver: local
  148.   kibanadata:
  149.     driver: local
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement