diff --git a/README.md b/README.md index eb44394..800b54c 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,10 @@ [![Join the chat at https://gitter.im/deviantony/fig-elk](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/deviantony/fig-elk?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) +**WARNING: Experimental support of the X-Pack version of the Elastic stack.** + +It is *NOT* recommended to use this in production. + Run the latest version of the ELK (Elasticseach, Logstash, Kibana) stack with Docker and Docker-compose. It will give you the ability to analyze any data set by using the searching/aggregation capabilities of Elasticseach and the visualization power of Kibana. @@ -50,18 +54,16 @@ Now that the stack is running, you'll want to inject logs in it. The shipped log $ nc localhost 5000 < /path/to/logfile.log ``` -And then access Kibana UI by hitting [http://localhost:5601](http://localhost:5601) with a web browser. +And then access Kibana UI by hitting [http://localhost:5601](http://localhost:5601) with a web browser and use the following credentials to login: + +* user: *elastic* +* password: *pass-elastic* *NOTE*: You'll need to inject data into logstash before being able to create a logstash index in Kibana. Then all you should have to do is to hit the create button. See: https://www.elastic.co/guide/en/kibana/current/setup.html#connect -You can also access: -* Sense: [http://localhost:5601/app/sense](http://localhost:5601/app/sense) - -*NOTE*: In order to use Sense, you'll need to query the IP address associated to your *network device* instead of localhost. - By default, the stack exposes the following ports: * 5000: Logstash TCP input. * 9200: Elasticsearch HTTP diff --git a/docker-compose.yml b/docker-compose.yml index 863a109..5352411 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,11 +1,10 @@ elasticsearch: - image: elasticsearch:latest - command: elasticsearch -Des.network.host=0.0.0.0 + build: elasticsearch/ ports: - "9200:9200" - "9300:9300" logstash: - image: logstash:latest + image: logstash:5 command: logstash -f /etc/logstash/conf.d/logstash.conf volumes: - ./logstash/config:/etc/logstash/conf.d diff --git a/elasticsearch/Dockerfile b/elasticsearch/Dockerfile new file mode 100644 index 0000000..12eb078 --- /dev/null +++ b/elasticsearch/Dockerfile @@ -0,0 +1,12 @@ +FROM elasticsearch:5 + +ENV ES_JAVA_OPTS="-Des.path.conf=/etc/elasticsearch" + +RUN elasticsearch-plugin install x-pack + +RUN apt-get update && apt-get install -y netcat + +COPY entrypoint.sh /tmp/entrypoint.sh +RUN chmod +x /tmp/entrypoint.sh + +CMD ["/tmp/entrypoint.sh"] diff --git a/elasticsearch/entrypoint.sh b/elasticsearch/entrypoint.sh new file mode 100644 index 0000000..94edd8e --- /dev/null +++ b/elasticsearch/entrypoint.sh @@ -0,0 +1,19 @@ +#!/usr/bin/env bash + +echo "Starting Elasticsearch" +gosu elasticsearch elasticsearch -E es.network.host=0.0.0.0 -E es.discovery.zen.minimum_master_nodes=1 & + +echo "Waiting for Elasticsearch to boot..." +while true; do + nc -q 1 localhost 9200 2>/dev/null && break +done + +echo "Elasticsearch ready. Creating x-pack users..." + +/usr/share/elasticsearch/bin/x-pack/users useradd elastic -r admin -p 'pass-elastic' +/usr/share/elasticsearch/bin/x-pack/users useradd kibana -r kibana4_server -p 'pass-kibana' +/usr/share/elasticsearch/bin/x-pack/users useradd logstash -r logstash -p 'pass-logstash' + +while true; do sleep 1000; done + +exit 0 diff --git a/kibana/Dockerfile b/kibana/Dockerfile index fe594e1..a6760b8 100644 --- a/kibana/Dockerfile +++ b/kibana/Dockerfile @@ -1,10 +1,10 @@ -FROM kibana:latest +FROM kibana:5 -RUN apt-get update && apt-get install -y netcat +RUN apt-get update && apt-get install -y netcat bzip2 COPY entrypoint.sh /tmp/entrypoint.sh RUN chmod +x /tmp/entrypoint.sh -RUN kibana plugin --install elastic/sense +RUN kibana-plugin install x-pack CMD ["/tmp/entrypoint.sh"] diff --git a/kibana/config/kibana.yml b/kibana/config/kibana.yml index 820c776..816deac 100644 --- a/kibana/config/kibana.yml +++ b/kibana/config/kibana.yml @@ -74,3 +74,10 @@ bundled_plugin_ids: - plugins/table_vis/index - plugins/vis_types/index - plugins/visualize/index + + +xpack.security.encryptionKey: "my-secret-key" +elasticsearch.username: "kibana" +elasticsearch.password: "pass-kibana" +xpack.security.skipSslCheck: true +xpack.security.useUnsafeSessions: true diff --git a/logstash/config/logstash.conf b/logstash/config/logstash.conf index 5718b33..20e7081 100644 --- a/logstash/config/logstash.conf +++ b/logstash/config/logstash.conf @@ -9,5 +9,7 @@ input { output { elasticsearch { hosts => "elasticsearch:9200" + user => "logstash" + password => "pass-logstash" } }