Advertisement
G0nz0uk

elk123

Oct 29th, 2024
155
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
YAML 5.74 KB | None | 0 0
  1. version: "2.2"
  2.  
  3. services:
  4.   setup:
  5.     image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
  6.     volumes:
  7.      - certs:/usr/share/elasticsearch/config/certs
  8.       - certs:/usr/share/kibana/config/certs
  9.       - /etc/certs:/usr/share/elasticsearch/config/certificates
  10.     user: "0"
  11.     command: >
  12.      bash -c '
  13.         if [ x${ELASTIC_PASSWORD} == x ]; then
  14.           echo "Set the ELASTIC_PASSWORD environment variable in the .env file";
  15.           exit 1;
  16.         elif [ x${KIBANA_PASSWORD} == x ]; then
  17.           echo "Set the KIBANA_PASSWORD environment variable in the .env file";
  18.           exit 1;
  19.         fi;
  20.         if [ ! -f config/certs/ca.zip ]; then
  21.           echo "Creating CA";
  22.           bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
  23.           unzip config/certs/ca.zip -d config/certs;
  24.         fi;
  25.         if [ ! -f config/certs/certs.zip ]; then
  26.           echo "Creating certs";
  27.           echo -ne \
  28.           "instances:\n"\
  29.           "  - name: es01\n"\
  30.           "    dns:\n"\
  31.           "      - es01\n"\
  32.           "      - localhost\n"\
  33.           "    ip:\n"\
  34.           "      - 127.0.0.1\n"\
  35.           > config/certs/instances.yml;
  36.           bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
  37.           unzip config/certs/certs.zip -d config/certs;
  38.         fi;
  39.         echo "Setting file permissions"
  40.         chown -R root:root config/certs;
  41.         find . -type d -exec chmod 750 \{\} \;;
  42.         find . -type f -exec chmod 640 \{\} \;;
  43.         echo "Waiting for Elasticsearch availability";
  44.         until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
  45.         echo "Setting kibana_system password";
  46.         until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;
  47.         echo "All done!";
  48.       '
  49.     healthcheck:
  50.       test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"]
  51.       interval: 1s
  52.       timeout: 5s
  53.       retries: 120
  54.  
  55.   es01:
  56.     depends_on:
  57.       setup:
  58.         condition: service_healthy
  59.     image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
  60.     volumes:
  61.      - certs:/usr/share/elasticsearch/config/certs
  62.       - certs:/usr/share/kibana/config/certs
  63.       - /etc/certs:/usr/share/elasticsearch/config/certificates
  64.       - esdata01:/usr/share/elasticsearch/data
  65.     ports:
  66.      - ${ES_PORT}:9200
  67.     environment:
  68.      - node.name=es01
  69.       - cluster.name=${CLUSTER_NAME}
  70.       - cluster.initial_master_nodes=es01
  71.       - discovery.seed_hosts=es01
  72.       - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
  73.       - bootstrap.memory_lock=true
  74.  
  75. #      - xpack.security.enabled=true
  76. #      - xpack.security.http.ssl.enabled=true
  77. #      - xpack.security.http.ssl.key=/usr/share/elasticsearch/config/certificates/vmnetflow_global_com.key
  78. #      - xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/certificates/vmnetflow_global_com.crt
  79. #      - xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/certificates/ca.crt
  80. #      - xpack.security.http.ssl.verification_mode=none
  81.  
  82. #      - xpack.security.transport.ssl.enabled=true
  83. #      - xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/certificates/vmnetflow_global_com.key
  84. #      - xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/certificates/vmnetflow_global_com.crt
  85. #      - xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/certificates/ca.crt
  86. #      - xpack.security.transport.ssl.verification_mode=certificate
  87.  
  88.       - xpack.security.enabled=true
  89.       - xpack.security.http.ssl.enabled=true
  90.       - xpack.security.http.ssl.key=certs/es01/es01.key
  91.       - xpack.security.http.ssl.certificate=certs/es01/es01.crt
  92.       - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
  93.  
  94.       - xpack.security.transport.ssl.enabled=true
  95.       - xpack.security.transport.ssl.key=certs/es01/es01.key
  96.       - xpack.security.transport.ssl.certificate=certs/es01/es01.crt
  97.       - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
  98.       - xpack.security.transport.ssl.verification_mode=certificate
  99.  
  100.       - xpack.license.self_generated.type=${LICENSE}
  101.     mem_limit: ${MEM_LIMIT}
  102.     ulimits:
  103.       memlock:
  104.         soft: -1
  105.         hard: -1
  106.     healthcheck:
  107.       test:
  108.        [
  109.           "CMD-SHELL",
  110.           "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
  111.         ]
  112.       interval: 10s
  113.       timeout: 10s
  114.       retries: 120
  115.   kibana:
  116.     depends_on:
  117.       es01:
  118.         condition: service_healthy
  119.     image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
  120.     volumes:
  121.      - certs:/usr/share/kibana/config/certs
  122.       - kibanadata:/usr/share/kibana/data
  123.     ports:
  124.      - ${KIBANA_PORT}:5601
  125.     environment:
  126.      - SERVERNAME=kibana
  127.       - ELASTICSEARCH_HOSTS=https://es01:9200
  128.       - ELASTICSEARCH_USERNAME=kibana_system
  129.       - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
  130.       - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
  131.     mem_limit: ${MEM_LIMIT}
  132.     healthcheck:
  133.       test:
  134.        [
  135.           "CMD-SHELL",
  136.           "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
  137.         ]
  138.       interval: 10s
  139.       timeout: 10s
  140.       retries: 120
  141.  
  142. volumes:
  143.   certs:
  144.     driver: local
  145.   esdata01:
  146.     driver: local
  147.   kibanadata:
  148.     driver: local
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement