115 lines
3.4 KiB
Plaintext
115 lines
3.4 KiB
Plaintext
docker network create elastic
|
|
|
|
|
|
|
|
# setup
|
|
docker run --rm -it \
|
|
--net elastic \
|
|
--env-file .env \
|
|
--name setup \
|
|
--user 0 \
|
|
-v certs:/usr/share/elasticsearch/config/certs \
|
|
--entrypoint bash \
|
|
elasticsearch:9.1.3
|
|
|
|
|
|
|
|
|
|
docker run -it --rm \
|
|
--net elastic \
|
|
--env-file .env \
|
|
--name es01 \
|
|
--label co.elastic.logs/module=elasticsearch \
|
|
-v certs:/usr/share/elasticsearch/config/certs \
|
|
-v esdata01:/usr/share/elasticsearch/data \
|
|
-p 9200:9200 \
|
|
--env node.name=es01 \
|
|
--env cluster.name=docker-cluster \
|
|
--env discovery.type=single-node \
|
|
--env ELASTIC_PASSWORD=lSsAwEE1t1MacY \
|
|
--env bootstrap.memory_lock=true \
|
|
--env xpack.security.enabled=true \
|
|
--env xpack.security.http.ssl.enabled=true \
|
|
--env xpack.security.http.ssl.key=certs/es01/es01.key \
|
|
--env xpack.security.http.ssl.certificate=certs/es01/es01.crt \
|
|
--env xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt \
|
|
--env xpack.security.transport.ssl.enabled=true \
|
|
--env xpack.security.transport.ssl.key=certs/es01/es01.key \
|
|
--env xpack.security.transport.ssl.certificate=certs/es01/es01.crt \
|
|
--env xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt \
|
|
--env xpack.security.transport.ssl.verification_mode=certificate \
|
|
--env xpack.license.self_generated.type=basic \
|
|
--memory=6gb \
|
|
--ulimit memlock=-1:-1 \
|
|
elasticsearch:9.1.3
|
|
|
|
نکتهها:
|
|
|
|
|
|
|
|
docker cp es01:/usr/share/elasticsearch/config/certs/ca/ca.crt .
|
|
docker cp elk_stack-es01-1:/usr/share/elasticsearch/config/certs/ca/ca.crt .
|
|
curl --cacert ./ca.crt -u elastic:lSsAwEE1t1MacY https://localhost:9200
|
|
|
|
|
|
|
|
|
|
docker run -it --rm \
|
|
--net elastic \
|
|
--env-file .env \
|
|
--name kibana \
|
|
--label co.elastic.logs/module=kibana \
|
|
-v certs:/usr/share/kibana/config/certs \
|
|
-v kibanadata:/usr/share/kibana/data \
|
|
-p 3112:5601 \
|
|
-e SERVERNAME=kibana \
|
|
-e ELASTICSEARCH_HOSTS=https://es01:9200 \
|
|
-e ELASTICSEARCH_USERNAME=kibana_system \
|
|
-e ELASTICSEARCH_PASSWORD=lSsAwEE1t1MacY \
|
|
-e ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt \
|
|
-e XPACK_SECURITY_ENCRYPTIONKEY=FvpPWhx2XNcOE5FC52sLFlPjNSXnpGapQuo4S9jMvO043nfLHpzOAcwwGd6KiBoP \
|
|
-e XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY=FvpPWhx2XNcOE5FC52sLFlPjNSXnpGapQuo4S9jMvO043nfLHpzOAcwwGd6KiBoP \
|
|
-e XPACK_REPORTING_ENCRYPTIONKEY=FvpPWhx2XNcOE5FC52sLFlPjNSXnpGapQuo4S9jMvO043nfLHpzOAcwwGd6KiBoP \
|
|
--memory 2073741824 \
|
|
kibana:9.1.3
|
|
|
|
|
|
# docker run -it --rm --name kib01 --net elastic -p 3112:5601 \
|
|
# -v certs:/usr/share/kibana/config/certs \
|
|
# -v kibanadata:/usr/share/kibana/data \
|
|
# kibana:9.1.3
|
|
|
|
|
|
|
|
|
|
|
|
|
|
docker run -it --rm --name filebeat \
|
|
--user root \
|
|
-v /var/lib/docker/volumes/elk_stack_certs/_data/ca/ca.crt:/usr/share/filebeat/certs/ca/ca.crt \
|
|
-v ./filebeatdata01:/usr/share/filebeat/data \
|
|
-v "./log/:/usr/share/filebeat/ingest_data/" \
|
|
-v "./filebeat.yml:/usr/share/filebeat/filebeat.yml:ro" \
|
|
--env-file .env \
|
|
--entrypoint bash --add-host=es01:host-gateway \
|
|
elastic/filebeat:9.1.3
|
|
|
|
|
|
|
|
filebeat -e --strict.perms=false
|
|
|
|
# https://www.elastic.co/docs/reference/beats/filebeat/filebeat-input-filestream#filebeat-input-filestream-ignore-older
|
|
|
|
|
|
|
|
docker run --rm -it \
|
|
-v $PWD/vector.yaml:/etc/vector/vector.yaml:ro \
|
|
-v "./log/:/var/log/" \
|
|
-v /var/lib/docker/volumes/elk_stack_certs/_data/ca/ca.crt:/certs/ca/ca.crt \
|
|
-p 3114:8686 \
|
|
--name vector \
|
|
--add-host=es01:host-gateway \
|
|
--env-file .env \
|
|
timberio/vector:0.49.0-debian
|
|
|