This documentation assumes that you have a working LogSearch deployment and that bosh_cli is pointed at the right director.
$ bosh download manifest $logsearch_deployment_name > ~/workspace/logsearch.ymlNOTE: At the moment you can get working LogSearch-for-CloudFoundry release by cloning Git repository and creating bosh release from it.
Example:
$ git clone https://github.com/cloudfoundry-community/logsearch-for-cloudfoundry.git $ cd logsearch-for-cloudfoundry $ git submodule update --init --recursive $ bosh create release
$ bosh upload releaseLogsearch-for-CloudFoundry provides kibana plugin to ask the user for credentials and perform an OAuth handshake with the CloudFoundry UAA server before serving requests. The plugin can be added to the standalone Kibana deployed as part of the Logsearch release. If you are choosing to proceed with a standalone Kibana and enable the authentication in it, then use templates/stub.logsearch-for-cf.standalone-kibana-with-auth.yml stub and customise it with your deploy settings:
$ vim templates/stub.logsearch-for-cf.standalone-kibana-with-auth.yml
$ scripts/generate_deployment_manifest ~/workspace/logsearch.yml templates/stub.logsearch-for-cf.standalone-kibana-with-auth.yml > ~/workspace/logsearch-with-logsearch-for-cf.ymlThere is a possibility to deploy Kibana as a CloudFoundry application. Deployed Kibana will already include the authentication plugin providing UAA OAuth. To enable this feature use templates/stub.logsearch-for-cf.cf-kibana.yml stub and customise it with your deploy settings.
NOTE: If you choose to deploy Kibana as a CF application, then, most probably, you don't need to have a standalone Kibana instance anymore (one deployed in Logsearch release). You can disable it in
~/workspace/logsearch.yml:jobs: ... - instances: 0 name: kibana ...
$ vim templates/stub.logsearch-for-cf.cf-kibana.yml
$ scripts/generate_deployment_manifest ~/workspace/logsearch.yml templates/stub.logsearch-for-cf.cf-kibana.yml > ~/workspace/logsearch-with-logsearch-for-cf.yml$ bosh deployment ~/workspace/logsearch-with-logsearch-for-cf.yml
$ bosh deployIf you have chosen to deploy a standalone Kibana with UAA authentication enabled, then you should additionally run create-uaa-client errand task after the deploy:
$ bosh run errand create-uaa-clientIf you have chosen to deploy Kibana as a CF app, then you should additionally run cf-kibana errand task after the deploy:
$ bosh run errand cf-kibanaNOTE: Before running the job, make sure to create a security group in your CF which you pass as
cf-kibana.cloudfoundry.api_security_group:[ { "protocol": "tcp", "destination": "MY_CF_API_IP", "ports": "80-443", "log": true } ]
To upload Kibana saved objects, run upload-kibana-objects errand task after deploy:
$ bosh run errand upload-kibana-objects$ bosh run errand smoke-testsproperties:
syslog_daemon_config:
address: ls-router-static-ip
port: 5514
transport: tcp # default is udp. Check your security groups: port + transport should be open If you've chosen to enable UAA Authentication in Kibana, then make sure to include your ELK URI(s) to the whitelist of URIs that UAA uses to redirect after logout. Update login.logout.* properites in your CF deployment like the following:
properties:
...
login:
logout:
redirect:
url: /login
parameter:
disable: false
whitelist:
- https://my_kibana_domain/login
- http://my_kibana_domain/login
...
NOTE: If you skip this step, the UAA authentication will still be working in Kibana, but your ability to get automatically redirected to the Kibana home page after logout will be lost. Read more about the redirect feature if necessary.
If you meet any problems with deployment after you have finished, please double check common issues section first - there you can find a clue for your problem.