The Elastic Stack, on Docker, right now.
Shell Makefile
Clone or download
fxdgear Don't Use PW in ENV vars and default SSL on (#39)
* Don't use passwords in ENV vars

* upgrade docker-compose file version
* upgrade elasticstack TAG
* use secrets instead of PW in ENV vars
    * Make it easy to use secrets
    * Don't teach people to use passwords in ENV vars
    * just as easy to use a docker secret as it is to use a bind mounted volume
* adding setup.yml to create
  1. passwords
  2. keystores
  3. certs

adding health checks

update the readme

turn off ssl for kibana endbpoint to avoid confusion for new users

* .env password is needed to seed the whole process, remove old docker image -platinum

* remove https from kibana, makes stack a bit easier to get started

* remove zip file and allow setp.yml to work with windows

* if env ELASTIC_PASSWORD not provided by user generate a pw.

Also updated to echo the pw for the user when the script finishes.

* undo changes to make file as they aren't needed anymore
update docs on readme for how to use and get the elastic password

* Make the makefile clean up more things.

* remove keystores
* do proper docker-compose down
* remove volumes and networks

make it fresh

* updated readme with more windows instructions re env vars

* use openssl to generate password

* Fix bug that causes logstash and kibana setup to get stuck.

Possible fixes: Use curl's `-u` flag for user:pass, or use hex instead
of base64 for `openssl rand`. I chose `curl -u`

The bug is that base64 includes `/`, so the `openssl rand -base64 16`
password could contain a `/` and make curl think that the username is
really the hostname:

```
curl 'https://elastic:nfAvKVigT7Bd7R60/o+1OQ==@elasticsearch:9200/'
curl: (6) Could not resolve host: elastic; Unknown error
```

The bug manifests as setup_logstash and setup_kibana getting stuck
waiting for Elasticsearch to be online, but never succeeds because the
curl invocation is wonky.

* force recreation of es keystore when running setup

* update readme with ways to set env vars in powershell

* more notes for windows users regarding path structure
Latest commit 898d08b Jul 13, 2018

README.md

stack-docker

This example Docker Compose configuration demonstrates many components of the Elastic Stack, all running on a single machine under Docker.

Prerequisites

  • Docker and Docker Compose.
    • Windows and Mac users get Compose installed automatically with Docker for Windows/Mac.

    • Linux users can read the install instructions or can install via pip:

pip install docker-compose
  • Windows Users must set the following 2 ENV vars:

    • COMPOSE_CONVERT_WINDOWS_PATHS=1
    • PWD=/path/to/checkout/for/stack-docker
      • for example I use the path: /c/Users/nick/elastic/stack-docker
      • Note: you're paths must be in the form of /c/path/to/place using C:\path\to\place will not work
    • You can set these two ways:
      1. Temporarily add an env var in powershell use: $Env:COMPOSE_CONVERT_WINDOWS_PATHS=1
      2. Permanently add an env var in powershell use: [Environment]::SetEnvironmentVariable("COMPOSE_CONVERT_WINDOWS_PATHS", "1", "Machine")

      Note: you will need to refresh or create a new powershell for this env var to take effect

      1. in System Properties add the environment variables.
  • At least 4GiB of RAM for the containers. Windows and Mac users must configure their Docker virtual machine to have more than the default 2 GiB of RAM:

Docker VM memory settings

Starting the stack

First we need to:

  1. set default password
  2. create keystores to store passwords
  3. install dashboards, index patterns, etc.. for beats and apm

This is accomplished using the setup.yml file:

docker-compose -f setup.yml up

Please take note after the setup completes it will output the password that is used for the elastic login.

Now we can launch the stack with docker-compose up -d to create a demonstration Elastic Stack with Elasticsearch, Kibana, Logstash, Auditbeat, Metricbeat, Filebeat, Packetbeat, and Heartbeat.

Point a browser at http://localhost:5601 to see the results.

NOTE: Elasticsearch is now setup with self-signed certs.

Log in with elastic and what ever your auto generated elastic password is from the setup.