github.com/voedger/voedger@v0.0.0-20240520144910-273e84102129/design/0-inv/20230207-elk-basics/docker-compose.yml (about) 1 version: "2.2" 2 3 services: 4 setup: 5 image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} 6 volumes: 7 - certs:/usr/share/elasticsearch/config/certs 8 user: "0" 9 command: > 10 bash -c ' 11 if [ x${ELASTIC_PASSWORD} == x ]; then 12 echo "Set the ELASTIC_PASSWORD environment variable in the .env file"; 13 exit 1; 14 elif [ x${KIBANA_PASSWORD} == x ]; then 15 echo "Set the KIBANA_PASSWORD environment variable in the .env file"; 16 exit 1; 17 fi; 18 if [ ! -f config/certs/ca.zip ]; then 19 echo "Creating CA"; 20 bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip; 21 unzip config/certs/ca.zip -d config/certs; 22 fi; 23 if [ ! -f config/certs/certs.zip ]; then 24 echo "Creating certs"; 25 echo -ne \ 26 "instances:\n"\ 27 " - name: es01\n"\ 28 " dns:\n"\ 29 " - es01\n"\ 30 " - localhost\n"\ 31 " ip:\n"\ 32 " - 127.0.0.1\n"\ 33 " - name: es02\n"\ 34 " dns:\n"\ 35 " - es02\n"\ 36 " - localhost\n"\ 37 " ip:\n"\ 38 " - 127.0.0.1\n"\ 39 " - name: es03\n"\ 40 " dns:\n"\ 41 " - es03\n"\ 42 " - localhost\n"\ 43 " ip:\n"\ 44 " - 127.0.0.1\n"\ 45 > config/certs/instances.yml; 46 bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key; 47 unzip config/certs/certs.zip -d config/certs; 48 fi; 49 echo "Setting file permissions" 50 chown -R root:root config/certs; 51 find . -type d -exec chmod 750 \{\} \;; 52 find . -type f -exec chmod 640 \{\} \;; 53 echo "Waiting for Elasticsearch availability"; 54 until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done; 55 echo "Setting kibana_system password"; 56 until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done; 57 echo "All done!"; 58 ' 59 healthcheck: 60 test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"] 61 interval: 1s 62 timeout: 5s 63 retries: 120 64 65 es01: 66 depends_on: 67 setup: 68 condition: service_healthy 69 image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} 70 volumes: 71 - certs:/usr/share/elasticsearch/config/certs 72 - esdata01:/usr/share/elasticsearch/data 73 ports: 74 - ${ES_PORT}:9200 75 environment: 76 - node.name=es01 77 - cluster.name=${CLUSTER_NAME} 78 - cluster.initial_master_nodes=es01,es02,es03 79 - discovery.seed_hosts=es02,es03 80 - ELASTIC_PASSWORD=${ELASTIC_PASSWORD} 81 - bootstrap.memory_lock=true 82 - xpack.security.enabled=true 83 - xpack.security.http.ssl.enabled=true 84 - xpack.security.http.ssl.key=certs/es01/es01.key 85 - xpack.security.http.ssl.certificate=certs/es01/es01.crt 86 - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt 87 - xpack.security.transport.ssl.enabled=true 88 - xpack.security.transport.ssl.key=certs/es01/es01.key 89 - xpack.security.transport.ssl.certificate=certs/es01/es01.crt 90 - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt 91 - xpack.security.transport.ssl.verification_mode=certificate 92 - xpack.license.self_generated.type=${LICENSE} 93 mem_limit: ${MEM_LIMIT} 94 ulimits: 95 memlock: 96 soft: -1 97 hard: -1 98 healthcheck: 99 test: 100 [ 101 "CMD-SHELL", 102 "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'", 103 ] 104 interval: 10s 105 timeout: 10s 106 retries: 120 107 108 es02: 109 depends_on: 110 - es01 111 image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} 112 volumes: 113 - certs:/usr/share/elasticsearch/config/certs 114 - esdata02:/usr/share/elasticsearch/data 115 environment: 116 - node.name=es02 117 - cluster.name=${CLUSTER_NAME} 118 - cluster.initial_master_nodes=es01,es02,es03 119 - discovery.seed_hosts=es01,es03 120 - bootstrap.memory_lock=true 121 - xpack.security.enabled=true 122 - xpack.security.http.ssl.enabled=true 123 - xpack.security.http.ssl.key=certs/es02/es02.key 124 - xpack.security.http.ssl.certificate=certs/es02/es02.crt 125 - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt 126 - xpack.security.transport.ssl.enabled=true 127 - xpack.security.transport.ssl.key=certs/es02/es02.key 128 - xpack.security.transport.ssl.certificate=certs/es02/es02.crt 129 - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt 130 - xpack.security.transport.ssl.verification_mode=certificate 131 - xpack.license.self_generated.type=${LICENSE} 132 mem_limit: ${MEM_LIMIT} 133 ulimits: 134 memlock: 135 soft: -1 136 hard: -1 137 healthcheck: 138 test: 139 [ 140 "CMD-SHELL", 141 "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'", 142 ] 143 interval: 10s 144 timeout: 10s 145 retries: 120 146 147 es03: 148 depends_on: 149 - es02 150 image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} 151 volumes: 152 - certs:/usr/share/elasticsearch/config/certs 153 - esdata03:/usr/share/elasticsearch/data 154 environment: 155 - node.name=es03 156 - cluster.name=${CLUSTER_NAME} 157 - cluster.initial_master_nodes=es01,es02,es03 158 - discovery.seed_hosts=es01,es02 159 - bootstrap.memory_lock=true 160 - xpack.security.enabled=true 161 - xpack.security.http.ssl.enabled=true 162 - xpack.security.http.ssl.key=certs/es03/es03.key 163 - xpack.security.http.ssl.certificate=certs/es03/es03.crt 164 - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt 165 - xpack.security.transport.ssl.enabled=true 166 - xpack.security.transport.ssl.key=certs/es03/es03.key 167 - xpack.security.transport.ssl.certificate=certs/es03/es03.crt 168 - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt 169 - xpack.security.transport.ssl.verification_mode=certificate 170 - xpack.license.self_generated.type=${LICENSE} 171 mem_limit: ${MEM_LIMIT} 172 ulimits: 173 memlock: 174 soft: -1 175 hard: -1 176 healthcheck: 177 test: 178 [ 179 "CMD-SHELL", 180 "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'", 181 ] 182 interval: 10s 183 timeout: 10s 184 retries: 120 185 186 kibana: 187 depends_on: 188 es01: 189 condition: service_healthy 190 es02: 191 condition: service_healthy 192 es03: 193 condition: service_healthy 194 image: docker.elastic.co/kibana/kibana:${STACK_VERSION} 195 volumes: 196 - certs:/usr/share/kibana/config/certs 197 - kibanadata:/usr/share/kibana/data 198 ports: 199 - ${KIBANA_PORT}:5601 200 environment: 201 - SERVERNAME=kibana 202 - ELASTICSEARCH_HOSTS=https://es01:9200 203 - ELASTICSEARCH_USERNAME=kibana_system 204 - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD} 205 - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt 206 mem_limit: ${MEM_LIMIT} 207 healthcheck: 208 test: 209 [ 210 "CMD-SHELL", 211 "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'", 212 ] 213 interval: 10s 214 timeout: 10s 215 retries: 120 216 217 volumes: 218 certs: 219 driver: local 220 esdata01: 221 driver: local 222 esdata02: 223 driver: local 224 esdata03: 225 driver: local 226 kibanadata: 227 driver: local 228