Title here
Summary here
Install Elasticsearch in a container
Local development installation (quickstart)
- https://www.elastic.co/docs/deploy-manage/deploy/self-managed/local-development-installation-quickstart
I extracted the relevant compose stuff from this script
# compose.yaml
services:
# --- elasticsearch
elasticsearch:
image: elastic/elasticsearch:9.1.5
container_name: elasticsearch
ports:
- 0.0.0.0:9200:9200
environment:
- discovery.type=single-node
- cluster.name=elasticsearch
- ELASTIC_PASSWORD=password
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=false
- xpack.license.self_generated.type=trial
- xpack.ml.use_auto_machine_memory_percent=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
volumes:
- elasticsearch:/usr/share/elasticsearch/data
healthcheck:
test: ["CMD-SHELL", "curl --output /dev/null --silent --head --fail -u elastic:password http://elasticsearch:9200"]
interval: 10s
timeout: 10s
retries: 30
ulimits:
memlock:
soft: -1
hard: -1
networks:
logging-net:
kibana:
image: elastic/kibana:9.1.5
container_name: kibana
depends_on:
elasticsearch:
condition: service_healthy
ports:
- 0.0.0.0:5601:5601
environment:
- ELASTICSEARCH_HOSTS=http://elasticsearch:9200
- ELASTICSEARCH_USERNAME=kibana_system
- ELASTICSEARCH_PASSWORD=[ kibana_system_password ]
- SERVER_PUBLICBASEURL=http://0.0.0.0:5601
- SERVER_ENCRYPTIONKEY=[ encryption_key ]
- XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY=[ encryption_key ]
- XPACK_REPORTING_ENCRYPTIONKEY=[ encryption_key ]
- XPACK_SECURITY_ENCRYPTIONKEY=[ encryption_key ]
healthcheck:
test: ["CMD-SHELL", "curl --output /dev/null --silent --head --fail http://localhost:5601/login"]
interval: 10s
timeout: 10s
retries: 60
networks:
logging-net:
kibana_settings:
depends_on:
elasticsearch:
condition: service_healthy
image: elastic/elasticsearch:9.1.5
container_name: kibana-local
restart: "no"
command: >
bash -c '
echo "Setting up kibana_system password";
start_time=$$(date +%s);
timeout=60;
until curl -s -u elastic:password -X POST http://elasticsearch:9200/_security/user/kibana_system/_password
-H "Content-Type: application/json"
-d "{\"password\": \"password\"}" | grep -q "{}"; do
elapsed_time=$$(($$(date +%s) - start_time));
if [ "$$elapsed_time" -ge "$$timeout" ]; then
echo "Error: Kibana system password setup timeout.";
exit 1;
fi;
sleep 2;
done;
echo "Kibana system password setup completed.";
'
networks:
logging-net:
# --- logstash
logstash:
image: elastic/logstash:9.1.5
container_name: logstash
volumes:
- ./logstash.conf:/usr/share/logstash/pipeline/logstash.conf:ro
ports:
- "5044:5044" # Beats (Filebeat)
- "5514:5514/udp" # Syslog (OPNsense)
- "5514:5514/tcp" # optional TCP syslog
environment:
- ELASTICSEARCH_HOST=elasticsearch:9200
networks:
- logging-net
# --- filebeat
filebeat:
image: elastic/filebeat:9.1.5
container_name: filebeat
user: root # needed to access /var/lib/containers or /var/lib/docker
restart: unless-stopped
# Mount host and container runtime logs
volumes:
# Filebeat config
- ./filebeat.yml:/usr/share/filebeat/filebeat.yml:ro
# Container logs (Docker or Podman)
- /var/lib/docker/containers:/var/lib/docker/containers:ro
- /var/log:/var/log:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
# Optional: Send output to stdout instead of Elasticsearch
command: [
"filebeat",
"-e", # log to stderr
"--strict.perms=false",
"-c",
"/usr/share/filebeat/filebeat.yml"
]
networks:
- logging-net
networks:
logging-net:
volumes:
elasticsearch:
driver: localGenerate the encryption key
Used for these variables
- SERVER_ENCRYPTIONKEY=[ encryption_key ]
- XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY=[ encryption_key ]
- XPACK_REPORTING_ENCRYPTIONKEY=[ encryption_key ]
- XPACK_SECURITY_ENCRYPTIONKEY=[ encryption_key ]openssl rand -hex 16Reset the kibana_system user password
docker exec -it elasticsearch bin/elasticsearch-reset-password -u kibana_system