-
docker-compose를 통한 elk 설치 + security 적용또니 개발 일기/ELK(elasticsearch+logstash+kibana) 2020. 3. 4. 11:32
docker-compose를 통한 elk 설치
1) 깃허브에서 다운로드를 한다.
- /usr/local/bin/docker-compose 경로에 다운
$ sudo curl -L "https://github.com/docker/compose/releases/download/1.22.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
$ sudo git clone https://github.com/deviantony/docker-elk
2) 경로로 이동
$ cd /usr/local/bin/docker-elk 3) docker-compose.yml 파일 편집
$ sudo vi docker-compose.yml version: '3.2'
services:
elasticsearch:
build:
context: elasticsearch/
args:
ELK_VERSION: $ELK_VERSION
volumes:
- type: bind
source: ./elasticsearch/config/elasticsearch.yml
target: /usr/share/elasticsearch/config/elasticsearch.yml
read_only: true
- type: volume
source: elasticsearch
target: /usr/share/elasticsearch/data
ports:
- "9200:9200"
- "9300:9300"
environment:
ES_JAVA_OPTS: "-Xmx256m -Xms256m"
ELASTIC_PASSWORD: changeme
# Use single node discovery in order to disable production mode and avoid bootstrap checks
# see https://www.elastic.co/guide/en/elasticsearch/reference/current/bootstrap-checks.html
discovery.type: single-node
networks:
- elk
logstash:
build:
context: logstash/
args:
ELK_VERSION: $ELK_VERSION
volumes:
- type: bind
source: ./logstash/config/logstash.yml
target: /usr/share/logstash/config/logstash.yml
read_only: true
- type: bind
source: ./logstash/pipeline
target: /usr/share/logstash/pipeline
read_only: true
ports:
- "5000:5000/tcp"
- "5000:5000/udp"
- "9600:9600"
environment:
LS_JAVA_OPTS: "-Xmx256m -Xms256m"
networks:
- elk
depends_on:
- elasticsearch
kibana:
build:
context: kibana/
args:
ELK_VERSION: $ELK_VERSION
volumes:
- type: bind
source: ./kibana/config/kibana.yml
target: /usr/share/kibana/config/kibana.yml
read_only: true
ports:
- "5601:5601"
networks:
- elk
depends_on:
- elasticsearch
networks:
elk:
driver: bridge
volumes:
elasticsearch:4) 자바 메모리를 변경하자.
- 글쓴이는 256m -> 1024m로 변경함.
ES_JAVA_OPTS: "-Xmx1024m -Xms1024m"
LS_JAVA_OPTS: "-Xmx1024m -Xms1024m"5) 빌드하자.
$ sudo docker-compose build && docker-compose up -d Security 적용
1) /usr/local/bin/docker-elk/elasticsearch/config로 이동하고 elasticsearch.yml 편집
$ cd /usr/local/bin/docker-elk/elasticsearch/config
$ sudo vi elasticsearch.yml2) xpack.security.authc.api_key.enabled: true로 설정
## Default Elasticsearch configuration from Elasticsearch base image.
## https://github.com/elastic/elasticsearch/blob/master/distribution/docker/src/docker/config/elasticsearch.yml
#
cluster.name: "docker-cluster"
network.host: 0.0.0.0
## X-Pack settings
## see https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-xpack.html
#
xpack.license.self_generated.type: trial
xpack.security.enabled: true
xpack.monitoring.collection.enabled: true3) /usr/local/bin/docker-elk/kibana/config로 이동하고 kibana.yml 편집
$ cd /usr/local/bin/docker-elk/kibana/config
$ sudo vi kibana.yml4) password 수정, session시간, 암호화키 생성
- elasticsearch.password: changeme (default값) ->변경
- xpack.security.encryptionKey : "elasticsearch_security_key__char" -> 32자리
- xpack.security.sessionTimeout: 600000 -> 세션 설정 30분
---
## Default Kibana configuration from Kibana base image.
## https://github.com/elastic/kibana/blob/master/src/dev/build/tasks/os_packages/docker_generator/templates/kibana_yml.template.js
#
server.name: kibana
server.host: "0"
elasticsearch.hosts: [ "http://elasticsearch:9200" ]
xpack.monitoring.ui.container.elasticsearch.enabled: true
## X-Pack security credentials
#
elasticsearch.username: elastic
elasticsearch.password: changeme
xpack.security.encryptionKey: "elasticsearch_security_key__char"
xpack.security.sessionTimeout: 6000005) elasticsearch 재시작, kibana 재시작
$ sudo docker restart docker_elasticsearch
$ sudo docker restart docker_kibana
http://localhost:9200 접속
http://localhost:5601 접속
usernamer과 password login 후 사용하면 된다.
잘사용된다.
다음엔 username/password 로그인 사용이 아닌 api key로 접속하는 글을 작성해보겠다.
'또니 개발 일기 > ELK(elasticsearch+logstash+kibana)' 카테고리의 다른 글
ELK Security 적용(elasticsearch api key) (0) 2020.03.06 docker + elk(elasticsearch + logstash + kibana) 설치하는 법 (0) 2020.02.19