docker-compose를 통한 elk 설치
1) 깃허브에서 다운로드를 한다.
- /usr/local/bin/docker-compose 경로에 다운
$ sudo curl -L "https://github.com/docker/compose/releases/download/1.22.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
$ sudo git clone https://github.com/deviantony/docker-elk
|
2) 경로로 이동
| $ cd /usr/local/bin/docker-elk |
3) docker-compose.yml 파일 편집
| $ sudo vi docker-compose.yml |
| version: '3.2' services: elasticsearch: build: context: elasticsearch/ args: ELK_VERSION: $ELK_VERSION volumes: - type: bind source: ./elasticsearch/config/elasticsearch.yml target: /usr/share/elasticsearch/config/elasticsearch.yml read_only: true - type: volume source: elasticsearch target: /usr/share/elasticsearch/data ports: - "9200:9200" - "9300:9300" environment: ES_JAVA_OPTS: "-Xmx256m -Xms256m" ELASTIC_PASSWORD: changeme # Use single node discovery in order to disable production mode and avoid bootstrap checks # see https://www.elastic.co/guide/en/elasticsearch/reference/current/bootstrap-checks.html discovery.type: single-node networks: - elk logstash: build: context: logstash/ args: ELK_VERSION: $ELK_VERSION volumes: - type: bind source: ./logstash/config/logstash.yml target: /usr/share/logstash/config/logstash.yml read_only: true - type: bind source: ./logstash/pipeline target: /usr/share/logstash/pipeline read_only: true ports: - "5000:5000/tcp" - "5000:5000/udp" - "9600:9600" environment: LS_JAVA_OPTS: "-Xmx256m -Xms256m" networks: - elk depends_on: - elasticsearch kibana: build: context: kibana/ args: ELK_VERSION: $ELK_VERSION volumes: - type: bind source: ./kibana/config/kibana.yml target: /usr/share/kibana/config/kibana.yml read_only: true ports: - "5601:5601" networks: - elk depends_on: - elasticsearch networks: elk: driver: bridge volumes: elasticsearch: |
4) 자바 메모리를 변경하자.
- 글쓴이는 256m -> 1024m로 변경함.
| ES_JAVA_OPTS: "-Xmx1024m -Xms1024m" LS_JAVA_OPTS: "-Xmx1024m -Xms1024m" |
5) 빌드하자.
| $ sudo docker-compose build && docker-compose up -d |
Security 적용
1) /usr/local/bin/docker-elk/elasticsearch/config로 이동하고 elasticsearch.yml 편집
| $ cd /usr/local/bin/docker-elk/elasticsearch/config $ sudo vi elasticsearch.yml |
2) xpack.security.authc.api_key.enabled: true로 설정
| ## Default Elasticsearch configuration from Elasticsearch base image. ## https://github.com/elastic/elasticsearch/blob/master/distribution/docker/src/docker/config/elasticsearch.yml # cluster.name: "docker-cluster" network.host: 0.0.0.0 ## X-Pack settings ## see https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-xpack.html # xpack.license.self_generated.type: trial xpack.security.enabled: true xpack.monitoring.collection.enabled: true |
3) /usr/local/bin/docker-elk/kibana/config로 이동하고 kibana.yml 편집
| $ cd /usr/local/bin/docker-elk/kibana/config $ sudo vi kibana.yml |
4) password 수정, session시간, 암호화키 생성
- elasticsearch.password: changeme (default값) ->변경
- xpack.security.encryptionKey : "elasticsearch_security_key__char" -> 32자리
- xpack.security.sessionTimeout: 600000 -> 세션 설정 30분
| --- ## Default Kibana configuration from Kibana base image. ## https://github.com/elastic/kibana/blob/master/src/dev/build/tasks/os_packages/docker_generator/templates/kibana_yml.template.js # server.name: kibana server.host: "0" elasticsearch.hosts: [ "http://elasticsearch:9200" ] xpack.monitoring.ui.container.elasticsearch.enabled: true ## X-Pack security credentials # elasticsearch.username: elastic elasticsearch.password: changeme xpack.security.encryptionKey: "elasticsearch_security_key__char" xpack.security.sessionTimeout: 600000 |
5) elasticsearch 재시작, kibana 재시작
$ sudo docker restart docker_elasticsearch
$ sudo docker restart docker_kibana
|
http://localhost:9200 접속
http://localhost:5601 접속
usernamer과 password login 후 사용하면 된다.
잘사용된다.
다음엔 username/password 로그인 사용이 아닌 api key로 접속하는 글을 작성해보겠다.
댓글
댓글 쓰기