WIP ElasticSearch running

a-h-abid · Oct 9, 2024 · 4a5bae0 · 4a5bae0
1 parent 4306d0b
commit 4a5bae0
Show file tree

Hide file tree

Showing 5 changed files with 84 additions and 17 deletions.
diff --git a/elasticsearch/.example.env b/elasticsearch/.example.env
@@ -1,17 +1,17 @@
 discovery.type=single-node
 bootstrap.memory_lock=true
-ES_JAVA_OPTS=-Xms512m -Xmx512m
+ES_JAVA_OPTS=-Xms1g -Xmx1g
 node.name=elasticsearch
 cluster.name=es-cluster
 ELASTIC_PASSWORD=secret
 xpack.security.enabled=true
 xpack.security.http.ssl.enabled=true
-xpack.security.http.ssl.key=/usr/share/elasticsearch/config/certificates/elasticsearch/elasticsearch.key
-xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/certificates/ca/ca.crt
-xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/certificates/elasticsearch/elasticsearch.crt
+xpack.security.http.ssl.key=/usr/share/elasticsearch/config/certs/elasticsearch/elasticsearch.key
+xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/certs/ca/ca.crt
+xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/certs/elasticsearch/elasticsearch.crt
 xpack.security.http.ssl.client_authentication=optional
 xpack.security.transport.ssl.enabled=true
 xpack.security.transport.ssl.verification_mode=certificate
-xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/certificates/ca/ca.crt
-xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/certificates/elasticsearch/elasticsearch.crt
-xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/certificates/elasticsearch/elasticsearch.key
+xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/certs/ca/ca.crt
+xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/certs/elasticsearch/elasticsearch.crt
+xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/certs/elasticsearch/elasticsearch.key
diff --git a/elasticsearch/certs/.gitignore b/elasticsearch/certs/.gitignore
@@ -0,0 +1,2 @@
+*
+!.gitignore
diff --git a/elasticsearch/compose.elasticsearch.example.yaml b/elasticsearch/compose.elasticsearch.example.yaml
@@ -1,8 +1,6 @@
 volumes:
   elasticsearch-data:
     driver: local
-  elasticsearch-logs:
-    driver: local
 
 services:
   elasticsearch:
@@ -15,18 +13,15 @@ services:
           - common-elasticsearch
     volumes:
       - elasticsearch-data:/usr/share/elasticsearch/data/
-      - elasticsearch-logs:/usr/share/elasticsearch/logs/
-      - ../.commons/certs/elasticsearch:/usr/share/elasticsearch/config/certificates/elasticsearch
-      - ../.commons/certs/ca:/usr/share/elasticsearch/config/certificates/ca
+      - ./certs:/usr/share/elasticsearch/config/certs
+    deploy:
+      resources:
+        limits:
+          memory: 1GB
     ulimits:
       nofile:
         soft: 65536
         hard: 65536
       memlock:
         soft: -1
         hard: -1
-    healthcheck:
-      test: curl --cacert /usr/share/elasticsearch/config/certificates/ca/ca.crt -s https://localhost:9200 > /dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi
-      interval: 30s
-      timeout: 10s
-      retries: 5
diff --git a/elasticsearch/readme.md b/elasticsearch/readme.md
@@ -0,0 +1,37 @@
+# ElasticSearch
+
+Elasticsearch is commonly used for log analytics, full-text search, security intelligence, business analytics, and operational intelligence use cases.
+
+## Usage
+
+*P.S.* Usage approach may change in different version. Do check updated process here: [Install Elastic with Docker](https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html)
+
+1. When starting the elasticsearch container for first time, view the log to get the elastic password that it auto generates. We store this password in the env `ELASTIC_PASSWORD`. If need to regenerate, run: `docker compose exec elasticsearch /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic`
+1. For kibana, run: `docker compose exec elasticsearch /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic`
+
+
+
+
+
+
+
+bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
+unzip config/certs/ca.zip -d config/certs;
+
+
+echo -ne \
+"instances:\n"\
+"  - name: elasticsearch\n"\
+"    dns:\n"\
+"      - elasticsearch\n"\
+"      - common-elasticsearch\n"\
+"      - localhost\n"\
+"    ip:\n"\
+"      - 127.0.0.1\n"\
+> config/certs/instances.yml;
+
+bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
+unzip config/certs/certs.zip -d config/certs;
+
+
+
diff --git a/elasticsearch/setup.sh b/elasticsearch/setup.sh
@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+
+set -e
+
+cp --update=none .example.env .env
+cp --update=none compose.elasticsearch.example.yaml compose.elasticsearch.yaml
+
+COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-common}
+
+if [ ! -f certs/instances.yml ]; then
+  echo -ne \
+  "instances:\n"\
+  "  - name: elasticsearch\n"\
+  "    dns:\n"\
+  "      - elasticsearch\n"\
+  "      - common-elasticsearch\n"\
+  "      - localhost\n"\
+  "    ip:\n"\
+  "      - 127.0.0.1\n"\
+  > certs/instances.yml
+fi
+
+if [ ! -f certs/ca.zip ]; then
+  docker compose -f compose.elasticsearch.yaml -f ../compose.networks.yaml run --rm elasticsearch bash -c 'bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip && unzip -q config/certs/ca.zip -d config/certs'
+  echo 'ElasticSearch: CA Files Created!'
+fi
+
+if [ ! -f certs/certs.zip ]; then
+  docker compose -f compose.elasticsearch.yaml -f ../compose.networks.yaml run --rm elasticsearch bash -c 'bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key && unzip -q config/certs/certs.zip -d config/certs'
+  echo 'ElasticSearch: Cert Files Created!'
+fi
+
+echo 'ElasticSearch: Ready to start!!!'