grab latest log server and dashboard open source images
docker pull elasticsearch:8.13.0 docker pull kibana:8.13.0 docker pull elasticsearch:7.17.19 docker pull kibana:7.17.19 docker images
start clean
docker rm -f kibana docker rm -f elastic docker volume rm elastic-data
tune kernel
# https://www.elastic.co/guide/en/elasticsearch/reference/8.13/_maximum_map_count_check.html # https://www.elastic.co/guide/en/elasticsearch/reference/8.13/docker.html echo vm.max_map_count = 262144 >> /etc/sysctl.conf sysctl -p
prepare a dedicated volume
docker volume create elastic-data
launch the indexing instance and map the data volume
app=elastic
ver=8.13.0
ver=7.17.19
docker run -d --name $app -h $app \
-e discovery.type=single-node \
-v elastic-data:/usr/share/elasticsearch/data \
-p 9200:9200 \
elasticsearch:$ver
docker ps -a | grep $app
docker logs $app
more options
#-p 9300:9300 \
#-e xpack.security.enabled=true \
#-e xpack.security.enrollment.enabled=true \
#-e "ES_JAVA_OPTS=-Xms512m -Xmx512m" \
#--net elastic \
#-v /data/elastic-data:/usr/share/elasticsearch/data \
#-m 3GB \
[when xpack is enabled] eventually define an elk user, password and startup token
docker exec -it $app /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic docker exec -it $app /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana
now you should have both indexing and dashboard listening
netstat -lntup # 9200 indexing # 9300 cluster # 5601 dashboard
check that the dashboard can reach the indexing service from the docker host
password=PASSWORD-HERE # w/o xpack curl -s http://localhost:9200 | jq # w/ xpack curl -s https://localhost:9200 -u elastic:$password | jq
launch the dashboard instance
app=kibana
ver=8.13.0
ver=7.17.19
# http vs. https
docker run -d --name $app -h $app \
--link elastic:elastic \
-e ELASTICSEARCH_HOSTS=http://elastic:9200 \
-p 5601:5601 \
kibana:$ver
docker ps -a | grep $app
docker logs $app
#-e elasticsearch.username=elastic \
#-e elasticsearch.password="$password" \
more options
#--net elastic \
then from within the kibana container
docker exec -ti $app bash curl -i elastic:9200 ^D
if you need to further tweak the thing, it would be good to share that one
/usr/share/elasticsearch/config/
finally reach the UI
ssh elastic7 -L 5601:localhost:5601 ssh elastic8 -L 5602:localhost:5601 http://localhost:5601/ http://localhost:5602/
MASQUERADE: Warning: Extension MASQUERADE revision 0 not supported, missing kernel module? iptables v1.8.9 (nf_tables): RULE_INSERT failed (No such file or directory): rule in chain POSTROUTING
==> update your kernel (here custom 5.16.20.domU to debian 6.1.0-18-cloud)
[WARN ][config.deprecation] The default mechanism for Reporting privileges will work differently in future versions, which will affect the behavior of this cluster. Set "xpack.reporting.roles.enabled" to "false" to adopt the future behavior before upgrading.
==> trying -e “xpack.reporting.roles.enabled=false”
while trying -e xpack.reporting.roles.enabled=false
unknown setting [xpack.reporting.roles.enabled] please check that any required plugins are installed, or check the breaking changes documentation for removed settings
ERROR: [xpack.security.enrollment.enabled] must be set to `true` to create an enrollment token, with exit code 78
==> trying “-e xpack.security.enrollment.enabled=true”
https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html
https://www.elastic.co/guide/en/elasticsearch/guide/current/running-elasticsearch.html
https://www.elastic.co/guide/en/elasticsearch/reference/7.5/docker.html
https://www.elastic.co/guide/en/kibana/7.17/docker.html
https://apollin.com/elasticsearch-kibana-docker-custom-ports/
https://devpress.csdn.net/elastic/630264c77e66823466197b0c.html