LME icon indicating copy to clipboard operation
LME copied to clipboard

Published 20 hours ago verified publisher icon cisagov

Research simplifying installation using docker-compose

Open aarz-snl opened this issue 1 year ago • 3 comments

elastic container project has simplified an install of elasticsearch / kibana using a docker-compose.yml

https://github.com/peasead/elastic-container/blob/main/docker-compose.yml

cloning this code and running docker-compose up allows you to immediately be running an elastic stack with a fleet server.

Aside from even using the fleet server and other functionality this is using ( which I think could be a direction we go in ) I also think we could remove a lot of the logic in our deploy.sh by just building it into a docker-compose file and having the users run docker-compose up. For instance -- ALL cert generation logic can be replaced by just running the elasticsearch cert util in the container after its running with one simple command line and an instances.yml.

For additional items that need to be ran on the 'host' machine (i.e. checking the partition size) we could have a much smaller script than build.sh (something like setup.sh) that is ran after the services are healthy. So, think of an install script that looked like this:

#!/bin/bash

check_services_health() {
    while ! docker-compose ps | grep 'health: starting' > /dev/null; do
        if docker-compose ps | grep 'unhealthy' > /dev/null; then
            echo "Some services are unhealthy. Exiting."
            exit 1
        fi
        sleep 10
    done
}

docker-compose up -d

check_services_health

./setup.sh

This as a basic rough draft would run docker-compose up -d --- wait until services were healthy then run our setup.sh which could contain functions such as setting retention size.

Updates in this environment could be as simple has downloading the new docker-compose -- and running docker-compose -d up

aarz-snl avatar Jan 08 '24 20:01 aarz-snl

container project actually also has a .sh install script here:

https://github.com/peasead/elastic-container/blob/main/elastic-container.sh

Which does some of the configurations I was talking about with setup.sh -- see passphrase_reset and configure_kbn functions as good examples

We would need to modify the curl commands to actually use certs instead of using -k

aarz-snl avatar Jan 08 '24 20:01 aarz-snl

.env file can be used (as it is with container project) to avoid 'interactive' questions being asked during install. Users would just have to fill out the .env file before running the install.

aarz-snl avatar Jan 08 '24 21:01 aarz-snl

FYI docker-compose is deprecated, we should use Compose V2. Works the same way it's just docker compose now.

https://docs.docker.com/compose/migrate/. https://docs.docker.com/compose/install/linux/#install-using-the-repository

mitchelbaker-cisa avatar Apr 02 '24 21:04 mitchelbaker-cisa

We are using podman, quadlets, and ansible now.

cbaxley avatar Jul 10 '24 13:07 cbaxley

Andrew completed the work and Mikey branched off of it.

safiuddinr avatar Jul 25 '24 18:07 safiuddinr