jrx/elastic.md

## elastic.md

      
    Raw
  

              elastic.md
            
          
    Install DC/OS Packages: Elastic + Kibana

Tested with: DC/OS Enterprise 1.12.3 - Strict Mode

Install the DC/OS Enterprise CLI

dcos package install dcos-enterprise-cli --cli --yes

Setup a Service Account for Elastic

dcos security org service-accounts keypair /tmp/elastic-private-key.pem /tmp/elastic-public-key.pem
dcos security org service-accounts create -p /tmp/elastic-public-key.pem -d "Elastic service account" elastic
dcos security secrets create-sa-secret --strict /tmp/elastic-private-key.pem elastic elastic/secret

Grant permissions to the Service Account

dcos security org users grant elastic 'dcos:mesos:master:framework:role:elastic-role' create
dcos security org users grant elastic 'dcos:mesos:master:reservation:role:elastic-role' create
dcos security org users grant elastic 'dcos:mesos:master:volume:role:elastic-role' create
dcos security org users grant elastic 'dcos:mesos:master:task:user:nobody' create
dcos security org users grant elastic 'dcos:mesos:master:reservation:principal:elastic' delete
dcos security org users grant elastic 'dcos:mesos:master:volume:principal:elastic' delete
dcos security org users grant elastic 'dcos:secrets:default:/elastic/*' full
dcos security org users grant elastic 'dcos:secrets:list:default:/elastic' read
dcos security org users grant elastic 'dcos:adminrouter:ops:ca:rw' full
dcos security org users grant elastic 'dcos:adminrouter:ops:ca:ro' full

Define the options that Elastic should get installed with. For this demo we will enable X-Pack and transport encryption. Additionally we'll configure a ingest node, that will receive the logs from Kubernetes.

cat <<EOF | tee /tmp/elastic.json
{
    "service": {
        "service_account": "elastic",
        "service_account_secret": "elastic/secret",
        "security": {
            "transport_encryption": {
                "enabled": true
            }
        }
    },
    "elasticsearch": {
      "xpack_enabled": true
    },
    "ingest_nodes": {
      "count": 1
    }  
}
EOF

Install Elastic

dcos package install elastic --package-version 2.5.0-6.3.2 --options /tmp/elastic.json

Configure Kibana with and point it to the Coordinator node for Elastic

cat <<EOF | tee /tmp/kibana.json
{
    "kibana": {
        "xpack_enabled": true,
        "elasticsearch_tls": true,
        "elasticsearch_url": "https://coordinator.elastic.l4lb.thisdcos.directory:9200"
    }
}
EOF

Install Kibana

dcos package install kibana --package-version 2.5.0-6.3.2 --options /tmp/kibana.json