diff options
Diffstat (limited to 'doc/telemetry.md')
-rw-r--r-- | doc/telemetry.md | 44 |
1 files changed, 10 insertions, 34 deletions
diff --git a/doc/telemetry.md b/doc/telemetry.md index b34cfc8..968b1e4 100644 --- a/doc/telemetry.md +++ b/doc/telemetry.md @@ -1,13 +1,6 @@ -# create elasticsearch folders on all nodes - -```bash -mkdir -p /mnt/ssd/telemetry/es_data/nodes -chown 1000 /mnt/ssd/telemetry/es_data/nodes -``` - # generate ca and tls certs for elasticsearch cluster -start a `bash` in an elasticsearch image, such as `docker.elastic.co/elasticsearch/elasticsearch:7.17.0`: `docker run -ti docker.elastic.co/elasticsearch/elasticsearch:7.17.0 bash` +start a `bash` in an elasticsearch image, such as `docker.elastic.co/elasticsearch/elasticsearch:8.2.0`: `docker run -ti docker.elastic.co/elasticsearch/elasticsearch:8.2.0 bash` generate a ca and node certs: @@ -16,46 +9,29 @@ generate a ca and node certs: ./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 ``` -copy `elastic-certificates.p12` to `/mnt/ssd/telemetry/es_data` in all nodes, and chown it: +write these files in Consul at `secrets/telemetry/elasticsearch/elastic-certificates.p12` and `secrets/telemetry/elasticsearch/elastic-stack-ca.p12` + +# start nomad services ```bash -chown 1000 /mnt/ssd/telemetry/es_data/elastic-certificates.p12 +nomad run telemetry-system.hcl +nomad run telemetry.hcl ``` # create elasticsearch passwords -in elasticsearch container +in an elasticsearch container that was launched by Nomad: ```bash -./bin/elasticsearch-setup-passwords auto +./bin/elasticsearch-reset-password -u elastic +./bin/elasticsearch-reset-password -u kibana ``` save passwords in consul, at: -- `secrets/telemetry/elastic_passwords/apm_system` for user `apm_system` - `secrets/telemetry/elastic_passwords/kibana_system` for user `kibana_system` - `secrets/telemetry/elastic_passwords/elastic` for user `elastic` check kibana works, login to kibana with user `elastic` -# create role and user for apm - -create role `apm_writer`, give privileges: - -- cluster privileges `manage_ilm`, `read_ilm`, `manage_ingest_pipelines`, `manage_index_templates` -- on index `apm-*` privileges `create_doc`, `create_index`, `view_index_metadata`, `manage` -- on index `apm-*sourcemap` privilege `read_cross_cluster` - -create user `apm` with roles `apm_writer` and `apm_system`. give it a randomly generated password that you save in `secrets/telemetry/elastic_passwords/apm` - -check apm data is ingested correctly (visible in kibana) - -# create role and user for grafana - -create role `grafana`, give privileges: - -- on index `apm-*` privileges `read` and `view_index_metadata` - -create user `grafana` with role `grafana`. give it a randomly generated password that you save in `secrets/telemetry/elastic_passwords/grafana` - -check grafana works +grafana and apm-server will use the elastic user (the admin) to write data to elasticsearch |