From 9cae8c8fc2fc3486edb80a135ecfed02fb6840a3 Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Wed, 4 May 2022 16:27:46 +0200 Subject: Update telemetry to ES 8.2.0 and simplify config a bit --- doc/telemetry.md | 44 ++++++++++---------------------------------- 1 file changed, 10 insertions(+), 34 deletions(-) (limited to 'doc') diff --git a/doc/telemetry.md b/doc/telemetry.md index b34cfc8..968b1e4 100644 --- a/doc/telemetry.md +++ b/doc/telemetry.md @@ -1,13 +1,6 @@ -# create elasticsearch folders on all nodes - -```bash -mkdir -p /mnt/ssd/telemetry/es_data/nodes -chown 1000 /mnt/ssd/telemetry/es_data/nodes -``` - # generate ca and tls certs for elasticsearch cluster -start a `bash` in an elasticsearch image, such as `docker.elastic.co/elasticsearch/elasticsearch:7.17.0`: `docker run -ti docker.elastic.co/elasticsearch/elasticsearch:7.17.0 bash` +start a `bash` in an elasticsearch image, such as `docker.elastic.co/elasticsearch/elasticsearch:8.2.0`: `docker run -ti docker.elastic.co/elasticsearch/elasticsearch:8.2.0 bash` generate a ca and node certs: @@ -16,46 +9,29 @@ generate a ca and node certs: ./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 ``` -copy `elastic-certificates.p12` to `/mnt/ssd/telemetry/es_data` in all nodes, and chown it: +write these files in Consul at `secrets/telemetry/elasticsearch/elastic-certificates.p12` and `secrets/telemetry/elasticsearch/elastic-stack-ca.p12` + +# start nomad services ```bash -chown 1000 /mnt/ssd/telemetry/es_data/elastic-certificates.p12 +nomad run telemetry-system.hcl +nomad run telemetry.hcl ``` # create elasticsearch passwords -in elasticsearch container +in an elasticsearch container that was launched by Nomad: ```bash -./bin/elasticsearch-setup-passwords auto +./bin/elasticsearch-reset-password -u elastic +./bin/elasticsearch-reset-password -u kibana ``` save passwords in consul, at: -- `secrets/telemetry/elastic_passwords/apm_system` for user `apm_system` - `secrets/telemetry/elastic_passwords/kibana_system` for user `kibana_system` - `secrets/telemetry/elastic_passwords/elastic` for user `elastic` check kibana works, login to kibana with user `elastic` -# create role and user for apm - -create role `apm_writer`, give privileges: - -- cluster privileges `manage_ilm`, `read_ilm`, `manage_ingest_pipelines`, `manage_index_templates` -- on index `apm-*` privileges `create_doc`, `create_index`, `view_index_metadata`, `manage` -- on index `apm-*sourcemap` privilege `read_cross_cluster` - -create user `apm` with roles `apm_writer` and `apm_system`. give it a randomly generated password that you save in `secrets/telemetry/elastic_passwords/apm` - -check apm data is ingested correctly (visible in kibana) - -# create role and user for grafana - -create role `grafana`, give privileges: - -- on index `apm-*` privileges `read` and `view_index_metadata` - -create user `grafana` with role `grafana`. give it a randomly generated password that you save in `secrets/telemetry/elastic_passwords/grafana` - -check grafana works +grafana and apm-server will use the elastic user (the admin) to write data to elasticsearch -- cgit v1.2.3