forked from Deuxfleurs/nixcfg
37 lines
1.1 KiB
Markdown
37 lines
1.1 KiB
Markdown
# generate ca and tls certs for elasticsearch cluster
|
|
|
|
start a `bash` in an elasticsearch image, such as `docker.elastic.co/elasticsearch/elasticsearch:8.2.0`: `docker run -ti docker.elastic.co/elasticsearch/elasticsearch:8.2.0 bash`
|
|
|
|
generate a ca and node certs:
|
|
|
|
```bash
|
|
./bin/elasticsearch-certutil ca
|
|
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
|
|
```
|
|
|
|
write these files in Consul at `secrets/telemetry/elasticsearch/elastic-certificates.p12` and `secrets/telemetry/elasticsearch/elastic-stack-ca.p12`
|
|
|
|
# start nomad services
|
|
|
|
```bash
|
|
nomad run telemetry-system.hcl
|
|
nomad run telemetry.hcl
|
|
```
|
|
|
|
# create elasticsearch passwords
|
|
|
|
in an elasticsearch container that was launched by Nomad:
|
|
|
|
```bash
|
|
./bin/elasticsearch-reset-password -u elastic
|
|
./bin/elasticsearch-reset-password -u kibana
|
|
```
|
|
|
|
save passwords in consul, at:
|
|
|
|
- `secrets/telemetry/elastic_passwords/kibana_system` for user `kibana_system`
|
|
- `secrets/telemetry/elastic_passwords/elastic` for user `elastic`
|
|
|
|
check kibana works, login to kibana with user `elastic`
|
|
|
|
grafana and apm-server will use the elastic user (the admin) to write data to elasticsearch
|