読者です 読者をやめる 読者になる 読者になる

Elasticsearch + Kibana 5.0のDockerImage

www.elastic.co

ここ最近、会社のログ収集基盤周りばかりと向き合っているので、 上記エントリを参考に手元のKitematicで5.0-betaを起動するところまでの記録です。

環境: MacOS El Capitan 10.11.6, VirtualBox 5.0.16, Docker Kitematic 0.10.0, boot2docker 1.10.3

エントリ通り、以下のdocker-compose.ymlを用意。

---
version: '2'
services:
  kibana:
    image: docker.elastic.co/kibana/kibana
    links:
      - elasticsearch
    ports:
      - 5601:5601

  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch
    cap_add:
      - IPC_LOCK
    volumes:
      - esdata1:/usr/share/elasticsearch/data
    ports:
      - 9200:9200
    environment:
      - -Xms2g
      - -Xmx2g

volumes:
  esdata1:
    driver: local  

できたら、コマンド一発で起動するはずが、Elasticsearch側コンテナでエラー

 % docker-compose up
・・・
elasticsearch_1 | max virtual memory areas vm.max_map_count [65530] likely too low, increase to at least [262144]
elasticsearch_1 | [2016-09-24T13:34:47,265][INFO ][o.e.n.Node               ] [RaJ4T2F] stopping ...
elasticsearch_1 | [2016-09-24T13:34:47,343][INFO ][o.e.n.Node               ] [RaJ4T2F] stopped
elasticsearch_1 | [2016-09-24T13:34:47,344][INFO ][o.e.n.Node               ] [RaJ4T2F] closing ...
elasticsearch_1 | [2016-09-24T13:34:47,383][INFO ][o.e.n.Node               ] [RaJ4T2F] closed
・・・

docker-machineのカーネルパラメータを変更する必要があります。(https://github.com/elastic/elasticsearch-docker)

docker-machine ssh
sudo sysctl -w vm.max_map_count=262144

デフォルト設定としたいなら、/etc/sysctl.confに書いときます。

再度起動コマンドを実行。

% docker-compose up
・・・
elasticsearch_1 | [2016-09-24T14:05:07,637][WARN ][o.e.d.s.g.GroovyScriptEngineService] [groovy] scripts are deprecated, use [painless] scripts instead
・・・
kibana_1        | {"type":"log","@timestamp":"2016-09-24T14:05:21Z","tags":["status","plugin:elasticsearch@5.0.0-beta1","info"],"pid":6,"state":"green","message":"Status changed from red to green - Kibana index ready","prevState":"red","prevMsg":"Elasticsearch is still initializing the kibana index."}
kibana_1        | {"type":"log","@timestamp":"2016-09-24T14:05:21Z","tags":["status","ui settings","info"],"pid":6,"state":"green","message":"Status changed from red to green - Ready","prevState":"red","prevMsg":"Elasticsearch plugin is red"}
kibana_1        | {"type":"log","@timestamp":"2016-09-24T14:05:21Z","tags":["license","info","xpack"],"pid":6,"message":"Imported license information from Elasticsearch: mode: trial | status: active | expiry date: 2016-10-23T17:22:33+00:00"}
kibana_1        | {"type":"log","@timestamp":"2016-09-24T14:05:21Z","tags":["status","plugin:xpack_main@5.0.0-beta1","info"],"pid":6,"state":"green","message":"Status changed from red to green - Ready","prevState":"red","prevMsg":"Elasticsearch is still initializing the kibana index."}
kibana_1        | {"type":"log","@timestamp":"2016-09-24T14:05:21Z","tags":["status","plugin:graph@5.0.0-beta1","info"],"pid":6,"state":"green","message":"Status changed from red to green - Ready","prevState":"red","prevMsg":"Elasticsearch is still initializing the kibana index."}
kibana_1        | {"type":"log","@timestamp":"2016-09-24T14:05:21Z","tags":["status","plugin:reporting@5.0.0-beta1","info"],"pid":6,"state":"green","message":"Status changed from red to green - Ready","prevState":"red","prevMsg":"Elasticsearch is still initializing the kibana index."}
kibana_1        | {"type":"log","@timestamp":"2016-09-24T14:05:21Z","tags":["status","plugin:security@5.0.0-beta1","info"],"pid":6,"state":"green","message":"Status changed from red to green - Ready","prevState":"red","prevMsg":"Elasticsearch is still initializing the kibana index."}
kibana_1        | {"type":"log","@timestamp":"2016-09-24T14:05:21Z","tags":["status","plugin:monitoring@5.0.0-beta1","info"],"pid":6,"state":"green","message":"Status changed from red to green - Ready","prevState":"red","prevMsg":"Elasticsearch is still initializing the Monitoring indices"}
・・・

groovyはdeprecatedで、painlessを使っていきましょうよというメッセージが。

先日のElastic社のブログで触れられていたPainlessというElasticsearch組み込みスクリプトのこと。

www.elastic.co

あとは、上記起動メッセージから、5.0から標準内臓のX-Packプラギンがロードされていることが確認できます。

ともかく正常に起動できてそうなので、http://192.168.99.100:5601にアクセス(192.168.99.100はdocker-machineのipアドレス)

すると、Shieldの認証フォームが。デフォルトの認証情報でログインします。

f:id:ujun:20160924232704p:plain

おお、なんかKibana4までしか触ったことがないとちょっと感動するくらい様変わりしたUIだ。。

せっかくなので、Painless書いてみるかと思っているところ。