From 1631fe2d63f28dadfd67bae6163635e2b4506d7c Mon Sep 17 00:00:00 2001 From: Gavin Williams Date: Tue, 12 Feb 2019 15:06:52 +0000 Subject: [PATCH 1/4] Add setup script for 'apm-server' --- docker-compose.setup.yml | 5 +++-- docker-compose.yml | 2 +- scripts/setup-apm-server.sh | 39 +++++++++++++++++++++++++++++++++++++ 3 files changed, 43 insertions(+), 3 deletions(-) create mode 100755 scripts/setup-apm-server.sh diff --git a/docker-compose.setup.yml b/docker-compose.setup.yml index 50acaea..fe76862 100644 --- a/docker-compose.setup.yml +++ b/docker-compose.setup.yml @@ -117,10 +117,11 @@ services: image: docker.elastic.co/apm/apm-server:${TAG} container_name: setup_apm_server user: root - command: ['/bin/bash', '-c', 'cat /usr/local/bin/setup-beat.sh | tr -d "\r" | bash -s apm-server'] + command: ['/bin/bash', '-c', 'cat /usr/local/bin/setup-apm-server.sh | tr -d "\r" | bash'] + working_dir: '/config' volumes: - './config:/config' - - './scripts/setup-beat.sh:/usr/local/bin/setup-beat.sh:ro' + - './scripts/setup-apm-server.sh:/usr/local/bin/setup-apm-server.sh:ro' - './config/apm-server/apm-server.yml:/usr/share/apm-server/apm-server.yml' - './config/ssl/ca/ca.crt:/usr/share/apm-server/certs/ca/ca.crt' environment: ['ELASTIC_PASSWORD=${ELASTIC_PASSWORD}'] diff --git a/docker-compose.yml b/docker-compose.yml index 346dd61..9cbbf26 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -230,7 +230,7 @@ services: - source: ca.crt target: /usr/share/apm-server/certs/ca/ca.crt volumes: - - './scripts/setup-beat.sh:/usr/local/bin/setup-beat.sh:ro' + - './scripts/setup-apm-server.sh:/usr/local/bin/setup-apm-server.sh:ro' depends_on: ['elasticsearch', 'kibana'] healthcheck: test: curl --cacert /usr/share/elasticsearch/config/certs/ca/ca.crt -s https://localhost:8200/healthcheck >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi diff --git a/scripts/setup-apm-server.sh b/scripts/setup-apm-server.sh new file mode 100755 index 0000000..ea57f56 --- /dev/null +++ b/scripts/setup-apm-server.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +set -euo pipefail + +cacert=/usr/share/apm-server/certs/ca/ca.crt +# Wait for ca file to exist before we continue. If the ca file doesn't exist +# then something went wrong. +while [ ! -f $cacert ] +do + sleep 2 +done +ls -l $cacert + +es_url=https://elasticsearch:9200 +# Wait for Elasticsearch to start up before doing anything. +while [[ "$(curl -u "elastic:${ELASTIC_PASSWORD}" --cacert $cacert -s -o /dev/null -w '%{http_code}' $es_url)" != "200" ]]; do + sleep 5 +done + +# Set the password for the apm_system user. +# REF: https://www.elastic.co/guide/en/x-pack/6.0/setting-up-authentication.html#set-built-in-user-passwords +until curl -u "elastic:${ELASTIC_PASSWORD}" --cacert $cacert -s -H 'Content-Type:application/json' \ + -XPUT $es_url/_xpack/security/user/apm_system/_password \ + -d "{\"password\": \"${ELASTIC_PASSWORD}\"}" +do + sleep 2 + echo Retrying... +done + + +echo "=== CREATE Keystore ===" +if [ -f /config/apm-server/apm-server.keystore ]; then + echo "Remove old apm-server.keystore" + rm /config/apm-server/apm-server.keystore +fi +echo "y" | /usr/share/apm-server/apm-server keystore create +echo "Setting ELASTIC_PASSWORD..." +echo "$ELASTIC_PASSWORD" | /usr/share/apm-server/apm-server keystore add 'ELASTIC_PASSWORD' --stdin +mv /usr/share/apm-server/config/apm-server.keystore /config/apm-server/apm-server.keystore From ce82eee713e411e3b82e6ce8a8692a3a01cb3b00 Mon Sep 17 00:00:00 2001 From: Gavin Williams Date: Tue, 12 Feb 2019 17:08:53 +0000 Subject: [PATCH 2/4] Remove working_dir --- docker-compose.setup.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/docker-compose.setup.yml b/docker-compose.setup.yml index fe76862..f128424 100644 --- a/docker-compose.setup.yml +++ b/docker-compose.setup.yml @@ -118,7 +118,6 @@ services: container_name: setup_apm_server user: root command: ['/bin/bash', '-c', 'cat /usr/local/bin/setup-apm-server.sh | tr -d "\r" | bash'] - working_dir: '/config' volumes: - './config:/config' - './scripts/setup-apm-server.sh:/usr/local/bin/setup-apm-server.sh:ro' From 8bf4ac6ac1468106c65657d4ec3f8ea325ef2697 Mon Sep 17 00:00:00 2001 From: Gavin Williams Date: Tue, 12 Feb 2019 17:09:48 +0000 Subject: [PATCH 3/4] Tweak 'setup-apm-server' script to make it work... --- scripts/setup-apm-server.sh | 48 ++++++++++++++----------------------- 1 file changed, 18 insertions(+), 30 deletions(-) diff --git a/scripts/setup-apm-server.sh b/scripts/setup-apm-server.sh index ea57f56..d577610 100755 --- a/scripts/setup-apm-server.sh +++ b/scripts/setup-apm-server.sh @@ -2,38 +2,26 @@ set -euo pipefail -cacert=/usr/share/apm-server/certs/ca/ca.crt -# Wait for ca file to exist before we continue. If the ca file doesn't exist -# then something went wrong. -while [ ! -f $cacert ] -do - sleep 2 +until curl -s "http://kibana:5601/login" | grep "Loading Kibana" > /dev/null; do + echo "Waiting for kibana..." + sleep 5 done -ls -l $cacert -es_url=https://elasticsearch:9200 -# Wait for Elasticsearch to start up before doing anything. -while [[ "$(curl -u "elastic:${ELASTIC_PASSWORD}" --cacert $cacert -s -o /dev/null -w '%{http_code}' $es_url)" != "200" ]]; do - sleep 5 -done - -# Set the password for the apm_system user. -# REF: https://www.elastic.co/guide/en/x-pack/6.0/setting-up-authentication.html#set-built-in-user-passwords -until curl -u "elastic:${ELASTIC_PASSWORD}" --cacert $cacert -s -H 'Content-Type:application/json' \ - -XPUT $es_url/_xpack/security/user/apm_system/_password \ - -d "{\"password\": \"${ELASTIC_PASSWORD}\"}" -do - sleep 2 - echo Retrying... -done +# apm-server.yml needs to be owned by root +chown root /usr/share/apm-server/apm-server.yml +echo "Creating keystore..." +echo "y" | /usr/share/apm-server/apm-server keystore create --force -echo "=== CREATE Keystore ===" -if [ -f /config/apm-server/apm-server.keystore ]; then - echo "Remove old apm-server.keystore" - rm /config/apm-server/apm-server.keystore -fi -echo "y" | /usr/share/apm-server/apm-server keystore create -echo "Setting ELASTIC_PASSWORD..." +echo "Adding ELASTIC_PASSWORD to keystore..." echo "$ELASTIC_PASSWORD" | /usr/share/apm-server/apm-server keystore add 'ELASTIC_PASSWORD' --stdin -mv /usr/share/apm-server/config/apm-server.keystore /config/apm-server/apm-server.keystore +/usr/share/apm-server/apm-server keystore list + +echo "Setting up dashboards..." +# Load the sample dashboards for APM. +# REF: https://www.elastic.co/guide/en/apm/server/current/load-kibana-dashboards.html +/usr/share/apm-server/apm-server setup --dashboards + +echo "Copy keystore to ./config dir" +mv /usr/share/apm-server/apm-server.keystore /config/apm-server/apm-server.keystore +chown 1000:1000 /config/apm-server/apm-server.keystore From 7803fa0d08dfadf1f4a98f34c8fa42129ce4b158 Mon Sep 17 00:00:00 2001 From: Gavin Williams Date: Tue, 12 Feb 2019 17:10:01 +0000 Subject: [PATCH 4/4] Slooowww down beats... --- scripts/setup-beat.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/setup-beat.sh b/scripts/setup-beat.sh index 57d6458..7e202e2 100755 --- a/scripts/setup-beat.sh +++ b/scripts/setup-beat.sh @@ -6,7 +6,7 @@ beat=$1 until curl -s "http://kibana:5601/login" | grep "Loading Kibana" > /dev/null; do echo "Waiting for kibana..." - sleep 1 + sleep 5 done chmod go-w /usr/share/$beat/$beat.yml