#!/bin/bash source "${AGENT_PATH}/common.sh" SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" # Check required environment variables _check_required_env_vars "CONTAINER_NAME" "ES_VERSION" "LS_VERSION" "KIBANA_VERSION" # Check Docker and Docker Compose are available _check_docker_installed || _die "Docker test failed" docker compose version >/dev/null 2>&1 || _die "Docker Compose is not installed (requires Docker Compose V2)" # Check vm.max_map_count for Elasticsearch current_max_map_count=$(sysctl -n vm.max_map_count 2>/dev/null || echo 0) if [ "$current_max_map_count" -lt 262144 ]; then echo "WARNING: vm.max_map_count is too low ($current_max_map_count)" echo "Elasticsearch requires at least 262144" echo "Please run: sudo sysctl -w vm.max_map_count=262144" echo "And add to /etc/sysctl.conf to persist" _die "System configuration needs adjustment" fi # Stop any existing containers bash ./stop.sh || true # Remove old containers docker compose down --remove-orphans 2>/dev/null || true # Pull the Docker images echo "Pulling ELK stack images..." docker pull docker.elastic.co/elasticsearch/elasticsearch:${ES_VERSION} || _die "Failed to pull Elasticsearch" docker pull docker.elastic.co/logstash/logstash:${LS_VERSION} || _die "Failed to pull Logstash" docker pull docker.elastic.co/kibana/kibana:${KIBANA_VERSION} || _die "Failed to pull Kibana" # Ensure config directory exists mkdir -p "${CONFIG_PATH}" # Initialize API keys file if it doesn't exist if [ ! -f "${CONFIG_PATH}/api-keys.yml" ]; then echo "No API keys configured yet." echo "Run ./generate-api-key.sh to add client keys" echo "api_keys:" > "${CONFIG_PATH}/api-keys.yml" fi # Copy Logstash configuration if it doesn't exist if [ ! -f "${CONFIG_PATH}/logstash.conf" ]; then SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" if [ -f "$SCRIPT_DIR/config/logstash.conf" ]; then cp "$SCRIPT_DIR/config/logstash.conf" "${CONFIG_PATH}/logstash.conf" echo "Copied Logstash configuration to ${CONFIG_PATH}" else echo "WARNING: logstash.conf not found in template" fi fi # Start the ELK stack echo "Starting ELK stack..." docker compose up -d --build || _die "Failed to start ELK stack" # Wait for services to be ready echo "Waiting for services to start..." sleep 10 # Check status bash ./status.sh || _die "Services failed to start properly" # Create custom user echo "Setting up custom user..." docker exec ${CONTAINER_NAME}_elasticsearch bash -c " until curl -s -u elastic:${ELASTIC_PASSWORD} http://localhost:9200/_cluster/health | grep -q '\"status\":\"yellow\"\|\"status\":\"green\"'; do sleep 2 done curl -X POST -u elastic:${ELASTIC_PASSWORD} \ -H 'Content-Type: application/json' \ http://localhost:9200/_security/user/${KIBANA_USERNAME:-admin} \ -d '{ \"password\" : \"${KIBANA_USER_PASSWORD:-changeme}\", \"roles\" : [ \"superuser\" ], \"full_name\" : \"Admin User\" }' 2>/dev/null || true " echo "Installation of ${CONTAINER_NAME} complete" echo "" echo "=========================================" echo "Kibana UI: ${SERVER_PUBLICBASEURL:-http://$(hostname -I | awk '{print $1}'):${KIBANA_PORT}}" echo "" echo "Login with your custom user:" echo " Username: ${KIBANA_USERNAME:-admin}" echo " Password: ${KIBANA_USER_PASSWORD:-changeme}" echo "" echo "Or the superuser:" echo " Username: elastic" echo " Password: ${ELASTIC_PASSWORD:-changeme}" echo "=========================================" echo "" echo "IMPORTANT: Update service.env with:" echo " - Your actual server IP/domain in SERVER_PUBLICBASEURL" echo " - A secure password in ELASTIC_PASSWORD" echo "" echo "Logstash listening on port ${LOGSTASH_BEATS_PORT} for Filebeat clients" echo "" echo "To add client authentication:" echo " ./generate-api-key.sh"