Skip to content

Commit

Permalink
[WIP] Add a README
Browse files Browse the repository at this point in the history
  • Loading branch information
SwooshyCueb committed Jul 21, 2022
1 parent 84de099 commit caac826
Showing 1 changed file with 81 additions and 0 deletions.
81 changes: 81 additions & 0 deletions irods_audit_elk_stack/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
# iRODS Audit Demonstration ELK Stack Container

This is an ELK-like stack container used for demonstrating the
[audit rule engine plugin](https://github.com/irods/irods_rule_engine_plugin_audit_amqp>) for
[iRODS](https://irods.org/)

## CAVEAT EMPTOR

While some effort has been taken to ensure this container lives up to certain standards of quality,
it is by no means production-ready.
This is by design.
The express purpose of this container is to demonstrate the audit rule engine plugin,
not to serve as an example of a properly configured ELK stack for use in production environments.
Case in point:
Elasticstack security is explicitly disabled,
and the Python script standing in for Logstash was not written with performance or resilience in mind.

## Container Contents

### Overview

This Ubuntu Focal-based container contains Elasticsearch 8, Kibana 8, RabbitMQ (with AMQP 1.0 plugin and management plugin), and a Python daemon that was specifically written for this demonstration to stand in for an AMQP 1.0-capable Logstash.

RabbitMQ receives AMQP 1.0 messages containing JSON data from the audit plugin. The Python daemon takes the messages from RabbitMQ, does a little type conversion in the JSON, and puts the information in Elasticsearch. Kibana is configured with a sample dashboard that displays extracted metrics from the data in Elasticsearch.

Other than the Ubuntu release itself and the major versions for Temurin, Elasticsearch, and Kibana, the Dockerfile does not specify specific versions of software to be used; therefore, packages can be updated to their latest versions by simply rebuilding the docker image without cache.

### Credentials

RabbitMQ is configured with an administrator account with username `test` and password `test`.
Security is explicitly disabled in Elasticsearch. No credentials are required for Kibana.

### Relevant Ports

| Port | Description |
| ------: | :------------------------------------------------------------------------------------ |
| `5672` | RabbitMQ listens on this port for AMQP 1.0 (and AMQP 0-9-1) clients |
| `15672` | RabbitMQ management plugin listens on this port for web browsers and HTTP API clients |
| `5601` | Kibana listens on this port for web browsers and REST API clients |

### Details

#### JVM

The JDK/JRE used in this container is the [Temurin 17](https://adoptium.net/temurin) with the Hotspot JVM.

The decision not to use Elasticsearch's bundled JDK/JRE was made for two reasons:
- To de-bloat the container image. Having multiple JDK/JRE installations uses a lot of space.
- To get everything using the same JDK/JRE installation.

Temurin was chosen over the distro-provided JDK/JRE for a couple of reasons:
- The Hotspot AdoptOpenJDK flavor of JVM handles memory pressure very well.
- The AdoptOpenJDK flavors of JVM work well in containers.

Instead of using the [Eclipse-provided Focal-based Temurin 17 docker image](https://hub.docker.com/_/eclipse-temurin?tab=tags&page=1&name=17-jre-focal) <sub>[[Dockerfile](https://github.com/adoptium/containers/blob/main/17/jre/ubuntu/focal/Dockerfile.releases.full)]</sub> for our base, we use the JDK debian package from [Adoptium's apt repository](https://adoptium.net/installation/linux#_deb_installation_on_debian_or_ubuntu), as the JDK/JRE in the Eclipse-provided containers is not set up to work properly with [Ubuntu/Debian's `java-common` system](https://manpages.debian.org/buster/java-common/update-java-alternatives.8.en.html).

#### RabbitMQ

The [`rabbitmq_amqp1_0`](https://github.com/rabbitmq/rabbitmq-server/tree/master/deps/rabbitmq_amqp1_0) and [`rabbitmq_management`](https://github.com/rabbitmq/rabbitmq-server/tree/master/deps/rabbitmq_management) plugins are enabled. The `test` administrator account is created in the Dockerfile.
The RabbitMQ installation is otherwise vanilla with default configuration.

#### Elasticsearch

#### Kibana

#### Logstash Stand-In Python Script

## Updating This Container



## README TODO

- ES java heap size argument for container entrypoint script
- init scripts
- Elasticsearch details
- Kibana details
- not-logstash details
- Updating the container
- Updating the `ndjson`
- how to run container

0 comments on commit caac826

Please sign in to comment.