What's the best way of creating a keystore with Dockerized Logstash?

Hi, we are currently wrestling with the problem of how to create a keystore for use with dockerized logstash.

I have seen one solution in the forum already: How to use keystore in Dockerized logstash?, however we do not want to bake the keystore into the image because we need different keystores in different environments, and we don't want to have to rebuild the image for each one. Additionally, as the author of the post also mentions, the image would have to be rebuilt every time the keystore had to change.

An appropriate solution seem to have the keystore outside of the docker container, using a bind mount. This way we can created the keystore on a per environment basis without having to rebuild the image.

The one problem with this approach, however, is that there appears to be a specific tool to create the keystore that comes with elastic, logstash-keystore. Since we have logstash in a docker container, we don't really want to have to also then install elastic/logstash on the host itself. But it seems we might have to do this temporarily to have access to logstash-keystore in order to create the keystore externally to the container.

Is this in fact the correct approach, and if not, can someone please recommend a better way?



For anyone else with this question, the approach we are taking is to bind-mount the full /usr/share/logstash/config directory and then to run the logstash-keystore command from within the container (using docker run). There's no need to install logstash-keystore externally, on the host itself.

This is broadly similar to the method outlined for Elasticsearch itself, as documented here:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.