Add docker config for elasticsearch and logstash

Elasticsearch is the chosen DB to store wforce reports long-term.
Reports arrive via Logstash, using the UDP input. Logstash acts
as a NamedReportSink for wforce.
Kibana support in the Docker config is onoing due to issues with
performance on MacOS. Currently the kibana config stores the json
for a bunch of pre-configured views and dashboards for wforce data.

docker/.gitignore

@@ -0,0 +1,2 @@
+# Ignore .docker file
+/.docker

docker/Makefile.am

@@ -0,0 +1,43 @@
+DCMP = docker-compose
+COMPOSE_SOURCE = docker-compose.yml elasticsearch/Dockerfile logstash/Dockerfile logstash/config/logstash.conf 
+COMPOSE_TARGET = .docker
+ES_DATA_DIR = elasticsearch/data-dir
+GEOIP_FILENAME = GeoLite2-City.mmdb
+GEOIP_FILE_GZ = logstash/geoip/$(GEOIP_FILENAME).gz
+GEOIP_FILE = logstash/geoip/$(GEOIP_FILENAME)
+
+$(GEOIP_FILE_GZ):
+	wget -N -O $(GEOIP_FILE_GZ) http://geolite.maxmind.com/download/geoip/database/$(GEOIP_FILENAME).gz
+
+$(GEOIP_FILE): $(GEOIP_FILE_GZ)
+	gunzip -c $(GEOIP_FILE_GZ) >$(GEOIP_FILE)
+
+$(COMPOSE_TARGET): $(COMPOSE_SOURCE) $(GEOIP_FILE)
+	$(DCMP) down
+	$(DCMP) build
+	touch $(COMPOSE_TARGET)
+
+build_image: $(COMPOSE_TARGET)
+
+start:
+	$(DCMP) up -d
+
+stop:
+	$(DCMP) stop
+
+kill:
+	$(DCMP) kill
+
+clean_elastic: stop
+	rm -rf $(ES_DATA_DIR)/*
+	rm $(COMPOSE_TARGET)
+
+clean_geoip:
+	rm -rf logstash/geoip/*
+
+clean_docker:
+	docker-compose down
+
+clean: clean_docker clean_geoip clean_elastic
+
+all: build_image start

docker/docker-compose.yml

@@ -0,0 +1,30 @@
+version: '2'
+services:
+  logstash:
+    build: logstash
+    ports:
+      - "14501:4501/udp"
+    command: -f /etc/logstash/conf.d/
+    volumes:
+      - ./logstash/config:/etc/logstash/conf.d
+      - ./logstash/geoip:/etc/logstash/geoip
+      - ./logstash/templates:/tmp/templates
+    links:
+      - elasticsearch
+    depends_on:
+      - elasticsearch
+    networks:
+      - docker_elk
+  elasticsearch:
+    build: elasticsearch
+    volumes:
+      - ./elasticsearch/data-dir:/usr/share/elasticsearch/data
+    ports:
+      - "9200:9200"
+      - "9300:9300"
+    networks:
+      - docker_elk
+
+networks:
+  docker_elk:
+    driver: bridge

docker/elasticsearch/Dockerfile

@@ -0,0 +1,3 @@
+FROM elasticsearch:5.2
+ENV ES_JAVA_OPTS="-Des.path.conf=/etc/elasticsearch"
+CMD ["-E", "network.host=_site_", "-E", "discovery.zen.minimum_master_nodes=1"]

docker/elasticsearch/data-dir/.gitignore

@@ -0,0 +1,2 @@
+# Ignore everything under this directory
+/nodes

docker/logstash/Dockerfile

@@ -0,0 +1,9 @@
+FROM logstash:5
+
+RUN wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.mmdb.gz
+RUN gunzip GeoLite2-City.mmdb.gz
+RUN mv GeoLite2-City.mmdb /etc/logstash/GeoLiteCity.dat
+
+RUN logstash-plugin install logstash-input-udp
+RUN logstash-plugin install logstash-output-elasticsearch
+RUN logstash-plugin install logstash-filter-geoip

docker/logstash/config/logstash.conf

@@ -0,0 +1,19 @@
+input {
+    udp {
+	port => 4501
+	codec => json
+	type => wforce_report
+    }
+}
+filter {
+    geoip {
+    	database => "/etc/logstash/geoip/GeoLite2-City.mmdb"
+        source => "remote"
+    }
+ }
+output {
+    elasticsearch {
+        hosts => "elasticsearch:9200"
+	index => "logstash-wforce-%{+YYYY.MM.dd}"
+    }
+}

docker/logstash/geoip/.gitignore

@@ -0,0 +1,2 @@
+# Ignore GeoIP files
+/*mmdb*