1. docker run -d -e "discovery.type=single-node" docker.elastic.co/elasticsearch/elasticsearch:7.10.1
2. docker exec -it stoic_darwin /bin/bash
3. In side the container executed # bin/elasticsearch-certutil ca
4. No password entered and exited from the container.
5. Copied the generated file to host system - docker cp stoic_darwin:/usr/share/elasticsearch/elastic-stack-ca.p12 .
6. Updated the docker-compose file as below.
version: '3'
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.10.1
container_name: elasticsearch
environment:
- node.name=elasticsearch
- discovery.seed_hosts=elasticsearch
- cluster.initial_master_nodes=elasticsearch
- cluster.name=docker-cluster
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- xpack.security.enabled=true
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.keystore.type=PKCS12
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.keystore.path=elastic-stack-ca.p12
- xpack.security.transport.ssl.truststore.path=elastic-stack-ca.p12
- xpack.security.transport.ssl.truststore.type=PKCS12
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- ./elastic-stack-ca.p12:/usr/share/elasticsearch/config/elastic-stack-ca.p12
- esdata1:/usr/share/elasticsearch/data
ports:
- 9200:9200
kibana:
image: docker.elastic.co/kibana/kibana:7.10.1
container_name: kibana
environment:
ELASTICSEARCH_URL: "http://elasticsearch:9200"
ELASTICSEARCH_USERNAME: "kibana"
ELASTICSEARCH_PASSWORD: "kibana"
ports:
- 5601:5601
depends_on:
- elasticsearch
volumes:
esdata1:
driver: local
7. # docker-compose up -d elasticsearch
8. But it fails with below errors.
elasticsearch | "at org.elasticsearch.xpack.core.ssl.SSLService.loadSSLConfigurations(SSLService.java:524) ~[?:?]",
elasticsearch | ElasticsearchSecurityException[failed to load SSL configuration [xpack.security.transport.ssl]]; nested: ElasticsearchException[failed to initialize SSL TrustManager - not permitted to read truststore file [/usr/share/elasticsearch/config/elastic-stack-ca.p12]]; nested: AccessDeniedException[/usr/share/elasticsearch/config/elastic-stack-ca.p12];
elasticsearch | Likely root cause: java.nio.file.AccessDeniedException: /usr/share/elasticsearch/config/elastic-stack-ca.p12
elasticsearch | at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:90)
elasticsearch | at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106)
elasticsearch | at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
elasticsearch | at java.base/sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:218)
elasticsearch | "at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:142) ~[?:?]",
elasticsearch | "at org.elasticsearch.xpack.core.XPackPlugin.createSSLService(XPackPlugin.java:455) ~[?:?]",
elasticsearch | "at org.elasticsearch.xpack.core.XPackPlugin.createComponents(XPackPlugin.java:288) ~[?:?]",
elasticsearch | "at org.elasticsearch.node.Node.lambda$new$15(Node.java:553) ~[elasticsearch-7.10.1.jar:7.10.1]",
elasticsearch | "at java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:271) ~[?:?]",
elasticsearch | "at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1625) ~[?:?]",
elasticsearch | "at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484) ~[?:?]",
elasticsearch | at java.base/java.nio.file.Files.newByteChannel(Files.java:375)
我相信要使用ELK启用基本身份验证,需要SSL证书来连接单个/多个集群。那么我该如何解决这个错误呢?
还有什么方法可以生成证书吗
Performed at step-3
bin/elasticsearch-setup-passwords interactive
(或者)如果有任何简单的方法可以通过docker compose启用身份验证,则会很有帮助。请帮我搬台阶。提前谢谢。
logstash
争先恐后地扔在地上。
logstash | [2021-01-27T06:27:42,365][ERROR][logstash.licensechecker.licensereader] Unable to retrieve license information from license server {:message=>"Got response code '401' contacting Elasticsearch at URL 'http://elasticsearch:9200/_xpack'"}
logstash | [2021-01-27T06:27:42,738][WARN ][logstash.licensechecker.licensereader] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://elasticsearch:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :error=>"Got response code '401' contacting Elasticsearch at URL 'http://elasticsearch:9200/'"}
logstash | [2021-01-27T06:28:12,358][ERROR][logstash.licensechecker.licensereader] Unable to retrieve license information from license server {:message=>"Got response code '401' contacting Elasticsearch at URL 'http://elasticsearch:9200/_xpack'"}
logstash | [2021-01-27T06:28:12,753][WARN ][logstash.licensechecker.licensereader] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://elasticsearch:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :error=>"Got response code '401' contacting Elasticsearch at URL 'http://elasticsearch:9200/'"}
logstash | [2021-01-27T06:28:42,366][ERROR][logstash.licensechecker.licensereader] Unable to retrieve license information from license server {:message=>"Got response code '401' contacting Elasticsearch at URL 'http://elasticsearch:9200/_xpack'"}
logstash | [2021-01-27T06:28:42,766][WARN ][logstash.licensechecker.licensereader] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://elasticsearch:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :error=>"Got response code '401' contacting Elasticsearch at URL 'http://elasticsearch:9200/'"}
在我的
logstash conf
文件
output section
已经提供了身份验证凭据。
output {
elasticsearch {
action => "index"
hosts => "http://elasticsearch:9200"
index => "project-info"
user => "elastic"
password => "password"
