Elasticsearch Docker Compose not starting - how to?

Question

I've been trying for days to understand a problem I am having while using Docker in comparison to use Docker-Compose to bring up Elasticsearch Platinum + Kibana. ES Non platinum images work fine. ES Platinum images in the other hand, only works if I execute docker commands by the prompt. By trying to do the same by using docker-compose it fails.

When I run this code below from the Docker command line everything works fine. Both applications ES platinum and Kibana go up fine and work properly.

docker run -p 32669:9200 -p 32670:9300 -e "discovery.type=single-node" --network=elastic -e ELASTICSEARCH_USERNAME=elastic -e ELASTIC_PASSWORD=MagicWord --name elasticsearch docker.elastic.co/elasticsearch/elasticsearch-platinum:6.2.4

docker run --network=elastic --link elasticsearch:ELK -e ELASTICSEARCH_USER="elastic" -e ELASTICSEARCH_PASSWORD="MagicWord" -p 5601:5601 --name kibana docker.elastic.co/kibana/kibana:6.2.4

The code above works fine.

However, if I try the same thing using docker-compose with the code below, it does not work. I have tried to modify the code below several times by adding features or parameters and it does not work no matter what.

    version: '3.4'

services:
  dockerexample2linux:
    image: ${DOCKER_REGISTRY}dockerexample2linux
    build:
      context: .
      dockerfile: DockerExample2Linux/Dockerfile

  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch-platinum:6.2.4
    container_name: elasticsearch
    environment:
      - "discovery.type=single-node"
      - ELASTICSEARCH_USERNAME=elastic
      - ELASTICSEARCH_PASSWORD=MagicWord
      - xpack.security.enabled=true
    ports:
      - 32769:9200
      - 32770:9300
    networks:
      - elastic

  kibana:
    image: docker.elastic.co/kibana/kibana:6.2.4
    container_name: kibana
    environment:
      - ELASTICSEARCH_URL="http://elasticsearch:9200"
      - ELASTICSEARCH_USERNAME=elastic
      - ELASTICSEARCH_PASSWORD=MagicWord
      - xpack.security.enabled=true
    links:
      - elasticsearch
    ports: 
      - 5601:5601
    networks: 
      - elastic
    depends_on: 
      - elasticsearch  

networks:
  elastic:
      driver: bridge

When I look to the logs, It looks like that it's a simple authentication problem in ES. In some attempts the log for ES will display

[2018-04-26T17:30:25,936][INFO ][o.e.p.PluginsService     ] [t7dKNK-] loaded plugin [x-pack-upgrade]
[2018-04-26T17:30:25,936][INFO ][o.e.p.PluginsService     ] [t7dKNK-] loaded plugin [x-pack-watcher]
[2018-04-26T17:30:30,340][INFO ][o.e.x.m.j.p.l.CppLogMessageHandler] [controller/127] [Main.cc@128] controller (64 bit): Version 6.2.4 (Build 524e7fe231abc1) Copyright (c) 2018 Elasticsearch BV
[2018-04-26T17:30:33,012][INFO ][o.e.d.DiscoveryModule    ] [t7dKNK-] using discovery type [single-node]
[2018-04-26T17:30:34,759][INFO ][o.e.n.Node               ] initialized
[2018-04-26T17:30:34,759][INFO ][o.e.n.Node               ] [t7dKNK-] starting ...
[2018-04-26T17:30:35,047][INFO ][o.e.t.TransportService   ] [t7dKNK-] publish_address {172.22.0.2:9300}, bound_addresses {0.0.0.0:9300}
[2018-04-26T17:30:35,244][INFO ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [t7dKNK-] publish_address {172.22.0.2:9200}, bound_addresses {0.0.0.0:9200}
[2018-04-26T17:30:35,244][INFO ][o.e.n.Node               ] [t7dKNK-] started
[2018-04-26T17:30:35,504][INFO ][o.e.g.GatewayService     ] [t7dKNK-] recovered [0] indices into cluster_state
[2018-04-26T17:30:36,396][INFO ][o.e.l.LicenseService     ] [t7dKNK-] license [7f1ed0cc-554a-4f52-9b21-464168696d88] mode [trial] - valid
[2018-04-26T17:30:45,002][INFO ][o.e.c.m.MetaDataCreateIndexService] [t7dKNK-] [.monitoring-es-6-2018.04.26] creating index, cause [auto(bulk api)], templates [.monitoring-es], shards [1]/[0], mappings [doc]
[2018-04-26T17:30:45,330][INFO ][o.e.c.m.MetaDataCreateIndexService] [t7dKNK-] [.watches] creating index, cause [auto(bulk api)], templates [.watches], shards [1]/[0], mappings [doc]
[2018-04-26T17:30:45,511][INFO ][o.e.c.r.a.AllocationService] [t7dKNK-] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.monitoring-es-6-2018.04.26][0], [.watches][0]] ...]).
[2018-04-26T17:30:45,546][INFO ][o.e.x.w.WatcherService   ] [t7dKNK-] paused watch execution, reason [new local watcher shard allocation ids], cancelled [0] queued tasks
[2018-04-26T17:30:45,640][INFO ][o.e.c.m.MetaDataMappingService] [t7dKNK-] [.watches/a6-gyBmRTzSuvCU7MzyL2A] update_mapping [doc]
[2018-04-26T17:30:45,668][INFO ][o.e.c.m.MetaDataMappingService] [t7dKNK-] [.watches/a6-gyBmRTzSuvCU7MzyL2A] update_mapping [doc]
[2018-04-26T17:30:58,743][INFO ][o.e.x.s.a.AuthenticationService] [t7dKNK-] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]

In some attempts, the Kibana error log shows:

{"type": "log", "@ timestamp": "2018-04-26T17: 40: 34Z", "tags": "license", "warning" "message": "License information from the X-Pack plugin could not be obtained from Elasticsearch for the [data] cluster. [security_exception] failed to authenticate user [elastic], with {header = {WWW-Authenticate = \" Basic realm = \\\ "security \\\" charset = \\\ "UTF-8 \\\" \ "}} :: {\" path \ ": \" / _ xpack \ ", \" statusCode \ ": 401 , \ "response \": \ "{\\\" error \\\ ": {\\\" root_cause \\\ ": [{\\\" type \\\ ": \\\" security_exception \\ \ ", \\\" reason \\\ ": \\\" failed to authenticate user [elastic] \\\ ", \\\" header \\\ ": {\\\" WWW-Authenticate \\\ ": \\\" Basic realm = \\\\\\\ "security \\\\\\\" charset = \\\\\\\ "UTF-8 \\\\\\\" \\\ "\ n" ", \\\" failed \ "\" \ "\" \ "\" \ "\" , \\\ "header \\\": {\\\ "WWW-Authenticate \\\": \\\ "Basic realm = \\\\\\\" security \\\\\\\ "charset = \\\\\\\ "UTF-8 \\\\\\\"}}, \\\ "status \\\": 401} \ ", \" wwwAuthenticateDirective \ ": \" Basic realm = \\\ "security \\\" charset = \\\ "UTF-8 \ "

In the beginning I thought the problem was related to some parameter I was forgetting, but now it seems that for some mysterious reason when using docker-compose the authentication problem with the credential (user/password) happens no matter what.

For example, if I go to the browser to access ES, a screen pops up with login and password and it doesn't accept the credentials set up for ES done through docker-compose.yml.

Where is the Ghost?

Answer 1

I experienced the same problem, however, my setup is a bit different. I run elasticsearch in a kubernetes cluster. I solved it by setting the bootstrap password in the keystore instead of setting the environment variable ELASTIC_PASSWORD:

bin/elasticsearch-keystore add "bootstrap.password"

The official doc explains how the bootstrap password is working.