Reputation: 3598
Unable to log into elastic search
I am trying to set up Filebeats/Elasticsearch/Kibana to monitor log files for my application.
I have the fairly minimal compose show below.
When I go to localhost:19200, I was able to get elastic search responses before I enabled security. Now, it prompts me to sign in. However, neither elastic and change nor kibana and changeme are accepted.
Attempting to change the password with curl by
curl -XPOST -u elastic:changeme 'localhost:19200/_security/user/elastic/_password' -H "Content-Type: application/json" -d "{
\"password\" : \"insecure\"
}"
also fails with an authentication error.
From the server log, the error is
elasticsearch_1 | {"type": "server", "timestamp": "2019-09-16T20:59:06,588+0000", "level": "INFO", "component": "o.e.x.s.a.AuthenticationService", "cluster.name": "compass", "node.name": "node-1", "cluster.uuid": "RZ_T1pT5Tp--3Jm8q89NVw", "node.id": "Q-lFQ58gRGOPPOEyzy6Vrw", "message": "Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]" }
The JSON returned to curl is
{"error":{"root_cause":[{"type":"security_exception","reason":"failed to authenticate user [elastic]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"failed to authenticate user [elastic]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}
What am I doing wrong?
docker-compose.yml
version: "2.4"
services:
# Accumulate logs into elasticstack
elasticsearch:
image: "docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION}"
environment:
- http.host=0.0.0.0
- transport.host=127.0.0.1
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms${ES_JVM_HEAP} -Xmx${ES_JVM_HEAP}"
mem_limit: ${ES_MEM_LIMIT}
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- ./config/elasticsearch/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- data:/usr/share/elasticsearch/data
#Port 9200 is available on the host. Need to for user to access as well as Packetbeat
ports: ['19200:9200']
#Healthcheck to confirm availability of ES. Other containers wait on this.
healthcheck:
test: ["CMD", "curl","-s" ,"-f", "-u", "elastic:${ES_PASSWORD}", "http://localhost:9200/_cat/health"]
#Internal network for the containers
networks: ['stack']
volumes:
#Es data
data:
driver: local
networks: {stack: {}}
.env
#ELK Stack
ELASTIC_VERSION=7.3.2
ES_PASSWORD=insecure
ES_MEM_LIMIT=2g
ES_JVM_HEAP=1024m
config/elasticsearch/elasticsearch.yml
cluster.name: compass
node.name: node-1
path.data: /usr/share/elasticsearch/data
http.port: 9200
network.host: 0.0.0.0
xpack.security:
enabled: true
transport.ssl.enabled: true
Upvotes: 0
Views: 8706
Answers (1)
Reputation: 1691
You should set up the built-in user passwords when you enable security, using
./bin/elasticsearch-setup-passwords interactive
See https://www.elastic.co/guide/en/elastic-stack-overview/current/get-started-built-in-users.html
Upvotes: 2
Related Questions
- Enable Authentication in Elasticsearch with docker environment variable
- Logging to Elastic search is not working while pointing to docker url in Api docker image
- Elasticsearch Unreachable: Connection refused
- elastichead is not connecting with elasticsearch docker container
- Not able to connect to Elasticsearch from docker container (node.js client)
- Not able to access elasticsearch from docker container
- ElasticSearch container won't start up in Docker
- Unable to access elasticsearch running in docker on mac OS X
- Docker: Unable to connect to elastic search form spring boot docker image
- Can not connect to elasticsearch container in docker