1. 技术文章
  2. Enable Authentication in elasticsearch with docker environment variable

Enable Authentication in elasticsearch with docker environment variable

依然范特西╮ 提交于 2020-04-14 21:05:13

问题


I would like to ask how will I be able to enable authentication (x-pack). In my case I am using docker image of elasticsearch v.6.2.4. My problem is that xpack is installed but it is not asking for credentials.

Thank you for your help!

I know that xpack is installed because of this in my kibana enter image description here


回答1:


Enable Security in Elasticsearch using docker

Update the environment variables t enable true

environment:
  - "discovery.type=single-node"
  - ELASTICSEARCH_USERNAME=elastic
  - ELASTICSEARCH_PASSWORD=MagicWord
  - xpack.security.enabled=true

Here is the sample, docker-compose.yml file for the elasticseaarch and kibana

version: '3.4'

services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:6.6.0
    container_name: elasticsearch
    environment:
        - "discovery.type=single-node"
        - ELASTICSEARCH_USERNAME=elastic
        - ELASTICSEARCH_PASSWORD=MagicWord
        - xpack.security.enabled=true
      ports:
        - 32769:9200
        - 32770:9300
      networks:
        - elastic

    kibana:
      image: docker.elastic.co/kibana/kibana:6.6.0
      container_name: kibana
      environment:
        - ELASTICSEARCH_URL="http://elasticsearch:9200"
        - ELASTICSEARCH_USERNAME=elastic
       - ELASTICSEARCH_PASSWORD=MagicWord
        - xpack.security.enabled=true
      links:
       - elasticsearch
      ports: 
        - 5601:5601
      networks: 
  - elastic
      depends_on: 
        - elasticsearch  

  networks:
    elastic:
        driver: bridge



回答2:


Maybe I came too late... but I had this problem today and digging found tha you don't have to set the user, just the password. This is the docker-compose file

version: '3.6'
services:
  elasticsearchNode:
    image: elasticsearch:$STACK_VERSION
    container_name: elasticsearchNode
    environment:
      discovery.type: 'single-node'
      ELASTIC_PASSWORD: $ELK_PASS
      cluster.name: 'dockercluster'
      node.name: 'node-master'
      bootstrap.memory_lock: 'true'
      ES_JAVA_OPTS: '-Xms512m -Xmx512m'
      xpack.security.enabled: 'true'
    ports:
      - 9200:9200
      - 9300:9300
    networks:
      - docker_elk_node
volumes:
  esdataNode:
networks:
  docker_elk_node:

and the .env file

COMPOSE_PROJECT_NAME=es
STACK_VERSION=7.6.0
ELK_PASS=MyPassWord



回答3:


Elasticsearch security features that come with Xpack are not for free, there is a trial version for a month and then a paid version.

But according to this elastic blog, it is for free starting in versions (6.8.0 and 7.1.0) .

I write this awnser to activate free Elasticsearch security features with docker compose.

Remember that when using the the below code, both Kibana and Elasticsearch node are secure with username and password, so rest client that access Elasticsearch must have the credential, this awnser will help

That's my code:

version: '3'

services:
  create_certs:
    container_name: create_certs
    image: docker.elastic.co/elasticsearch/elasticsearch:6.8.0
    command: >
      bash -c '
        if [[ ! -f ./config/certificates/elastic-certificates.p12 ]]; then
          bin/elasticsearch-certutil cert -out config/certificates/elastic-certificates.p12 -pass ""
        fi;
        chown -R 1000:0 /usr/share/elasticsearch/config/certificates
      '
    user: "0"
    working_dir: /usr/share/elasticsearch
    volumes: ['certs:/usr/share/elasticsearch/config/certificates']

  elasticsearch:
    container_name: elasticsearch
    depends_on: [create_certs]
    image: docker.elastic.co/elasticsearch/elasticsearch:6.8.0
    environment:
      - cluster.name=docker-cluster
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - ELASTIC_PASSWORD=MyPassword # password for default user: elastic 
      - xpack.security.enabled=true
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.security.transport.ssl.keystore.path=/usr/share/elasticsearch/config/certificates/elastic-certificates.p12
      - xpack.security.transport.ssl.truststore.path=/usr/share/elasticsearch/config/certificates/elastic-certificates.p12
    volumes: ['esdata:/usr/share/elasticsearch/data', 'certs:/usr/share/elasticsearch/config/certificates']
    ulimits:
      nofile:
        soft: 65536
        hard: 65536
      memlock:
        soft: -1
        hard: -1
    ports:
      - "9200:9200"

  kibana:
    container_name: kibana
    depends_on: [elasticsearch]
    image: docker.elastic.co/kibana/kibana:6.8.0
    environment:
      - ELASTICSEARCH_USERNAME=elastic
      - ELASTICSEARCH_PASSWORD=MyPassword
    ports:
      - "5601:5601"

volumes: {"esdata", "certs"}


来源:https://stackoverflow.com/questions/50832249/enable-authentication-in-elasticsearch-with-docker-environment-variable

标签
ElasticSearch
docker-compose
elasticsearch-x-pack
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!