无法使用 Docker 启动 Elastic Search 8 和 Kibana
[英]Unable to start Elastic Search 8 and Kibana using Docker
问题描述
I used the following procedure to install Elastic Search and Kibana 8 RC2:
我使用以下过程安装 Elastic Search 和 Kibana 8 RC2:
# create the data directory on host for persistence
mkdir -p /data/elasticsearch/data
chmod 777 -R /data/elasticsearch/data
# create the elastic network
docker network create elastic
# run elastic search in background with data persistence in a single node configuration and test password
docker run -d -it --name els01 --net elastic -p 0.0.0.0:9200:9200 -p 0.0.0.0:9300:9300 -v /data/elasticsearch/data:/data/elasticsearch/data -e "discovery.type=single-node" -e ELASTIC_PASSWORD="test" -e KIBANA_PASSWORD="test" docker.elastic.co/elasticsearch/elasticsearch:8.0.0-rc2
# run kibana in background
docker run -d -it --name kib01 --net elastic -p 0.0.0.0:5601:5601 -e KIBANA_PASSWORD="test" -e "ELASTICSEARCH_HOSTS=https://els01:9200" docker.elastic.co/kibana/kibana:8.0.0-rc2
On the webpage http://10.0.2.1:5601/ , I get this error:在网页http://10.0.2.1:5601/上,我收到此错误:
Kibana server is not ready yet. Kibana 服务器还没有准备好。
docker logs --tail 50 --follow --timestamps f82efc804e9c returns this error: docker logs --tail 50 --follow --timestamps f82efc804e9c返回此错误:
Unable to retrieve version information from Elasticsearch nodes.无法从 Elasticsearch 节点检索版本信息。 self signed certificate in certificate chain证书链中的自签名证书
What do I need to change in order to have a functionnal Kibana on Elastic Search?为了在 Elastic Search 上拥有功能强大的 Kibana,我需要进行哪些更改?
Thanks谢谢
2 个解决方案
解决方案1
2 已采纳 2022-02-21 23:42:07
TLDR; TLDR;
Elasticsearch 8 comes with SSL/TLS enabled by default Kibana has to have the CA certificate to verify and connect to elasticsearch. Elasticsearch 8 默认启用 SSL/TLS, Kibana 必须拥有 CA 证书才能验证并连接到 elasticsearch。
To solve解决
How about you use the docker-compose file provided to set up a multi-cluster node .您如何使用提供的docker-compose 文件来设置多集群节点。 It will take care of the SSL/TLS certificate.它将处理 SSL/TLS 证书。
You will just need to你只需要
- delete services
es02andes03删除服务es02和es03 - update volumes path to be back on your actual set up.更新卷路径以恢复您的实际设置。
This could look like这可能看起来像
version: "2.2"
services:
setup:
image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
volumes:
- certs:/usr/share/elasticsearch/config/certs
user: "0"
command: >
bash -c '
if [ x${ELASTIC_PASSWORD} == x ]; then
echo "Set the ELASTIC_PASSWORD environment variable in the .env file";
exit 1;
elif [ x${KIBANA_PASSWORD} == x ]; then
echo "Set the KIBANA_PASSWORD environment variable in the .env file";
exit 1;
fi;
if [ ! -f certs/ca.zip ]; then
echo "Creating CA";
bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
unzip config/certs/ca.zip -d config/certs;
fi;
if [ ! -f certs/certs.zip ]; then
echo "Creating certs";
echo -ne \
"instances:\n"\
" - name: es01\n"\
" dns:\n"\
" - es01\n"\
" - localhost\n"\
" ip:\n"\
" - 127.0.0.1\n"\
> config/certs/instances.yml;
bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
unzip config/certs/certs.zip -d config/certs;
fi;
echo "Setting file permissions"
chown -R root:root config/certs;
find . -type d -exec chmod 750 \{\} \;;
find . -type f -exec chmod 640 \{\} \;;
echo "Waiting for Elasticsearch availability";
until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
echo "Setting kibana_system password";
until curl -s -X POST --cacert config/certs/ca/ca.crt -u elastic:${ELASTIC_PASSWORD} -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;
echo "All done!";
'
healthcheck:
test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"]
interval: 1s
timeout: 5s
retries: 120
es01:
depends_on:
setup:
condition: service_healthy
image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
volumes:
- certs:/usr/share/elasticsearch/config/certs
- type: bind
source: /data/elasticsearch/data
target: /usr/share/elasticsearch/data
ports:
- ${ES_PORT}:9200
environment:
- node.name=es01
- cluster.name=${CLUSTER_NAME}
- cluster.initial_master_nodes=es01,es02,es03
- discovery.seed_hosts=es02,es03
- ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
- bootstrap.memory_lock=true
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=certs/es01/es01.key
- xpack.security.http.ssl.certificate=certs/es01/es01.crt
- xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.http.ssl.verification_mode=certificate
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.key=certs/es01/es01.key
- xpack.security.transport.ssl.certificate=certs/es01/es01.crt
- xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.license.self_generated.type=${LICENSE}
mem_limit: ${MEM_LIMIT}
ulimits:
memlock:
soft: -1
hard: -1
healthcheck:
test:
[
"CMD-SHELL",
"curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
]
interval: 10s
timeout: 10s
retries: 120
kibana:
depends_on:
es01:
condition: service_healthy
es02:
condition: service_healthy
es03:
condition: service_healthy
image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
volumes:
- certs:/usr/share/kibana/config/certs
- kibanadata:/usr/share/kibana/data
ports:
- ${KIBANA_PORT}:5601
environment:
- SERVERNAME=kibana
- ELASTICSEARCH_HOSTS=https://es01:9200
- ELASTICSEARCH_USERNAME=kibana_system
- ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
- ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
mem_limit: ${MEM_LIMIT}
healthcheck:
test:
[
"CMD-SHELL",
"curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
]
interval: 10s
timeout: 10s
retries: 120
volumes:
certs:
driver: local
esdata01:
driver: local
kibanadata:
driver: local
解决方案2
0 2022-08-23 16:47:20
My version for single node configuration and without env variables:我的单节点配置版本,没有环境变量:
version: "2.2"
services:
setup:
image: docker.elastic.co/elasticsearch/elasticsearch:8.3.3
volumes:
- ./volumes/data/es/certs:/usr/share/elasticsearch/config/certs
user: "0"
command: >
bash -c '
if [ ! -f certs/ca.zip ]; then
echo "Creating CA";
bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
unzip config/certs/ca.zip -d config/certs;
fi;
if [ ! -f certs/certs.zip ]; then
echo "Creating certs";
echo -ne \
"instances:\n"\
" - name: es01\n"\
" dns:\n"\
" - es01\n"\
" - localhost\n"\
" ip:\n"\
" - 127.0.0.1\n"\
> config/certs/instances.yml;
bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
unzip config/certs/certs.zip -d config/certs;
fi;
echo "Setting file permissions"
chown -R root:root config/certs;
find . -type d -exec chmod 750 \{\} \;;
find . -type f -exec chmod 640 \{\} \;;
echo "Waiting for Elasticsearch availability";
until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
echo "Setting kibana_system password";
until curl -s -X POST --cacert config/certs/ca/ca.crt -u elastic:E0glIRkUbVak8f4aHZe -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"E0glIRkUbVak8f4aHZk\"}" | grep -q "^{}"; do sleep 10; done;
echo "All done!";
'
healthcheck:
test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"]
interval: 1s
timeout: 5s
retries: 120
es01:
depends_on:
setup:
condition: service_healthy
image: docker.elastic.co/elasticsearch/elasticsearch:8.3.3
volumes:
- ./volumes/data/es/certs:/usr/share/elasticsearch/config/certs
- ./volumes/data/es/es01:/usr/share/elasticsearch/data
ports:
- 9200:9200
environment:
- node.name=es01
- discovery.type=single-node
- ELASTIC_PASSWORD=<ELASTIC_PASSWORD>
- bootstrap.memory_lock=true
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=certs/es01/es01.key
- xpack.security.http.ssl.certificate=certs/es01/es01.crt
- xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.http.ssl.verification_mode=certificate
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.key=certs/es01/es01.key
- xpack.security.transport.ssl.certificate=certs/es01/es01.crt
- xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.license.self_generated.type=basic
mem_limit: 1073741824
ulimits:
memlock:
soft: -1
hard: -1
healthcheck:
test:
[
"CMD-SHELL",
"curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
]
interval: 10s
timeout: 10s
retries: 120
kibana:
depends_on:
es01:
condition: service_healthy
image: docker.elastic.co/kibana/kibana:8.3.3
volumes:
- ./volumes/data/es/certs:/usr/share/kibana/config/certs
- ./volumes/data/es/kibanadata:/usr/share/kibana/data
ports:
- 5601:5601
environment:
- SERVERNAME=kibana
- ELASTICSEARCH_HOSTS=https://es01:9200
- ELASTICSEARCH_USERNAME=kibana_system
- ELASTICSEARCH_PASSWORD=<KIBANA_SYSTEM_PASSWORD>
- ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
mem_limit: 1073741824
healthcheck:
test:
[
"CMD-SHELL",
"curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
]
interval: 10s
timeout: 10s
retries: 120
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
Kibana docker 与外部弹性搜索组合 - Kibana docker compose with external elastic search
使用docker的弹性搜索无法启动 - Elastic search with docker does not start
如果使用docker安装了elasticsearch和kibana,如何创建ES集群和存储数据 - how to create ES cluster and store data if elastic search and kibana is installed using docker
需要一个 docker-compose 来安装弹性搜索和 kibana 以及 kibana 密码,用于 ELK 堆栈版本 8 - Need a docker-compose for installing elastic search and kibana with password for kibana, for ELK stack version 8
filebeat 没有在 ec2 上使用弹性搜索和 kibana 运行,没有使用 logstash - filebeat not running with elastic search and kibana on ec2 not using logstash
Docker:无法连接到弹性搜索表单Spring Boot Docker映像 - Docker: Unable to connect to elastic search form spring boot docker image
无法使用docker在Apple Mac芯片M1上启动弹性搜索 - Unable to launch the elastic search on Apple Mac chip M1 using docker
Elastic with Kibana on docker 使 Kibana 服务器尚未准备好 - Elastic with Kibana on docker gives Kibana server is not ready yet
无法使用docker-compose连接到kibana / elasticsearch - Unable to connect to kibana/elasticsearch using docker-compose
无法在 RHEL 7 服务器中使用 docker-compose 拉动 elasticsearch 和 kibana - Unable to pull elasticsearch and kibana using docker-compose in RHEL 7 server
相关标签