0

I want to use the elk stack with docker.

for this i created a docker-compose file. Everything works fine as long as I have X-Pack deactivated.

But now I want to have a login in the kibana UI and therefore i want to use the x-pack

I defined the UserName and Passsword in the environment of the elasticsearch and also logstash.

But i always get this exceptionm

elasticsearch_1 | [2017-11-27T09:25:58,190][INFO ][o.e.x.s.a.AuthenticationService] [clEpqom] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]

Any hints of what i'm doing wrong? Here my docker-compose file:

version: '2'

services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch-platinum:6.0.0
    ports:
      - "9200:9200"
      - "9300:9300"
    environment:
      ELASTIC_USERNAME: "elastic"
      ELASTIC_PASSWORD: "MyPw123"
      http.cors.enabled: "true"
      http.cors.allow-origin: "*"
    networks:
      - elk

  logstash:
    image: docker.elastic.co/logstash/logstash:6.0.0
    environment:
      xpack.monitoring.elasticsearch.url: "172.17.0.1:9200"
      xpack.monitoring.elasticsearch.username: "elastic"
      xpack.monitoring.elasticsearch.password: "MyPw123"
    networks:
      - elk
    depends_on:
      - elasticsearch

  kibana:
    image: docker.elastic.co/kibana/kibana:6.0.0
    ports:
      - "5601:5601"
    networks:
      - elk
    depends_on:
      - elasticsearch
networks:
  elk:
    driver: bridge

UPDATE Using the default password "changeme" does work.

Boas Enkler
  • 12,264
  • 16
  • 69
  • 143
  • Maybe a 'stupid' remark but what happens when you don't use compose but start the containers manual and wait some seconds every time. (First ES, than logstash, than kibana)? Maybe Kibana tries to connect while logstash isn't up already? – lvthillo Nov 27 '17 at 09:44
  • didn't tryed it one by one but i can see that even after some minutess, when everything is up and running the error occurs – Boas Enkler Nov 27 '17 at 09:45
  • Can you with the api if the password is changed + logs are arrived in logstash? `curl -u elastic 'localhost:9200/_cat/indices?v` (check indices on ES) – lvthillo Nov 27 '17 at 09:50
  • some posted a comment that is now deleted, but it was right. when i use the default pw "changeme" it works... – Boas Enkler Nov 27 '17 at 09:58
  • Ow yeah, I deleted it because I thought it was deprecated for 6.0.0 (I didn't use the newest version yet). It seems the password didn't change by setting it in the docker compose file – lvthillo Nov 27 '17 at 09:59
  • @ivthillo but it works. but i don't know now how to change it ? I expected the config in the elastic search to do this. do i have to define others creds in the config file of elastic? – Boas Enkler Nov 27 '17 at 10:00
  • I earlier versions I used: `curl -u elastic -XPUT 'localhost:9200/_xpack/security/user/elastic/_password?pretty' -H 'Content-Type: application/json' -d' { "password": "supersecret" } '` – lvthillo Nov 27 '17 at 10:04
  • But it could be it's different in 6.0.0: https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-change-password.html (Post instead of Put, don't know if it matters actually) – lvthillo Nov 27 '17 at 10:04
  • ok thank you , the unexpected password was reason for this problem. i'll check it and maybe reopen another question if i find a problem. Can you post your comment as an answer so i can mark it as the solution ? – Boas Enkler Nov 27 '17 at 10:06

1 Answers1

1

You can change your elastic (admin) password in the cluster by using:

curl -u elastic -XPUT 'localhost:9200/_xpack/security/user/elastic/_password?prett‌​y' -H 'Content-Type: application/json' -d' 
{ 
    "password": "supersecret" 
}

The default password is changme.

If you really want to set your configuration in docker-compose I would recommend to look at this page. I think you can not set your elasticsearch password as environment variable for logstash (they are not in the env var list). You have to change it in config files or build your own image. (Same for Kibana I'm afraid).

lvthillo
  • 28,263
  • 13
  • 94
  • 127