I am trying to run ELK through docker-compose with TLS enabled , but I am getting the same error still when typing docker-compose up -d :
Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting "/run/desktop/mnt/host/d/Work/src/elk-tls-docker/secrets/certificates/elasticsearch/elasticsearch.crt" to rootfs at "/usr/share/elasticsearch/config/elasticsearch.crt": mount /run/desktop/mnt/host/d/Work/src/elk-tls-docker/secrets/certificates/elasticsearch/elasticsearch.crt:/usr/share/elasticsearch/config/elasticsearch.crt (via /proc/self/fd/9), flags: 0x5001: not a directory: unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type
here is my docker-compose.yml file
version: '3.5'
# will contain all elasticsearch data.
volumes:
data:
secrets:
ca.crt:
file: ./secrets/certificate_authority/ca/ca.crt
elasticsearch.keystore:
file: ./secrets/elasticsearch.keystore
elastic-stack-ca.p12:
file: ./secrets/certificate_authority/elastic-stack-ca.p12
elasticsearch.key:
file: ./secrets/certificates/elasticsearch/elasticsearch.key
elasticsearch.cert:
file: ./secrets/certificates/elasticsearch/elasticsearch.crt
kibana.key:
file: ./secrets/certificates/kibana/kibana.key
kibana.cert:
file: ./secrets/certificates/kibana/kibana.crt
logstash.pkcs8.key:
file: ./secrets/certificates/logstash/logstash.pkcs8.key
logstash.key:
file: ./secrets/certificates/logstash/logstash.key
logstash.p12:
file: ./secrets/keystores/logstash/logstash.p12
logstash.cert:
file: ./secrets/certificates/logstash/logstash.crt
filebeat.key:
file: ./secrets/certificates/filebeat/filebeat.key
filebeat.cert:
file: ./secrets/certificates/filebeat/filebeat.crt
metricbeat.key:
file: ./secrets/certificates/metricbeat/metricbeat.key
metricbeat.cert:
file: ./secrets/certificates/metricbeat/metricbeat.crt
packetbeat.key:
file: ./secrets/certificates/packetbeat/packetbeat.key
packetbeat.cert:
file: ./secrets/certificates/packetbeat/packetbeat.crt
services:
elasticsearch:
container_name: elasticsearch
hostname: elasticsearch
build:
context: elasticsearch/
args:
ELK_VERSION: ${ELK_VERSION}
restart: unless-stopped
environment:
CONFIG_DIR: ${ELASTIC_DIR}/config
ELASTIC_USERNAME: ${ELASTIC_USERNAME}
ELASTIC_PASSWORD: ${ELASTIC_PASSWORD}
ES_JAVA_OPTS: -Xmx${ELASTICSEARCH_HEAP} -Xms${ELASTICSEARCH_HEAP}
bootstrap.memory_lock: "true"
discovery.type: single-node
volumes:
- data:${ELASTIC_DIR}
- ./elasticsearch/config/elasticsearch.yml:${ELASTIC_DIR}/config/elasticsearch.yml:ro
secrets:
- source: elasticsearch.keystore
target: ${ELASTIC_DIR}/config/elasticsearch.keystore
- source: ca.crt
target: ${ELASTIC_DIR}/config/ca.crt
- source: elasticsearch.cert
target: ${ELASTIC_DIR}/config/elasticsearch.crt
- source: elasticsearch.key
target: ${ELASTIC_DIR}/config/elasticsearch.key
ports:
- "9200:9200"
- "9300:9300"
healthcheck:
test: curl -s https://elasticsearch:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi
interval: 30s
timeout: 10s
retries: 5
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 200000
hard: 200000
networks:
- elk
kibana:
container_name: kibana
hostname: kibana
build:
context: kibana/
args:
ELK_VERSION: $ELK_VERSION
restart: unless-stopped
volumes:
- ./kibana/config/kibana.yml:${KIBANA_DIR}/config/kibana.yml:ro
environment:
CONFIG_DIR: ${KIBANA_DIR}/config
ELASTIC_USERNAME: ${ELASTIC_USERNAME}
ELASTIC_PASSWORD: ${ELASTIC_PASSWORD}
ENCRYPTION_KEY: ${XPACK_ENCRYPTION_KEY}
KIBANA_URL: ${KIBANA_URL}
secrets:
- source: ca.crt
target: ${KIBANA_DIR}/config/ca.crt
- source: kibana.cert
target: ${KIBANA_DIR}/config/kibana.crt
- source: kibana.key
target: ${KIBANA_DIR}/config/kibana.key
healthcheck:
test: curl -s https://kibana:5601 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi
interval: 30s
timeout: 10s
retries: 5
ports:
- "5601:5601"
networks:
- elk
depends_on:
- elasticsearch
logstash:
container_name: logstash
hostname: logstash
build:
context: logstash/
args:
ELK_VERSION: $ELK_VERSION
restart: unless-stopped
volumes:
- ./logstash/config/logstash.yml:${LOGSTASH_DIR}/config/logstash.yml
- ./logstash/pipeline/logstash.conf:${LOGSTASH_DIR}/pipeline/logstash.conf
- ./logstash/pipeline/metricbeat.conf:${LOGSTASH_DIR}/pipeline/metricbeat.conf
environment:
path.settings: null
CONFIG_DIR: ${LOGSTASH_DIR}/config
ELASTIC_USERNAME: ${ELASTIC_USERNAME}
ELASTIC_PASSWORD: ${ELASTIC_PASSWORD}
LS_JAVA_OPTS: "-Xmx${LOGSTASH_HEAP} -Xms${LOGSTASH_HEAP}"
secrets:
- source: ca.crt
target: ${LOGSTASH_DIR}/config/ca.crt
- source: logstash.cert
target: ${LOGSTASH_DIR}/config/logstash.crt
- source: logstash.pkcs8.key
target: ${LOGSTASH_DIR}/config/logstash.pkcs8.key
- source: logstash.key
target: ${LOGSTASH_DIR}/config/logstash.key
- source: logstash.p12
target: ${LOGSTASH_DIR}/config/logstash.p12
networks:
- elk
ports:
- "12201:12201/udp"
- "5044:5044"
- "5045:5045/tcp"
- "5046:5046"
- "9600:9600"
- "5000:5000/tcp"
- "5000:5000/udp"
depends_on:
- elasticsearch
- kibana
packetbeat:
container_name: packetbeat
hostname: packetbeat
user: root
build:
context: packetbeat/
args:
ELK_VERSION: $ELK_VERSION
restart: unless-stopped
cap_add:
- NET_ADMIN
- NET_RAW
command: packetbeat -e -strict.perms=false
volumes:
- ./packetbeat/config/packetbeat.yml:${PACKETBEAT_DIR}/packetbeat.yml:ro
- /var/run/docker.sock:/var/run/docker.sock
environment:
CONFIG_DIR: ${PACKETBEAT_DIR}/config
ELASTIC_USERNAME: ${ELASTIC_USERNAME}
ELASTIC_PASSWORD: ${ELASTIC_PASSWORD}
LS_JAVA_OPTS: "-Xmx${PACKETBEAT_HEAP} -Xms${PACKETBEAT_HEAP}"
secrets:
- source: ca.crt
target: /etc/pki/ca-trust/source/anchors/ca.crt
- source: packetbeat.cert
target: ${PACKETBEAT_DIR}/config/packetbeat.crt
- source: packetbeat.key
target: ${PACKETBEAT_DIR}/config/packetbeat.key
networks:
- elk
depends_on:
- logstash
metricbeat:
container_name: metricbeat
hostname: metricbeat
user: root
build:
context: metricbeat/
args:
ELK_VERSION: $ELK_VERSION
restart: unless-stopped
cap_add:
- NET_ADMIN
- NET_RAW
command:
- /bin/bash
- -c
- while true; do metricbeat -e; sleep 1; done
volumes:
- ./metricbeat/config/metricbeat.yml:${METRICBEAT_DIR}/metricbeat.yml
- /var/run/docker.sock:/var/run/docker.sock
environment:
CONFIG_DIR: ${METRICBEAT_DIR}/config
ELASTIC_USERNAME: ${ELASTIC_USERNAME}
ELASTIC_PASSWORD: ${ELASTIC_PASSWORD}
LS_JAVA_OPTS: "-Xmx${METRICBEAT_HEAP} -Xms${METRICBEAT_HEAP}"
secrets:
- source: elastic-stack-ca.p12
target: /etc/pki/ca-trust/source/anchors/elastic-stack-ca.p12
- source: ca.crt
target: /etc/pki/ca-trust/source/anchors/ca.crt
- source: metricbeat.cert
target: ${METRICBEAT_DIR}/config/metricbeat.crt
- source: metricbeat.key
target: ${METRICBEAT_DIR}/config/metricbeat.key
networks:
- elk
depends_on:
- logstash
- kibana
filebeat:
container_name: filebeat
hostname: filebeat
build:
context: filebeat/
args:
ELK_VERSION: $ELK_VERSION
restart: unless-stopped
command: >
sh -c "filebeat -e"
volumes:
- ./filebeat/config/filebeat.yml:${FILEBEAT_DIR}/filebeat.yml:ro
environment:
CONFIG_DIR: ${FILEBEAT_DIR}/config
LS_JAVA_OPTS: "-Xmx${FILEBEAT_HEAP} -Xms${FILEBEAT_HEAP}"
ELASTIC_USERNAME: ${ELASTIC_USERNAME}
ELASTIC_PASSWORD: ${ELASTIC_PASSWORD}
secrets:
- source: ca.crt
target: ${FILEBEAT_DIR}/config/ca.crt
- source: filebeat.cert
target: ${FILEBEAT_DIR}/config/filebeat.crt
- source: filebeat.key
target: ${FILEBEAT_DIR}/config/filebeat.key
ports:
- "9000:9000"
networks:
- elk
depends_on:
- logstash
elastic-agent:
container_name: elastic-agent
hostname: elastic-agent
build:
context: elastic-agent/
args:
ELK_VERSION: $ELK_VERSION
restart: unless-stopped
environment:
FLEET_CA: '/ca.crt'
ELK_VERSION: ${ELK_VERSION}
KIBANA_HOST: "https://kibana:5601"
ELASTICSEARCH_USERNAME: ${ELASTIC_USERNAME}
ELASTICSEARCH_PASSWORD: ${ELASTIC_PASSWORD}
ELASTICSEARCH_HOSTS: "https://elasticsearch:9200"
FLEET_ENROLL_INSECURE: 1
ENROLL_FORCE: 1
PREFLIGHT_CHECK: 1
secrets:
- source: ca.crt
target: /ca.crt
ports:
- "22:22"
networks:
- elk
depends_on:
- logstash
networks:
elk:
driver: bridge
Here is my .env file:
ELK_VERSION=7.16.0
ELASTIC_USERNAME=elastic
ELASTIC_PASSWORD=changeme
KIBANA_URL=https://0.0.0.0:5601
# Configuration Variables
ELASTICSEARCH_HEAP=2g
LOGSTASH_HEAP=1g
PACKETBEAT_HEAP=250m
FILEBEAT_HEAP=250m
METRICBEAT_HEAP=250m
XPACK_ENCRYPTION_KEY=ert24tzzuuuuiolo
# Self signed TLS certificates
CA_PASSWORD=changeme
CA_DAYS=3650
ELASTIC_DIR=/usr/share/elasticsearch
LOGSTASH_DIR=/usr/share/logstash
KIBANA_DIR=/usr/share/kibana
PACKETBEAT_DIR=/usr/share/packetbeat
FILEBEAT_DIR=/usr/share/filebeat
METRICBEAT_DIR=/usr/share/metricbeat
# Letsencrypt certificates
## Setting STAGING to true means it will generate self-signed certificates
## Setting STAGING to false means it will generate letsencrypt certificates
# STAGING=false
STAGING=true
# swag Configuration
DOMAIN=mydomain.com
SUBDOMAIN=kibana
SUBFOLDER=kibana
EMAIL=email@email.com
TIMEZONE=America/Chicago
