alza
(Ali)
January 26, 2020, 8:23am
1
I wonder if there is a way to password protect (not using SSL, just a simple password) the multi-node cluster (using Docker Compose and with basic/free license) that explained here ?
I tried to add ELASTIC_PASSWORD=mypass
as env variable to elastic nodes in docker-compose.yml
file but it didn't worked.
dadoonet
(David Pilato)
January 26, 2020, 9:08am
2
Here is how I'm setting that with docker compose ( docker-compose.yml
):
---
version: '3'
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:$ELASTIC_VERSION
environment:
- bootstrap.memory_lock=true
- discovery.type=single-node
- "ES_JAVA_OPTS=-Xms2g -Xmx2g"
- ELASTIC_PASSWORD=$ELASTIC_PASSWORD
- xpack.security.enabled=$ELASTIC_SECURITY
ulimits:
memlock:
soft: -1
hard: -1
ports:
- 9200:9200
networks: ['stack']
kibana:
image: docker.elastic.co/kibana/kibana:$ELASTIC_VERSION
environment:
- ELASTICSEARCH_USERNAME=elastic
- ELASTICSEARCH_PASSWORD=$ELASTIC_PASSWORD
ports: ['5601:5601']
networks: ['stack']
links: ['elasticsearch']
depends_on: ['elasticsearch']
networks:
stack: {}
.env
file is:
ELASTIC_VERSION=7.5.2
ELASTIC_SECURITY=true
ELASTIC_PASSWORD=changeme
alza
(Ali)
January 26, 2020, 9:31am
3
Thanks @dadoonet . It works for single-node elastic. But is does not works for multi-node ELK, and the main node of cluster shot down.
version: '2.2'
services:
es01:
image: docker.elastic.co/elasticsearch/elasticsearch:7.5.2
container_name: es01
environment:
- node.name=es01
- cluster.name=es-docker-cluster
- discovery.seed_hosts=es02,es03
- cluster.initial_master_nodes=es01,es02,es03
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- ELASTIC_PASSWORD=$ELASTIC_PASSWORD
- xpack.security.enabled=$ELASTIC_SECURITY
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- data01:/usr/share/elasticsearch/data
ports:
- 9200:9200
networks:
- elastic
es02:
image: docker.elastic.co/elasticsearch/elasticsearch:7.5.2
container_name: es02
environment:
- node.name=es02
- cluster.name=es-docker-cluster
- discovery.seed_hosts=es01,es03
- cluster.initial_master_nodes=es01,es02,es03
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- ELASTIC_PASSWORD=$ELASTIC_PASSWORD
- xpack.security.enabled=$ELASTIC_SECURITY
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- data02:/usr/share/elasticsearch/data
networks:
- elastic
es03:
image: docker.elastic.co/elasticsearch/elasticsearch:7.5.2
container_name: es03
environment:
- node.name=es03
- cluster.name=es-docker-cluster
- discovery.seed_hosts=es01,es02
- cluster.initial_master_nodes=es01,es02,es03
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- ELASTIC_PASSWORD=$ELASTIC_PASSWORD
- xpack.security.enabled=$ELASTIC_SECURITY
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- data03:/usr/share/elasticsearch/data
networks:
- elastic
volumes:
data01:
driver: local
data02:
driver: local
data03:
driver: local
networks:
elastic:
driver: bridge
dadoonet
(David Pilato)
January 26, 2020, 11:01am
4
You can't have "security" without encryption of data transfer between nodes.
Therefore you need to have TLS I think.
alza
(Ali)
January 26, 2020, 11:17am
5
Hmm...
and I think for TLS we can't use basic (free) license with multi-node !?
alza
(Ali)
January 26, 2020, 1:43pm
7
thanks @dadoonet , can you give me a hint how to do it, or probably send a blogpost or GitHub link.
I followed this link , but it uses xpack.license.self_generated.type=trial
, can I just change it to basic?
alza
(Ali)
January 27, 2020, 12:24pm
9
Thanks @dadoonet . It worked!
system
(system)
Closed
February 24, 2020, 12:24pm
10
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.