I wonder if there is a way to password protect (not using SSL, just a simple password) the multi-node cluster (using Docker Compose and with basic/free license) that explained here?
I tried to add ELASTIC_PASSWORD=mypass as env variable to elastic nodes in docker-compose.yml file but it didn't worked.
Here is how I'm setting that with docker compose ( docker-compose.yml):
---
version: '3'
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:$ELASTIC_VERSION
environment:
- bootstrap.memory_lock=true
- discovery.type=single-node
- "ES_JAVA_OPTS=-Xms2g -Xmx2g"
- ELASTIC_PASSWORD=$ELASTIC_PASSWORD
- xpack.security.enabled=$ELASTIC_SECURITY
ulimits:
memlock:
soft: -1
hard: -1
ports:
- 9200:9200
networks: ['stack']
kibana:
image: docker.elastic.co/kibana/kibana:$ELASTIC_VERSION
environment:
- ELASTICSEARCH_USERNAME=elastic
- ELASTICSEARCH_PASSWORD=$ELASTIC_PASSWORD
ports: ['5601:5601']
networks: ['stack']
links: ['elasticsearch']
depends_on: ['elasticsearch']
networks:
stack: {}
.env file is:
ELASTIC_VERSION=7.5.2
ELASTIC_SECURITY=true
ELASTIC_PASSWORD=changeme
Thanks @dadoonet. It works for single-node elastic. But is does not works for multi-node ELK, and the main node of cluster shot down.
version: '2.2'
services:
es01:
image: docker.elastic.co/elasticsearch/elasticsearch:7.5.2
container_name: es01
environment:
- node.name=es01
- cluster.name=es-docker-cluster
- discovery.seed_hosts=es02,es03
- cluster.initial_master_nodes=es01,es02,es03
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- ELASTIC_PASSWORD=$ELASTIC_PASSWORD
- xpack.security.enabled=$ELASTIC_SECURITY
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- data01:/usr/share/elasticsearch/data
ports:
- 9200:9200
networks:
- elastic
es02:
image: docker.elastic.co/elasticsearch/elasticsearch:7.5.2
container_name: es02
environment:
- node.name=es02
- cluster.name=es-docker-cluster
- discovery.seed_hosts=es01,es03
- cluster.initial_master_nodes=es01,es02,es03
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- ELASTIC_PASSWORD=$ELASTIC_PASSWORD
- xpack.security.enabled=$ELASTIC_SECURITY
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- data02:/usr/share/elasticsearch/data
networks:
- elastic
es03:
image: docker.elastic.co/elasticsearch/elasticsearch:7.5.2
container_name: es03
environment:
- node.name=es03
- cluster.name=es-docker-cluster
- discovery.seed_hosts=es01,es02
- cluster.initial_master_nodes=es01,es02,es03
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- ELASTIC_PASSWORD=$ELASTIC_PASSWORD
- xpack.security.enabled=$ELASTIC_SECURITY
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- data03:/usr/share/elasticsearch/data
networks:
- elastic
volumes:
data01:
driver: local
data02:
driver: local
data03:
driver: local
networks:
elastic:
driver: bridgeYou can't have "security" without encryption of data transfer between nodes.
Therefore you need to have TLS I think.
Hmm...
and I think for TLS we can't use basic (free) license with multi-node!?
You can.
thanks @dadoonet, can you give me a hint how to do it, or probably send a blogpost or GitHub link.
I followed this link, but it uses xpack.license.self_generated.type=trial, can I just change it to basic?
I'd remove this line
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.