I have upgraded my Dev environment ELK stack to v 7.10.2 and I have authentication issues with connecting Kibana to Elasticsearch.
Scenario
The ELK stack is in Docker containers deployed in Swarm mode via a docker-compose.yml file.
Services:
Containers:
The Kibana service is running but in the log I get
{"type":"log","@timestamp":"2022-02-04T11:07:56Z","tags":["error","elasticsearch","data"],"pid":8,"message":"[ConnectionError]: connect ECONNREFUSED :9200"}
{"type":"log","@timestamp":"2022-02-04T11:07:56Z","tags":["error","savedobjects-service"],"pid":8,"message":"Unable to retrieve version information from Elasticsearch nodes."}
{"type":"log","@timestamp":"2022-02-04T11:07:58Z","tags":["error","elasticsearch","data"],"pid":8,"message":"[ResponseError]: Response Error"}
When I try to reach Elasticsearch I get as a response
<html>
<body>
<h1>401 Unauthorized</h1>
You need a valid user and password to access this content.
</body>
</html>
I know I have to set the built-in users' passwords through the command ./bin/elasticsearch-setup-passwords interactive but here's my first question: where should I run this command, inside the Elasticsearch container? Because if so I've opened a Bash terminal in the container and I can't find any elasticsearch-setup-passwords scripts to run, it simply isn't there.
On top of that I have additional questions:
- should I add any security or authentication properties in the Elasticsearch config file?
- aside of elasticsearch.username and elasticsearch.password should I add any security or authentication properties in the Kibana config file?
- since the Elasticsearch container is removed and recreated from scratch every time the Docker stack is removed, is there a way to automatically run that elasticsearch-setup-passwords script every time the container is recreated? In pure Docker Compose we could add commands in the Dockerfile but Swarm ignores that file as it ignores the Build command so...
I'm at a loss, any suggestion is more than welcome