I wanted to try out Alerting in Kibana so security needs to be enabled. However, both logstash and kibana isn't able to log into Elasticsearch
ELK version: 7.10.1
docker-compose.log.yml
version: '3.4'
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.10.1
container_name: elasticsearch
expose:
- 9200
ports:
- "9200:9200"
environment:
ES_JAVA_OPTS: "-Xms1g -Xmx1g"
discovery.type: "single-node"
node.store.allow_mmap: "false"
xpack.security.enabled: "true"
ELASTIC_USERNAME: "elastic"
ELASTIC_PASSWORD: "208SBhMQIRynj206JJ73"
kibana:
image: docker.elastic.co/kibana/kibana:7.10.1
container_name: kibana
ports:
- "5601:5601"
environment:
ELASTIC_USERNAME: "kibana_system"
ELASTIC_PASSWORD: "55tgVaDoSnEyPfNAwHzZ"
discovery.type: "single-node"
xpack.security.enabled: "true"
xpack.security.encryptionKey: "fasfhasfy893rdn123o4238fn4523nf3fn532f5n2"
xpack.encryptedSavedObjects.encryptionKey: "fasfhasfy893rdn123o4238fn4523nf3fn532f5n2"
logstash-agent:
image: logstash:7.10.1
volumes:
- ./log/logstash-agent:/etc/logstash
environment:
xpack.security.enabled: "true"
ELASTIC_USERNAME: "logstash_system"
ELASTIC_PASSWORD: "QU0Hq68nnBGpd02OJshB"
command: logstash -f /etc/logstash/logstash.conf
ports:
- "12201:12201/udp"
logstash-central:
image: logstash:7.10.1
volumes:
- ./log/logstash-central:/etc/logstash
environment:
xpack.security.enabled: "true"
ELASTIC_USERNAME: "logstash_system"
ELASTIC_PASSWORD: "QU0Hq68nnBGpd02OJshB"
command: logstash -f /etc/logstash/logstash.conf
redis-cache:
image: bitnami/redis:6.0
logstash-agent/logstash.yml
input {
gelf {
port => 12201
}
}output {
redis {
host => "redis-cache"
data_type => "list"
key => "logstash"
}
}
logstash-central/logstash.yml
input {
redis {
host => "redis-cache"
type => "redis-input"
data_type => "list"
key => "logstash"
}
}output {
elasticsearch {
hosts => ["elasticsearch:9200"]
}
}
Run with
docker-compose -f docker-compose.log.yml up
I set up password with
docker exec -it elasticsearch bash
bin/elasticsearch-setup-passwords auto
Then copy the passwords in the yml file above.
Restart stack
ctrl+C
docker-compose -f docker-compose.log.yml up
I am able to log into Elasticsearch
curl -u elastic:208SBhMQIRynj206JJ73 http://localhost:9200/_security/_authenticate | jq
{
"username": "elastic",
"roles": [
"superuser"
],
"full_name": null,
"email": null,
"metadata": {
"_reserved": true
},
"enabled": true,
"authentication_realm": {
"name": "reserved",
"type": "reserved"
},
"lookup_realm": {
"name": "reserved",
"type": "reserved"
},
"authentication_type": "realm"
}
However, all kibana, kibana_system and logstash fail to login.
curl -u kibana_system:55tgVaDoSnEyPfNAwHzZ http://localhost:9200/_security/_authenticate | jq
{
"error": {
"root_cause": [
{
"type": "security_exception",
"reason": "unable to authenticate user [kibana_system] for REST request [/_security/_authenticate]",
"header": {
"WWW-Authenticate": "Basic realm=\"security\" charset=\"UTF-8\""
}
}
],
"type": "security_exception",
"reason": "unable to authenticate user [kibana_system] for REST request [/_security/_authenticate]",
"header": {
"WWW-Authenticate": "Basic realm=\"security\" charset=\"UTF-8\""
}
},
"status": 401
}
docker logs kibana
output