Hi, I try to setup enterprise search in docker-compose, but idk why enterprisesearch isnt able to connect to Kibana. There is my complete docker-compose.yml :
services:
setup:
container_name: setup
image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
volumes:
- certs:/usr/share/elasticsearch/config/certs
user: "0"
command: >
bash -c '
if [ x${ELASTIC_PASSWORD} == x ]; then
echo "Set the ELASTIC_PASSWORD environment variable in the .env file";
exit 1;
elif [ x${KIBANA_PASSWORD} == x ]; then
echo "Set the KIBANA_PASSWORD environment variable in the .env file";
exit 1;
fi;
if [ ! -f config/certs/ca.zip ]; then
echo "Creating CA";
bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
unzip config/certs/ca.zip -d config/certs;
fi;
if [ ! -f config/certs/certs.zip ]; then
echo "Creating certs";
echo -ne \
"instances:\n"\
" - name: es01\n"\
" dns:\n"\
" - es01\n"\
" - localhost\n"\
" ip:\n"\
" - 127.0.0.1\n"\
> config/certs/instances.yml;
bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
unzip config/certs/certs.zip -d config/certs;
fi;
echo "Setting file permissions"
chown -R root:root config/certs;
find . -type d -exec chmod 750 \{\} \;;
find . -type f -exec chmod 640 \{\} \;;
echo "Waiting for Elasticsearch availability";
until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
echo "Setting kibana_system password";
until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;
echo "All done!";
'
healthcheck:
test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"]
interval: 1s
timeout: 5s
retries: 120
networks:
- esnet
es01:
container_name: es01
depends_on:
setup:
condition: service_healthy
image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
volumes:
- certs:/usr/share/elasticsearch/config/certs
- esdata01:/usr/share/elasticsearch/data
ports:
- ${ES_PORT}:9200
environment:
- node.name=es01
- cluster.name=${CLUSTER_NAME}
- cluster.initial_master_nodes=es01
# - cluster.initial_master_nodes=es01,es02,es03
# - cluster.initial_master_nodes=es01,es02
# - discovery.seed_hosts=es02,es03
# - discovery.seed_hosts=es02
# - discovery.type=single-node
- ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
- bootstrap.memory_lock=true
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=certs/es01/es01.key
- xpack.security.http.ssl.certificate=certs/es01/es01.crt
- xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.key=certs/es01/es01.key
- xpack.security.transport.ssl.certificate=certs/es01/es01.crt
- xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.license.self_generated.type=${LICENSE}
mem_limit: ${ES_MEM_LIMIT}
ulimits:
memlock:
soft: -1
hard: -1
healthcheck:
test:
[
"CMD-SHELL",
"curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
]
interval: 10s
timeout: 10s
retries: 120
networks:
- esnet
kibana:
container_name: kibana
depends_on:
es01:
condition: service_healthy
image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
volumes:
- certs:/usr/share/kibana/config/certs
- kibanadata:/usr/share/kibana/data
ports:
- ${KIBANA_PORT}:5601
environment:
- SERVERNAME=kibana
- ELASTICSEARCH_HOSTS=https://es01:9200
- ELASTICSEARCH_USERNAME=kibana_system
- ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
- ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
- ENTERPRISESEARCH_HOST=http://enterprisesearch:${ENTERPRISE_SEARCH_PORT}
mem_limit: ${KB_MEM_LIMIT}
healthcheck:
test:
[
"CMD-SHELL",
"curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
]
interval: 10s
timeout: 10s
retries: 120
networks:
- esnet
enterprisesearch:
container_name: enterprisesearch
depends_on:
es01:
condition: service_healthy
kibana:
condition: service_healthy
image: docker.elastic.co/enterprise-search/enterprise-search:${STACK_VERSION}
volumes:
- certs:/usr/share/enterprise-search/config/certs
- enterprisesearchdata:/usr/share/enterprise-search/config
ports:
- ${ENTERPRISE_SEARCH_PORT}:3002
environment:
- SERVERNAME=enterprisesearch
- secret_management.encryption_keys=[${ENCRYPTION_KEYS}]
- allow_es_settings_modification=true
- elasticsearch.host=https://es01:9200
- elasticsearch.username=elastic
- elasticsearch.password=${ELASTIC_PASSWORD}
- elasticsearch.ssl.enabled=true
- elasticsearch.ssl.certificate_authority=/usr/share/enterprise-search/config/certs/ca/ca.crt
- kibana.external_url=http://kibana:5601
mem_limit: ${AP_MEM_LIMIT}
healthcheck:
test:
[
"CMD-SHELL",
"curl -s -I http://localhost:3002 | grep -q 'HTTP/1.1 302 Found'",
]
interval: 10s
timeout: 10s
retries: 120
networks:
- esnet
nginx:
container_name: nginx
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:
- '80:80' # HTTP
- '443:443' # HTTPS
- '81:81' # Admin Web Port
volumes:
- nginx-data:/data
- nginx-letsencrypt:/etc/letsencrypt
- nginx-snippets:/snippets:ro
environment:
TZ: 'Europe/Berlin'
networks:
- esnet
volumes:
certs:
driver: local
name: certs
esdata01:
driver: local
name: esdata01
kibanadata:
driver: local
name: kibanadata
enterprisesearchdata:
driver: local
name: enterprisesearchdata
nginx-data:
driver: local
name: nginx-data
nginx-letsencrypt:
driver: local
name: nginx-letsencrypt
nginx-snippets:
driver: local
name: nginx-snippets
networks:
esnet:
driver: bridge
name: esnet
I think the problem is enterprisesearch try to access Kibana from localhost instead of kibana.
There is enterprisesearch logs :
enterprisesearch | Custom Enterprise Search configuration file detected, not overwriting it (any settings passed via environment will be ignored)
enterprisesearch | Found java executable in PATH
enterprisesearch | Java version detected: 11.0.23 (major version: 11)
enterprisesearch | Enterprise Search is starting...
enterprisesearch | [2024-09-12T09:38:09.894+00:00][7][4004][app-server][INFO]: Elastic Enterprise Search version=8.15.0, JRuby version=9.3.14.0, Ruby version=2.6.8, Rails version=6.1.7.7
enterprisesearch | [2024-09-12T09:38:11.321+00:00][7][4004][app-server][INFO]: Performing pre-flight checks for Elasticsearch running on https://es01:9200...
enterprisesearch | WARNING: An illegal reflective access operation has occurred
enterprisesearch | WARNING: Illegal reflective access by org.jruby.javasupport.binding.ConstantField (file:/usr/share/enterprise-search/lib/war/lib/jruby-core-9.3.14.0-complete.jar) to field sun.security.x509.X509CertImpl.SIG
enterprisesearch | WARNING: Please consider reporting this to the maintainers of org.jruby.javasupport.binding.ConstantField
enterprisesearch | WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
enterprisesearch | WARNING: All illegal access operations will be denied in a future release
enterprisesearch | [2024-09-12T09:38:11.973+00:00][7][4004][app-server][INFO]: Elasticsearch cluster is ready
enterprisesearch | [2024-09-12T09:38:11.975+00:00][7][4004][app-server][INFO]: Successfully connected to Elasticsearch
enterprisesearch | [2024-09-12T09:38:12.035+00:00][7][4004][app-server][INFO]: Successfully loaded Elasticsearch plugin information for all nodes
enterprisesearch | [2024-09-12T09:38:12.048+00:00][7][4004][app-server][INFO]: Elasticsearch running with an active basic license
enterprisesearch | [2024-09-12T09:38:12.084+00:00][7][4004][app-server][INFO]: Elasticsearch API key service is enabled
enterprisesearch | [2024-09-12T09:38:12.098+00:00][7][4004][app-server][INFO]: Elasticsearch will be used for authentication
enterprisesearch | [2024-09-12T09:38:12.100+00:00][7][4004][app-server][INFO]: Elasticsearch looks healthy and configured correctly to run Enterprise Search
enterprisesearch | [2024-09-12T09:38:12.102+00:00][7][4004][app-server][INFO]: Performing pre-flight checks for Kibana running on http://localhost:5601...
enterprisesearch | [2024-09-12T09:38:12.132+00:00][7][4004][app-server][WARN]: Failed to connect to Kibana backend. Make sure it is running and healthy.
enterprisesearch | [2024-09-12T09:38:12.135+00:00][7][4004][app-server][ERROR]: Could not connect to Kibana backend after 0 seconds.
enterprisesearch | [2024-09-12T09:38:12.136+00:00][7][4004][app-server][WARN]: Enterprise Search is unable to connect to Kibana. Ensure it is running at http://localhost:5601 for user elastic.
enterprisesearch | [2024-09-12T09:38:17.561+00:00][7][4004][app-server][INFO]: Elastic APM agent is disabled
Do u have some idea ? I really dont know how to fix it
Thx !