Please let me know how to install xpack on docker the elasticsearch version which I am using on docker is 5.6.8 .
Xpack is built in the default docker image. See https://www.elastic.co/guide/en/elasticsearch/reference/5.6/docker.html
To use the x-pack features do I need to execute the yml file if not what configurations are necessary to go ahead and start using its features.
With this you should be ok for 30 days I think.
docker pull docker.elastic.co/elasticsearch/elasticsearch:5.6.8
docker run -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" docker.elastic.co/elasticsearch/elasticsearch:5.6.8
It does not work?
my elasticsearch is working but on kibana there is no monitoring drop down
Do I need to install x-pack for all the containers which I am using suppose I am using three different logstash containers at the same time so do I need to install for all the three.
How are you starting Kibana?
Did you install x-pack on Kibana?
I'm often using the docker-compose which is documented here:https://www.elastic.co/guide/en/elasticsearch/reference/5.6/docker.html
I already have a compose file running at the same time is it fine if I have two compose files as in one which I have made for my containers and the other one which is there in the documentation or should I combine the two
{
"error": {
"root_cause": [
{
"type": "security_exception",
"reason": "action [indices:data/read/search] is unauthorized for user [kibana]"
}
],
"type": "security_exception",
"reason": "action [indices:data/read/search] is unauthorized for user [kibana]"
},
"status": 403
}
This is the error which is prompted on kibana dev tools
curl ngauravls13:9200/_cat/indices
{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication token for REST request [/_cat/indices]","header":{"WWW-Authenticate":"Basic realm="security" charset="UTF-8""}}],"type":"security_exception","reason":"missing authentication token for REST request [/_cat/indices]","header":{"WWW-Authenticate":"Basic realm="security" charset="UTF-8""}},"status":401}%
This is the error when I try o fetch the indices
I have no idea of what you are doing. Could you share:
- All the docker compose files you are using
- All the commands you run to launch that
this is my compose file for my containers
version: '3'
services:
ls_app:
restart: on-failure:3
image: docker.io/logstash:latest
command: logstash -f /logs1/logstash_app.conf
container_name: logstash-app
links:
- es
volumes:
- ./logstash:/logs1
- /remote/backup/logs/APT/CINT:/logs
ls_fe:
restart: on-failure:3
image: docker.io/logstash:latest
command: logstash -f /logs1/logstash_fe.conf
container_name: logstash-fe
links:
- es
volumes:
- ./logstash:/logs1
- /remote/backup/logs/APT/CINT:/logs
ls_httpd:
restart: on-failure:3
image: docker.io/logstash:latest
command: logstash -f /logs1/logstash_httpd.conf
container_name: logstash-httpd
links:
- es
volumes:
- ./logstash:/logs1
- /remote/backup/logs/APT/CINT:/logs
kib:
restart: on-failure:3
image: docker.io/kibana:latest
container_name: kibana
links:
- es
ports:
- "5601:5601"
es:
restart: on-failure:3
image: docker.io/elasticsearch:latest
container_name: elasticsearch
ports:
- "9200:9200"
- "9300:9300"
~
for the installation of x-pack I used this
Hey, this is not a real issue but I spent time to install and configure x-pack plugin. If you are interested I can make a PR to add this into the documentation.
Here is my doc:
Configure X-Pack
Official documentation
Into elasticsearch/Dockerfile, install xpack plugin:
RUN elasticsearch-plugin install x-pack
Into kibana/Dockerfile, install xpack plugin:
RUN kibana-plugin install x-pack
Rebuild your stack:
docker-compose up -d --build
Generate passwords:
docker exec -it elk_elasticsearch_1 bin/x-pack/setup-passwords auto
Initiating the setup of reserved user elastic,kibana,logstash_system passwords.
The passwords will be randomly generated and printed to the console.
Please confirm that you would like to continue [y/N]y
Changed password for user kibana
PASSWORD kibana = #jLOV$W+!oPFO^~tgw
Changed password for user logstash_system
PASSWORD logstash_system = HNn8Vi3g9i_#A9c=sX%~
Changed password for user elastic
PASSWORD elastic = lOHjUOb6TOGTJODRNdMg
Add credentials to kibana/config/kibana.yml:
elasticsearch.username: "kibana"
elasticsearch.password: ""
Restart Stack:
docker-compose restart
Login with elastic user at http://localhost:5601
Create a new User for logstash pipeline
logstash_gelf
nvR9fKYKb2\yiQze5
Create a role and assign the index and all permissions
logstash_writer_role
Configure your pipeline
output {
elasticsearch {
hosts => "elasticsearch:9200"
index => "app-%{+YYYY.MM.dd}"
user => logstash_gelf
password => "nvR9fKYKb2\yiQze5"
}
}
Restart Stack to reload the configuration:
docker-compose restartI recommend using the Docker images made by us here at Elastic. They are more current than the ones available on Docker Hub (which are deprecated) and are available with X-Pack pre-installed.
3 Likes
Actually I m using version 5.6.8 of elasticsearch so the updated one which is 6.2.3 is not in the plan as of now
No problem. You could still consider using our 5.6 image though, to avoid the trouble of installing X-Pack.
docker pull docker.elastic.co/elasticsearch/elasticsearch:5.6.8
I pulled my images from here only just that i did the installation of the x-pack feature in the way as mentioned above also I have posted the errors which i m getting. There are errors 401 and 403
I am not able to get what permission problems is coming and from where is this forbidden error coming .
What I feel is logstash is not able to flow data to elasticsearch but I am not able to figure out why because when I uninstall the x-pack feature everything works fine .
It's quite difficult for us to follow exactly what you're doing.
You're posting error messages with no context about what caused them, or even which application/log file you're pulling them from.
We can provide better help if you take the time to describe exactly what you're doing, what went wrong, and what was in the relevant logs/error messages.
In this case, it looks like you have logged into Kibana as the kibana user.
That's a common mistake that new users make.
The kibana user is the user that the Kibana application uses for its own purposes when it connects to Elasticsearch. For example, it is how Kibana can tell whether your ES server is available, and whether it has security turned on. You should not log in to Kibana as that user, because it doesn't have permission to do very much (which is intentional - it has just enough access to run Kibana but no more)
You should initially login to Kibana using the elastic user. This is a superuser that can do everything.
You can use that user for everything you want to do, and always login to Kibana as elastic, but we don't recommend it. Because that user can do everything, it can make a horrible mess of your cluster if you're not careful, and one of the benefits of X-Pack security is that it can protect you from mistakes like that.
Rather, we recommend that you use the elastic user to login the first time, and then use the Kibana admin screens to create new, lower privileged users and roles that have just the permissions that you need, but nothing more. You can then safely use those users to do your work in Kibana, and you can always login as elastic if you need to make major changes.
docker exec -it elk_elasticsearch_1 bin/x-pack/setup-passwords auto
Setup-passwords is a 6.x utility. If you are running 5.6 then that command should not exist in your container.
Which specific error do you mean? You've posted a few log messages and I can't keep track of what is a current problem, versus what has been solved.
I will go step by step
for elasticsearch x-pack installation I got this
root@61da15d80409:/usr/share/elasticsearch# elasticsearch-plugin install x-pack
-> Downloading x-pack from elastic
[=================================================] 100%
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: plugin requires additional permissions @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
- java.io.FilePermission \.\pipe* read,write
- java.lang.RuntimePermission accessClassInPackage.com.sun.activation.registries
- java.lang.RuntimePermission getClassLoader
- java.lang.RuntimePermission setContextClassLoader
- java.lang.RuntimePermission setFactory
- java.net.SocketPermission * connect,accept,resolve
- java.security.SecurityPermission createPolicy.JavaPolicy
- java.security.SecurityPermission getPolicy
- java.security.SecurityPermission putProviderProperty.BC
- java.security.SecurityPermission setPolicy
- java.util.PropertyPermission * read,write
- javax.net.ssl.SSLPermission setHostnameVerifier
See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
for descriptions of what these permissions allow and the associated risks.
Continue with installation? [y/N]
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.