I'm trying to finish my single node setup with elasticsearch(ES) and kibana. I'm using docker-compose and ES version 7.17. I wanted to go without security however it is my understanding that adding adapters like Mongo DB, grey log requires securirty to be setup. So I followed the minimal security setup instruction (guide/en/elasticsearch/reference/7.17/security-minimal-setup.html). ES part seems to run but the kibana log complains:
{"type":"log","@timestamp":"2023-06-30T18:21:31+00:00","tags":["error","elasticsearch-
service"],"pid":7,"message":"Unable to retrieve version information from Elasticsearch nodes. security_exception: [security_exception] Reason: missing authentication credentials for REST request [/_nodes?filter_path=nodes..version%2Cnodes..http.publish_address%2Cnodes.*.ip]"}`
These
I was able to use this url in my browser myserver:9200/_nodes?filter_path=nodes..version%2Cnodes..http.publish_address%2Cnodes.*.ip
I was asked for credentials and used kibana_system, as configured in ES. So I conclude that ES security is setup correctly. Here's my docker-compose setup:
elasticsearch:
#image: elasticsearch:7.17.10
image: docker.elastic.co/elasticsearch/elasticsearch:7.17.10-arm64
container_name: elasticsearch
volumes:
- ./volumes/elasticsearch/data:/usr/share/elasticsearch/data
#- ./volumes/elasticsearch/config:/usr/share/elasticsearch/config
ports:
- 9200:9200
restart: always
environment:
- xpack.security.enabled=true
- xpack.ml.enabled=false
#- xpack.security.enabled=false
#- xpack.security.enrollment.enabled=false
- discovery.type=single-node
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
kibana:
depends_on:
- elasticsearch
#image: kibana:7.17.10
image: docker.elastic.co/kibana/kibana:7.17.10-arm64
container_name: kibana
volumes:
- ./volumes/kibana/data:/usr/share/kibana/data
ports:
- 5601:5601
restart: always
environment:
- elasticsearch.username="kibana_system"
- elasticsearch.password="password"
- elasticsearch.ssl.verificationMode="None"
#- ELASTICSEARCH_HOSTS=http://elasticsearch:9200
- ELASTICSEARCH_HOSTS=http://opi5.lan:9200
- "XPACK_APM_SERVICEMAPENABLED=true"
#XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY: d1a66dfd-c4d3-4a0a-8290-xxxxx83ab3aa
- "LOGGING_ROOT_LEVEL=error"
The kibana part of the minimal setup confuses me as it stores the password in the keystore. But I'm also providing it via docker-compose. What will be leading? I did both anyway. What am I doing wrong?