Single node elasticsearch installation with podman and IPv6

Hi all,

I am trying to install Elasticsearch by using podman on a IPv6 only host (RHEL 9.3, podman 4.6.3).

Here is my run commands for elasticsearch and kibana

podman run --name es01 --net elastic-v6 -p [1000:1400:2400::1]:9200:9200  -e http.publish_host=palantir.middle.earth -e network.host=_global:ipv6_ -it -m 4GB docker.elastic.co/elasticsearch/elasticsearch:8.11.4

podman run --name kib01 --net elastic-v6 -e SERVER_HOST=:: -p [1000:1400:2400::1]:5601:5601 docker.elastic.co/kibana/kibana:8.11.4

1000:1400:2400::1 is my host's ipv6 address

With this settings, kibana token brings the host's ip in "Configure Elastic" screen but when I press Configure Elastic button it fails and I get

Hostname/IP does not match certificate's altnames: IP: 1000:1400:2400::1 is not in the cert's list

error in Kibana logs.

If I use the following command to start Elastic pod

podman run --name es01 --net elastic-v6 -p [1000:1400:2400::1]:9200:9200  -e network.host=_global:ipv6_ -it -m 4GB docker.elastic.co/elasticsearch/elasticsearch:8.11.4
es01

This time the token brings the elastic container's ipv6 address and I can succesfully configure and login to Elasticsearch. But when the containers are restarted Kibana still tries to connect by using the previous IP and everything fails.

I tried several combinations of network|http.host|bind_host|publish_host settings but couldn't find the correct one.

Any help is much appreciated.

Hi,

have you tried to update the Elasticsearch SSL certificate to include the IP address 1000:1400:2400::1 in the SAN field? You'll need to generate a new certificate, replace the existing one, and restart Elasticsearch

Regards

Thanks @yago82, I thought about that but I was wondering if one of the parameters injects the node hostname to the certificate automatically. Worst case I will do as you mentioned.

Rgrds,

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.