Unable to setup elastic stack in docker with tls enabled

pythonredhat · December 21, 2019, 12:07pm

Followed these instructions verbatim:
https://www.elastic.co/guide/en/elastic-stack-get-started/7.5/get-started-docker.html#get-started-docker-tls

This issue is when you attempt to setup passwords this is the error received:

Failed to authenticate user 'elastic' against https://es01:9200/_security/_authenticate?pretty
Possible causes include:
 * The password for the 'elastic' user has already been changed on this cluster
 * Your elasticsearch node is running against a different keystore
   This tool used the keystore at /usr/share/elasticsearch/config/elasticsearch.keystore

ERROR: Failed to verify bootstrap password

I have tried for over two weeks tweaking the configuration, the certs, the container, the permissions. Please review these instructions. I am dying to know the answer to reset a password on this service.

pythonredhat · December 21, 2019, 12:15pm

Also setting the environmental variable for ELASTIC_PASSWORD in the docker-compose file doesn't work at all. How come this functionality doesn't work?

dadoonet · December 21, 2019, 1:34pm

It works for me very well.

Here is the docker-compose.yml file I'm using:

---
version: '3'
services:

  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.5.1
    environment:
      - bootstrap.memory_lock=true
      - discovery.type=single-node
      - ELASTIC_PASSWORD=changeme
      - xpack.security.enabled=true
    ulimits:
      memlock:
        soft: -1
        hard: -1
    ports:
      - 9200:9200
    networks: ['stack']

  kibana:
    image: docker.elastic.co/kibana/kibana:7.5.1
    environment:
      - ELASTICSEARCH_USERNAME=elastic
      - ELASTICSEARCH_PASSWORD=changeme
    ports: ['5601:5601']
    networks: ['stack']
    links: ['elasticsearch']
    depends_on: ['elasticsearch']

networks:
  stack: {}

pythonredhat · December 21, 2019, 2:34pm

David I am looking for a config that incorporates TLS certs with Xpack in Docker containers. Your configuration doesn't appear to be utilizing certificates. Any experience with this?

pythonredhat · December 21, 2019, 2:36pm

Error message in Elastic container when attempting to set the passwords:

es01                | {"type": "server", "timestamp": "2019-12-14T21:38:28,670Z", "level": "INFO", "component": "o.e.x.s.a.AuthenticationService", "cluster.name": "docker-cluster", "node.name": "es01", "message": "Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "cluster.uuid": "38P8BUwoRymc8niNyYIfuQ", "node.id": "HznRQrvZTmuk-EGr6EBqtA"  }

dadoonet · December 21, 2019, 3:07pm

No. I don't.

dadoonet · December 21, 2019, 3:08pm

Did you start with a clean data volume?

pythonredhat · December 21, 2019, 3:20pm

Yes started from scratch per these instructions:

https://www.elastic.co/guide/en/elastic-stack-get-started/7.5/get-started-docker.html#get-started-docker-tls

system · January 18, 2020, 3:20pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
SSL error in docker container Elasticsearch elastic-stack-security , docker	1	744	December 18, 2023
Elastic Password with Docker and TLS Elasticsearch docker	5	4915	May 29, 2021
Elasticsearch-setup-passwords commands with ERROR: Failed to verify bootstrap password Elasticsearch	3	13143	April 15, 2021
Elasticsearch error when trying to run bin/elasticsearch-setup-passwords Elasticsearch elastic-stack-security	6	1200	August 15, 2023
I use a certificate with a password: elastic-certificates.p12, how to add configuration to docker and docker-compose Elasticsearch elastic-stack-security , docker	3	1258	May 22, 2020

Unable to setup elastic stack in docker with tls enabled

Related Topics