0

与使用 Docker-Compose 来启动 Elasticsearch Platinum + Kibana 相比,我一直在尝试了解在使用 Docker 时遇到的问题。ES 非铂金图像工作正常。另一方面,ES Platinum 映像仅在我按提示执行 docker 命令时才有效。通过尝试使用 docker-compose 来做同样的事情,它失败了。

当我从 Docker 命令行运行以下代码时,一切正常。ES Platinum 和 Kibana 两个应用程序都运行良好且工作正常。

docker run -p 32669:9200 -p 32670:9300 -e "discovery.type=single-node" --network=elastic -e ELASTICSEARCH_USERNAME=elastic -e ELASTIC_PASSWORD=MagicWord --name elasticsearch docker.elastic.co/elasticsearch/elasticsearch-platinum:6.2.4

docker run --network=elastic --link elasticsearch:ELK -e ELASTICSEARCH_USER="elastic" -e ELASTICSEARCH_PASSWORD="MagicWord" -p 5601:5601 --name kibana docker.elastic.co/kibana/kibana:6.2.4

上面的代码工作正常。

但是,如果我使用 docker-compose 和下面的代码尝试同样的事情,它就不起作用。我尝试通过添加功能或参数来多次修改下面的代码,但无论如何它都不起作用。

    version: '3.4'

services:
  dockerexample2linux:
    image: ${DOCKER_REGISTRY}dockerexample2linux
    build:
      context: .
      dockerfile: DockerExample2Linux/Dockerfile

  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch-platinum:6.2.4
    container_name: elasticsearch
    environment:
      - "discovery.type=single-node"
      - ELASTICSEARCH_USERNAME=elastic
      - ELASTICSEARCH_PASSWORD=MagicWord
      - xpack.security.enabled=true
    ports:
      - 32769:9200
      - 32770:9300
    networks:
      - elastic

  kibana:
    image: docker.elastic.co/kibana/kibana:6.2.4
    container_name: kibana
    environment:
      - ELASTICSEARCH_URL="http://elasticsearch:9200"
      - ELASTICSEARCH_USERNAME=elastic
      - ELASTICSEARCH_PASSWORD=MagicWord
      - xpack.security.enabled=true
    links:
      - elasticsearch
    ports: 
      - 5601:5601
    networks: 
      - elastic
    depends_on: 
      - elasticsearch  

networks:
  elastic:
      driver: bridge

当我查看日志时,看起来这是 ES 中的一个简单的身份验证问题。在某些尝试中,ES 的日志将显示

[2018-04-26T17:30:25,936][INFO ][o.e.p.PluginsService     ] [t7dKNK-] loaded plugin [x-pack-upgrade]
[2018-04-26T17:30:25,936][INFO ][o.e.p.PluginsService     ] [t7dKNK-] loaded plugin [x-pack-watcher]
[2018-04-26T17:30:30,340][INFO ][o.e.x.m.j.p.l.CppLogMessageHandler] [controller/127] [Main.cc@128] controller (64 bit): Version 6.2.4 (Build 524e7fe231abc1) Copyright (c) 2018 Elasticsearch BV
[2018-04-26T17:30:33,012][INFO ][o.e.d.DiscoveryModule    ] [t7dKNK-] using discovery type [single-node]
[2018-04-26T17:30:34,759][INFO ][o.e.n.Node               ] initialized
[2018-04-26T17:30:34,759][INFO ][o.e.n.Node               ] [t7dKNK-] starting ...
[2018-04-26T17:30:35,047][INFO ][o.e.t.TransportService   ] [t7dKNK-] publish_address {172.22.0.2:9300}, bound_addresses {0.0.0.0:9300}
[2018-04-26T17:30:35,244][INFO ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [t7dKNK-] publish_address {172.22.0.2:9200}, bound_addresses {0.0.0.0:9200}
[2018-04-26T17:30:35,244][INFO ][o.e.n.Node               ] [t7dKNK-] started
[2018-04-26T17:30:35,504][INFO ][o.e.g.GatewayService     ] [t7dKNK-] recovered [0] indices into cluster_state
[2018-04-26T17:30:36,396][INFO ][o.e.l.LicenseService     ] [t7dKNK-] license [7f1ed0cc-554a-4f52-9b21-464168696d88] mode [trial] - valid
[2018-04-26T17:30:45,002][INFO ][o.e.c.m.MetaDataCreateIndexService] [t7dKNK-] [.monitoring-es-6-2018.04.26] creating index, cause [auto(bulk api)], templates [.monitoring-es], shards [1]/[0], mappings [doc]
[2018-04-26T17:30:45,330][INFO ][o.e.c.m.MetaDataCreateIndexService] [t7dKNK-] [.watches] creating index, cause [auto(bulk api)], templates [.watches], shards [1]/[0], mappings [doc]
[2018-04-26T17:30:45,511][INFO ][o.e.c.r.a.AllocationService] [t7dKNK-] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.monitoring-es-6-2018.04.26][0], [.watches][0]] ...]).
[2018-04-26T17:30:45,546][INFO ][o.e.x.w.WatcherService   ] [t7dKNK-] paused watch execution, reason [new local watcher shard allocation ids], cancelled [0] queued tasks
[2018-04-26T17:30:45,640][INFO ][o.e.c.m.MetaDataMappingService] [t7dKNK-] [.watches/a6-gyBmRTzSuvCU7MzyL2A] update_mapping [doc]
[2018-04-26T17:30:45,668][INFO ][o.e.c.m.MetaDataMappingService] [t7dKNK-] [.watches/a6-gyBmRTzSuvCU7MzyL2A] update_mapping [doc]
[2018-04-26T17:30:58,743][INFO ][o.e.x.s.a.AuthenticationService] [t7dKNK-] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]

在某些尝试中,Kibana 错误日志显示:

{"type": "log", "@ timestamp": "2018-04-26T17: 40: 34Z", "tags": "license", "warning" "message": "License information from the X-Pack plugin could not be obtained from Elasticsearch for the [data] cluster. [security_exception] failed to authenticate user [elastic], with {header = {WWW-Authenticate = \" Basic realm = \\\ "security \\\" charset = \\\ "UTF-8 \\\" \ "}} :: {\" path \ ": \" / _ xpack \ ", \" statusCode \ ": 401 , \ "response \": \ "{\\\" error \\\ ": {\\\" root_cause \\\ ": [{\\\" type \\\ ": \\\" security_exception \\ \ ", \\\" reason \\\ ": \\\" failed to authenticate user [elastic] \\\ ", \\\" header \\\ ": {\\\" WWW-Authenticate \\\ ": \\\" Basic realm = \\\\\\\ "security \\\\\\\" charset = \\\\\\\ "UTF-8 \\\\\\\" \\\ "\ n" ", \\\" failed \ "\" \ "\" \ "\" \ "\" , \\\ "header \\\": {\\\ "WWW-Authenticate \\\": \\\ "Basic realm = \\\\\\\" security \\\\\\\ "charset = \\\\\\\ "UTF-8 \\\\\\\"}}, \\\ "status \\\": 401} \ ", \" wwwAuthenticateDirective \ ": \" Basic realm = \\\ "security \\\" charset = \\\ "UTF-8 \ "

一开始我以为这个问题与我忘记的某个参数有关,但现在似乎出于某种神秘的原因,在使用 docker-compose 时,无论如何都会发生带有凭据(用户/密码)的身份验证问题。

例如,如果我去浏览器访问 ES,会弹出一个带有登录名和密码的屏幕,并且它不接受通过 docker-compose.yml 为 ES 设置的凭据。

幽灵在哪里?

4

1 回答 1

1

我遇到了同样的问题,但是,我的设置有点不同。我在 kubernetes 集群中运行 elasticsearch。我通过在密钥库中设置引导密码而不是设置环境变量来解决它ELASTIC_PASSWORD

bin/elasticsearch-keystore add "bootstrap.password"

官方文档解释了引导密码的工作原理。

于 2018-05-09T13:12:53.810 回答