我正在使用 Elasticsearch v.6.2.4 的 Docker 映像。我的问题是安装了 X-Pack,但它不要求提供凭据。
我知道 X-Pack 已安装,如下所示:
我正在使用 Elasticsearch v.6.2.4 的 Docker 映像。我的问题是安装了 X-Pack,但它不要求提供凭据。
我知道 X-Pack 已安装,如下所示:
Xpack 附带的 Elasticsearch 安全功能不是免费的,有一个月的试用版,然后是付费版。
但是根据这个弹性博客,它从版本(6.8.0 和 7.1.0)开始是免费的。
我写这个答案是为了用 docker-compose 激活免费的 Elasticsearch 安全功能。
请记住,在使用以下代码时,Kibana 和 Elasticsearch 节点都使用用户名和密码是安全的,因此访问 Elasticsearch 的其余客户端必须具有凭据,这个答案会有所帮助。
那是我的代码:
version: '3'
services:
create_certs:
container_name: create_certs
image: docker.elastic.co/elasticsearch/elasticsearch:6.8.0
command: >
bash -c '
if [[ ! -f ./config/certificates/elastic-certificates.p12 ]]; then
bin/elasticsearch-certutil cert -out config/certificates/elastic-certificates.p12 -pass ""
fi;
chown -R 1000:0 /usr/share/elasticsearch/config/certificates
'
user: "0"
working_dir: /usr/share/elasticsearch
volumes: ['certs:/usr/share/elasticsearch/config/certificates']
elasticsearch:
container_name: elasticsearch
depends_on: [create_certs]
image: docker.elastic.co/elasticsearch/elasticsearch:6.8.0
environment:
- cluster.name=docker-cluster
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- ELASTIC_PASSWORD=MyPassword # password for default user: elastic
- xpack.security.enabled=true
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.keystore.path=/usr/share/elasticsearch/config/certificates/elastic-certificates.p12
- xpack.security.transport.ssl.truststore.path=/usr/share/elasticsearch/config/certificates/elastic-certificates.p12
volumes: ['esdata:/usr/share/elasticsearch/data', 'certs:/usr/share/elasticsearch/config/certificates']
ulimits:
nofile:
soft: 65536
hard: 65536
memlock:
soft: -1
hard: -1
ports:
- "9200:9200"
kibana:
container_name: kibana
depends_on: [elasticsearch]
image: docker.elastic.co/kibana/kibana:6.8.0
environment:
- ELASTICSEARCH_USERNAME=elastic
- ELASTICSEARCH_PASSWORD=MyPassword
ports:
- "5601:5601"
volumes: {"esdata", "certs"}
更新环境变量 t enable true
environment:
- "discovery.type=single-node"
- ELASTIC_USERNAME=elastic
- ELASTIC_PASSWORD=MagicWord
- xpack.security.enabled=true
这是docker-compose.yml
elasticseaarch 和 kibana 的示例文件
version: '3.4'
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.16.2
container_name: elasticsearch
environment:
- "discovery.type=single-node"
- ELASTIC_USERNAME=elastic
- ELASTIC_PASSWORD=MagicWord
- xpack.security.enabled=true
ports:
- 9200:9200
- 9300:9300
networks:
- elastic
kibana:
image: docker.elastic.co/kibana/kibana:7.16.2
container_name: kibana
environment:
- ELASTICSEARCH_URL="http://elasticsearch:9200"
- ELASTIC_USERNAME=elastic
- ELASTIC_PASSWORD=MagicWord
- xpack.security.enabled=true
links:
- elasticsearch
ports:
- 5601:5601
networks:
- elastic
depends_on:
- elasticsearch
networks:
elastic:
driver: bridge
也许我来得太晚了......但我今天遇到了这个问题,挖掘发现你不必设置用户,只需设置密码。这是 docker-compose 文件
version: '3.6'
services:
elasticsearchNode:
image: elasticsearch:$STACK_VERSION
container_name: elasticsearchNode
environment:
discovery.type: 'single-node'
ELASTIC_PASSWORD: $ELK_PASS
cluster.name: 'dockercluster'
node.name: 'node-master'
bootstrap.memory_lock: 'true'
ES_JAVA_OPTS: '-Xms512m -Xmx512m'
xpack.security.enabled: 'true'
ports:
- 9200:9200
- 9300:9300
networks:
- docker_elk_node
volumes:
esdataNode:
networks:
docker_elk_node:
和 .env 文件
COMPOSE_PROJECT_NAME=es
STACK_VERSION=7.6.0
ELK_PASS=MyPassWord
将 elasticsearch 环境更改为 elasticsearch:7.14.0 的“ELASTIC_USERNAME”和“ELASTIC_PASSWORD”
version: '3.4'
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.14.0
container_name: elasticsearch
environment:
- "discovery.type=single-node"
- ELASTIC_USERNAME=elastic
- ELASTIC_PASSWORD=MagicWord
- xpack.security.enabled=true
ports:
- 32769:9200
- 32770:9300
networks:
- elastic
kibana:
image: docker.elastic.co/kibana/kibana:7.14.0
container_name: kibana
environment:
- ELASTICSEARCH_URL="http://elasticsearch:9200"
- ELASTICSEARCH_USERNAME=elastic
- ELASTICSEARCH_PASSWORD=MagicWord
- xpack.security.enabled=true
links:
- elasticsearch
ports:
- 5601:5601
networks:
- elastic
depends_on:
- elasticsearch
networks:
elastic:
driver: bridge
附上elasticsearch > 7.x的简单配置。
Elasticsearch 期望用户“弹性”。
elasticsearch:
container_name: search
image: elasticsearch:7.10.1
restart: always
ports:
- 9200:9200
- 9300:9300
environment:
- "discovery.type=single-node"
- xpack.security.enabled=true
- ELASTIC_PASSWORD=YOUR_PASSWORD