0

我正在尝试设置 Filebeats/Elasticsearch/Kibana 来监控我的应用程序的日志文件。

我在下面有一个相当少的组合显示。

当我访问 localhost:19200 时,我能够在启用安全性之前获得弹性搜索响应。现在,它提示我登录。但是,不接受elasticchange也不接受。 kibanachangeme

尝试使用curlby更改密码

curl  -XPOST -u elastic:changeme 'localhost:19200/_security/user/elastic/_password' -H "Content-Type: application/json" -d "{
  \"password\" : \"insecure\"
}"

也因身份验证错误而失败。

从服务器日志中,错误是

elasticsearch_1 | {"type": "server", "timestamp": "2019-09-16T20:59:06,588+0000", "level": "INFO", "component": "o.e.x.s.a.AuthenticationService", "cluster.name": "compass", "node.name": "node-1", "cluster.uuid": "RZ_T1pT5Tp--3Jm8q89NVw", "node.id": "Q-lFQ58gRGOPPOEyzy6Vrw", "message": "Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]" }

返回的 JSONcurl

{"error":{"root_cause":[{"type":"security_exception","reason":"failed to authenticate user [elastic]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"failed to authenticate user [elastic]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}

我究竟做错了什么?

码头工人-compose.yml

version: "2.4"

services:
  # Accumulate logs into elasticstack
  elasticsearch:
    image: "docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION}"
    environment:
      - http.host=0.0.0.0
      - transport.host=127.0.0.1
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms${ES_JVM_HEAP} -Xmx${ES_JVM_HEAP}"
    mem_limit: ${ES_MEM_LIMIT}
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ./config/elasticsearch/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
      - data:/usr/share/elasticsearch/data

      #Port 9200 is available on the host. Need to for user to access as well as Packetbeat
    ports: ['19200:9200']
    #Healthcheck to confirm availability of ES. Other containers wait on this.
    healthcheck:
      test: ["CMD", "curl","-s" ,"-f", "-u", "elastic:${ES_PASSWORD}", "http://localhost:9200/_cat/health"]
    #Internal network for the containers
    networks: ['stack']

volumes:
  #Es data
  data:
    driver: local
networks: {stack: {}}

.env

#ELK Stack
ELASTIC_VERSION=7.3.2
ES_PASSWORD=insecure
ES_MEM_LIMIT=2g
ES_JVM_HEAP=1024m

配置/elasticsearch/elasticsearch.yml

cluster.name: compass
node.name: node-1
path.data: /usr/share/elasticsearch/data
http.port: 9200
network.host: 0.0.0.0
xpack.security:
  enabled: true
  transport.ssl.enabled: true
4

1 回答 1

1

您应该在启用安全性时设置内置用户密码,使用

./bin/elasticsearch-setup-passwords interactive

请参阅https://www.elastic.co/guide/en/elastic-stack-overview/current/get-started-built-in-users.html

于 2019-09-17T10:33:58.560 回答