Answer a question

I was referring to example given in the elasticsearch documentation for starting elastic stack (elastic and kibana) on docker using docker compose. It gives example of docker compose version 2.2 file. So, I tried to convert it to docker compose version 3.8 file. Also, it creates three elastic nodes and has security enabled. I want to keep it minimal to start with. So I tried to turn off security and also reduce the number of elastic nodes to 2. This is how my current compose file looks like:

version: "3.8"

services:  
  es01:
    image: docker.elastic.co/elasticsearch/elasticsearch:8.0.0-amd64
    volumes:
      - esdata01:/usr/share/elasticsearch/data
    ports:
      - 9200:9200
    environment:
      - node.name=es01
      - cluster.name=docker-cluster
      - cluster.initial_master_nodes=es01
      - bootstrap.memory_lock=true
      - xpack.security.enabled=false
    deploy:
      resources:
        limits:
          memory: 1g 
    
    ulimits:
      memlock:
        soft: -1
        hard: -1
    healthcheck:
      # [
      #   "CMD-SHELL",
      #   # "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
      # ]

      # Changed to:
      test: ["CMD-SHELL", "curl -f http://localhost:9200 || exit 1"]

      interval: 10s
      timeout: 10s
      retries: 120
  kibana:
    depends_on:
      - es01
    image: docker.elastic.co/kibana/kibana:8.0.0-amd64
    volumes:
      - kibanadata:/usr/share/kibana/data
    ports:
      - 5601:5601
    environment:
      - SERVERNAME=kibana
      - ELASTICSEARCH_HOSTS=https://localhost:9200
    deploy:
      resources:
        limits:
          memory: 1g
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120
volumes:
  esdata01:
    driver: local
  kibanadata:
    driver: local

Then, I tried to run it:

docker stack deploy -c docker-compose.nosec.noenv.yml elk
Creating network elk_default
Creating service elk_es01
Creating service elk_kibana

When I tried to check their status, it displayed following:

$ docker container list
CONTAINER ID   IMAGE                                                       COMMAND                  CREATED         STATUS                            PORTS                NAMES
3dcd08134e38   docker.elastic.co/kibana/kibana:8.0.0-amd64                 "/bin/tini -- /usr/l…"   3 minutes ago   Up 3 minutes (health: starting)   5601/tcp             elk_kibana.1.ng8aspz9krfnejfpsnqzl2sci
7b548a43c45c   docker.elastic.co/elasticsearch/elasticsearch:8.0.0-amd64   "/bin/tini -- /usr/l…"   3 minutes ago   Up 3 minutes (healthy)            9200/tcp, 9300/tcp   elk_es01.1.d9a107j6wkz42shti3n6kpfmx
            

I noticed that kibana's status gets stuck at (health: starting). When I checked Kibana's logs with command docker service logs -f elk_kibana, it had following WARN and ERROR lines:

[WARN ][plugins.security.config] Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[WARN ][plugins.security.config] Session cookies will be transmitted over insecure connections. This is not recommended.
[WARN ][plugins.security.config] Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[WARN ][plugins.security.config] Session cookies will be transmitted over insecure connections. This is not recommended.
[WARN ][plugins.reporting.config] Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.reporting.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[WARN ][plugins.reporting.config] Found 'server.host: "0.0.0.0"' in Kibana configuration. Reporting is not able to use this as the Kibana server hostname. To enable PNG/PDF Reporting to work, 'xpack.reporting.kibanaServer.hostname: localhost' is automatically set in the configuration. You can prevent this message by adding 'xpack.reporting.kibanaServer.hostname: localhost' in kibana.yml.
[ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. connect ECONNREFUSED 127.0.0.1:9200

It seems that kibana is not able to connect with Elasticsearch, but why? Is it because of disabling of security and that we cannot have security disabled?

PS-1: Earlier, when I set elasticsearch host as follows in kibana's environment in the docker compose file:

ELASTICSEARCH_HOSTS=https://es01:9200  # that is 'es01' instead of `localhost`

it gave me following error:

[ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. getaddrinfo ENOTFOUND es01

So, after checking this question, I changed es01 to localhost as specified earlier (that is in complete docker compose file content before PS-1.)

PS-2: Replacing localhost with 192.168.0.104 gives following error

[ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. connect ECONNREFUSED 192.168.0.104:9200
[ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. write EPROTO 140274197346240:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:

Answers

Try this :

ELASTICSEARCH_HOSTS=http://es01:9200

I don't know why it can run in my PC, since Elasticsearch is supossed use SSL. But in your case using http working just fine.

Logo

欢迎大家访问Elastic 中国社区。由Elastic 资深布道师,Elastic 认证工程师,认证分析师,认证可观测性工程师运营管理。

更多推荐