无法登录到弹性搜索

Question

我正在尝试设置Filebeats/Elasticsearch/Kibana来监视我的应用程序的日志文件。

下面我有一个相当小的作曲节目。

当我进入localhost:19200时，我能够在启用安全性之前获得弹性搜索响应。现在，它促使我登录。然而，elastic和change以及kibana和changeme都不被接受。

试图用curl更改密码

curl  -XPOST -u elastic:changeme 'localhost:19200/_security/user/elastic/_password' -H "Content-Type: application/json" -d "{
  \"password\" : \"insecure\"
}"

如果身份验证错误，也会失败。

从服务器日志中，错误为

elasticsearch_1 | {"type": "server", "timestamp": "2019-09-16T20:59:06,588+0000", "level": "INFO", "component": "o.e.x.s.a.AuthenticationService", "cluster.name": "compass", "node.name": "node-1", "cluster.uuid": "RZ_T1pT5Tp--3Jm8q89NVw", "node.id": "Q-lFQ58gRGOPPOEyzy6Vrw", "message": "Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]" }

返回给curl的JSON是

{"error":{"root_cause":[{"type":"security_exception","reason":"failed to authenticate user [elastic]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"failed to authenticate user [elastic]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}

我做错了什么？

docker-compose.yml

version: "2.4"

services:
  # Accumulate logs into elasticstack
  elasticsearch:
    image: "docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION}"
    environment:
      - http.host=0.0.0.0
      - transport.host=127.0.0.1
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms${ES_JVM_HEAP} -Xmx${ES_JVM_HEAP}"
    mem_limit: ${ES_MEM_LIMIT}
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ./config/elasticsearch/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
      - data:/usr/share/elasticsearch/data

      #Port 9200 is available on the host. Need to for user to access as well as Packetbeat
    ports: ['19200:9200']
    #Healthcheck to confirm availability of ES. Other containers wait on this.
    healthcheck:
      test: ["CMD", "curl","-s" ,"-f", "-u", "elastic:${ES_PASSWORD}", "http://localhost:9200/_cat/health"]
    #Internal network for the containers
    networks: ['stack']

volumes:
  #Es data
  data:
    driver: local
networks: {stack: {}}

.env

#ELK Stack
ELASTIC_VERSION=7.3.2
ES_PASSWORD=insecure
ES_MEM_LIMIT=2g
ES_JVM_HEAP=1024m

config/elasticsearch/elasticsearch.yml

cluster.name: compass
node.name: node-1
path.data: /usr/share/elasticsearch/data
http.port: 9200
network.host: 0.0.0.0
xpack.security:
  enabled: true
  transport.ssl.enabled: true

Answer 1

启用安全性时，应设置内置用户密码，使用

./bin/elasticsearch-setup-passwords interactive

请参阅https://www.elastic.co/guide/en/elastic-stack-overview/current/get-started-built-in-users.html