时间戳

首页 > 解决方案 > 如何运行需要 Elasticsearch 身份验证的节拍容器

elasticsearch - 如何运行需要 Elasticsearch 身份验证的节拍容器

问题描述

主要目的:我想使用 Logstash 来收集依赖于远程服务器的日志文件。

我的 ELK 堆栈是使用 docker-compose.yml 创建的

version: '3.3'
services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.5.1
    ports:
      - "9200:9200"
      - "9300:9300"
    volumes:
      - '/share/elk/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro'
    environment:
      ES_JAVA_OPTS: "-Xmx512m -Xms256m"
      ELASTIC_PASSWORD: changeme
      discovery.type: single-node
    networks:
      - elk
    deploy:
      mode: replicated
      replicas: 1
  logstash:
    image: docker.elastic.co/logstash/logstash:7.5.1
    ports:
      - "5000:5000"
      - "9600:9600"
    volumes:
      - '/share/elk/logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml:ro'
      - '/share/elk/logstash/pipeline/logstash.conf:/usr/share/logstash/pipeline/logstash.conf:ro'
    environment:
      LS_JAVA_OPTS: "-Xmx512m -Xms256m"
    networks:
      - elk
    deploy:
      mode: replicated
      replicas: 1
      
  kibana:
    image: docker.elastic.co/kibana/kibana:7.5.1
    ports:
      - "5601:5601"
    volumes:
      - '/share/elk/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml:ro'
    networks:
      - elk
    deploy:
      mode: replicated
      replicas: 1

networks:
  elk:
    driver: overlay

然后我想在目标主机上安装一个 filebeat,以便将日志发送到 ELK 主机。

docker run docker.elastic.co/beats/filebeat-oss:7.5.1 setup \
-E setup.kibana.host=x.x.x.x:5601  \
-E ELASTIC_PASSWORD="changeme" \
-E output.elasticsearch.hosts=["x.x.x.x:9200"]

但是一旦按回车,就会发生错误

Exiting: Couldn't connect to any of the configured Elasticsearch hosts. Errors: [Error connection to Elasticsearch http://x.x.x.x:9200: 401 Unauthorized: {"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}]

也试过-E ELASTICS_USERNAME="elastic"错误仍然存​​在

标签: elasticsearchdocker-composeelastic-stackfilebeat

解决方案

您应该禁用在 Elasticsearch 7.X 版本中默认启用的基本 x-pack 安全性,在 ES docker 映像的环境变量下,如下所述并启动 ES docker 容器。

xpack.security.enabled : false

在此之后,无需传递ES信用,您也可以从 ES 环境中删除以下内容。变量:

ELASTIC_PASSWORD: changeme

推荐阅读