Git Product home page Git Product logo

docker-elasticsearch's Introduction

Hi there, I'm Guillaume ๐Ÿ‘‹

I'm currently responsible for technology at Peaks.

githubstats

docker-elasticsearch's People

Contributors

bertrandmartel avatar johnkchiu avatar khezen avatar mickaelperrin avatar pentago avatar ptqa avatar quantonganh avatar vijayrx avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

ca91 masiipond michaloo orinciog summer0nguyen siemonster mickaelperrin quantonganh sansusan sh777 tdi lander2k2 sarra-bouhenni mark-monserrat diegodelemos bertrandmartel slima yupengyan appsrv four-dots frekele iahmad-khan junkgui tiagoreichert xiaomin0322 vijaygkd gboddin audriusb ptqa valdemon johnkchiu wrhb123 hoadq-1371 lrx0014 jala-dx alysonfranklin eanfs jguittard z4ck404 yahiakhedr z00228441 hassj vijaykrishnaa614 j0131n

docker-elasticsearch's Issues

Misconfiguration loopback

Unchanged configuration file, at startup:

elasticsearch             | [2017-04-03T00:48:47,536][WARN ][o.e.d.z.UnicastZenPing   ] [ezwfxYV] failed to resolve host [['127.0.0.1']
elasticsearch             | java.lang.IllegalArgumentException: Invalid bracketed host/port range: ['127.0.0.1'
elasticsearch             | 	at org.elasticsearch.transport.TcpTransport.parse(TcpTransport.java:831) ~[elasticsearch-5.3.0.jar:5.3.0]
elasticsearch             | 	at org.elasticsearch.transport.TcpTransport.addressesFromString(TcpTransport.java:812) ~[elasticsearch-5.3.0.jar:5.3.0]
elasticsearch             | 	at org.elasticsearch.transport.TransportService.addressesFromString(TransportService.java:665) ~[elasticsearch-5.3.0.jar:5.3.0]
elasticsearch             | 	at org.elasticsearch.discovery.zen.UnicastZenPing.lambda$null$0(UnicastZenPing.java:212) ~[elasticsearch-5.3.0.jar:5.3.0]
elasticsearch             | 	at java.util.concurrent.FutureTask.run(FutureTask.java:266) ~[?:1.8.0_121]
elasticsearch             | 	at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:544) [elasticsearch-5.3.0.jar:5.3.0]
elasticsearch             | 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_121]
elasticsearch             | 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_121]
elasticsearch             | 	at java.lang.Thread.run(Thread.java:745) [?:1.8.0_121]
elasticsearch             | [2017-04-03T00:48:47,570][WARN ][o.e.d.z.UnicastZenPing   ] [ezwfxYV] failed to resolve host ['[::1]']]
elasticsearch             | java.lang.IllegalArgumentException: IPv6 addresses must be bracketed: '[::1]']
elasticsearch             | 	at org.elasticsearch.transport.TcpTransport.parse(TcpTransport.java:846) ~[elasticsearch-5.3.0.jar:5.3.0]
elasticsearch             | 	at org.elasticsearch.transport.TcpTransport.addressesFromString(TcpTransport.java:812) ~[elasticsearch-5.3.0.jar:5.3.0]
elasticsearch             | 	at org.elasticsearch.transport.TransportService.addressesFromString(TransportService.java:665) ~[elasticsearch-5.3.0.jar:5.3.0]
elasticsearch             | 	at org.elasticsearch.discovery.zen.UnicastZenPing.lambda$null$0(UnicastZenPing.java:212) ~[elasticsearch-5.3.0.jar:5.3.0]
elasticsearch             | 	at java.util.concurrent.FutureTask.run(FutureTask.java:266) ~[?:1.8.0_121]
elasticsearch             | 	at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:544) [elasticsearch-5.3.0.jar:5.3.0]
elasticsearch             | 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_121]
elasticsearch             | 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_121]
elasticsearch             | 	at java.lang.Thread.run(Thread.java:745) [?:1.8.0_121]

Stalling for elasticsearch

I am running the docker image on openshift cluster, and am getting exactly the same error as #15 . I wonder what was the solution for that ?

command ``gosu`` not found when using elasticsearch 6.0

Hello,
I upgraded elasticsearch from version 5.5.0 to 6.0 using docker image https://hub.docker.com/r/khezen/elasticsearch/tags/ and I get this error in the log:

/run/entrypoint.sh: line 16: gosu: command not found
/run/entrypoint.sh: line 17: gosu: command not found
/run/entrypoint.sh: line 22: gosu: command not found
Stalling for Elasticsearch...

gosu command is used
https://github.com/khezen/docker-elasticsearch/blob/master/src/entrypoint.sh#L16
but seems that it has not installed yet. Please help me to confirm.
thanks a lot

Version 6.X stuck Stalling for Elasticsearch...

Using the example docker-compose file in the readme. Works well with version 5, but stalls on version 6

elasticsearch_1  |      at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:323) ~[elasticsearch-6.2.2.jar:6.2.2]
elasticsearch_1  |      at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:121) ~[elasticsearch-6.2.2.jar:6.2.2]
elasticsearch_1  |      ... 6 more
elasticsearch_1  | Stalling for Elasticsearch...
elasticsearch_1  | Stalling for Elasticsearch...
elasticsearch_1  | Stalling for Elasticsearch...
elasticsearch_1  | Stalling for Elasticsearch...
elasticsearch_1  | Stalling for Elasticsearch...
elasticsearch_1  | Stalling for Elasticsearch...
elasticsearch_1  | Stalling for Elasticsearch...
elasticsearch_1  | Stalling for Elasticsearch...
elasticsearch_1  | Stalling for Elasticsearch...
elasticsearch_1  | Stalling for Elasticsearch...
elasticsearch_1  | Stalling for Elasticsearch...
elasticsearch_1  | Stalling for Elasticsearch...
elasticsearch_1  | Stalling for Elasticsearch...
elasticsearch_1  | Stalling for Elasticsearch...
elasticsearch_1  | Stalling for Elasticsearch...
elasticsearch_1  | Stalling for Elasticsearch...
elasticsearch_1  | Stalling for Elasticsearch...
elasticsearch_1  | Stalling for Elasticsearch...
elasticsearch_1  | Stalling for Elasticsearch...
elasticsearch_1  | Stalling for Elasticsearch...
elasticsearch_1  | Stalling for Elasticsearch...
elasticsearch_1  | Stalling for Elasticsearch...
elasticsearch_1  | Stalling for Elasticsearch...
elasticsearch_1  | Stalling for Elasticsearch...
elasticsearch_1  | Stalling for Elasticsearch...

Clean 'docker-compose up' throws error

Hello!
First of all, thank you for this repo, @khezen. This project is great!
Well, I could not up the environment with the following docker compose.
It throws this error:

Failed to load plugin class [com.floragunn.searchguard.SearchGuardPlugin]];
(...)
Unable to read /usr/share/elasticsearch/config/searchguard/ssl/d21ee5e02672-keystore.jks
(...)
Please make sure this files exists and is readable regarding to permissions];

When I list the keystore on container he have another name 5f3a9c3d072d-keystore.jks. I really dont know why this happens, because the entrypoint.sh is executed when the container up. So:

Moment HostName
Error log d21ee5e02672
File 5f3a9c3d072d
Container 4ff518b865da

Do you have a hit?

The docker-compose.yml:

version: '2'
services:
    elasticsearch:
        build: ../
        environment:
            ELASTIC_PWD: changeme
            KIBANA_PWD: changeme
        volumes:
            - /data/elasticsearch:/usr/share/elasticsearch/data
            - /etc/elasticsearch:/usr/share/elasticsearch/config
        ports:
             - "9200:9200"
             - "9300:9300"
        network_mode: bridge
        restart: always

The log:

elasticsearch_1  | Stalling for Elasticsearch...
elasticsearch_1  | [2017-06-05T15:33:34,847][INFO ][o.e.n.Node               ] [d21ee5e02672] initializing ...
elasticsearch_1  | [2017-06-05T15:33:35,048][INFO ][o.e.e.NodeEnvironment    ] [d21ee5e02672] using [1] data paths, mounts [[/usr/share/elasticsearch/data (tmpfs)]], net usable_space [835.8mb], net total_space [990.1mb], spins? [no], types [tmpfs]
elasticsearch_1  | [2017-06-05T15:33:35,048][INFO ][o.e.e.NodeEnvironment    ] [d21ee5e02672] heap size [1007.3mb], compressed ordinary object pointers [true]
elasticsearch_1  | [2017-06-05T15:33:35,050][INFO ][o.e.n.Node               ] [d21ee5e02672] node name [d21ee5e02672], node ID [z4lJ0LIhQMOzsNrm47L1tw]
elasticsearch_1  | [2017-06-05T15:33:35,051][INFO ][o.e.n.Node               ] [d21ee5e02672] version[5.4.0], pid[15], build[780f8c4/2017-04-28T17:43:27.229Z], OS[Linux/4.9.27-moby/amd64], JVM[Oracle Corporation/OpenJDK 64-Bit Server VM/1.8.0_131/25.131-b11]
elasticsearch_1  | [2017-06-05T15:33:36,203][INFO ][c.f.s.SearchGuardPlugin  ] Clustername: elasticsearch-default
elasticsearch_1  | [2017-06-05T15:33:36,253][INFO ][c.f.s.SearchGuardPlugin  ] Node [d21ee5e02672] is a transportClient: false/tribeNode: false/tribeNodeClient: false
elasticsearch_1  | [2017-06-05T15:33:36,260][INFO ][c.f.s.SearchGuardPlugin  ] FLS/DLS module not available
elasticsearch_1  | [2017-06-05T15:33:36,275][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] Open SSL not available (this is not an error, we simply fallback to built-in JDK SSL) because of java.lang.ClassNotFoundException: io.netty.internal.tcnative.SSL
elasticsearch_1  | [2017-06-05T15:33:36,279][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.version: 1.8.0_131
elasticsearch_1  | [2017-06-05T15:33:36,279][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.vendor: Oracle Corporation
elasticsearch_1  | [2017-06-05T15:33:36,280][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.vm.specification.version: 1.8
elasticsearch_1  | [2017-06-05T15:33:36,280][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.vm.specification.vendor: Oracle Corporation
elasticsearch_1  | [2017-06-05T15:33:36,281][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.vm.specification.name: Java Virtual Machine Specification
elasticsearch_1  | [2017-06-05T15:33:36,281][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.vm.name: OpenJDK 64-Bit Server VM
elasticsearch_1  | [2017-06-05T15:33:36,282][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.vm.vendor: Oracle Corporation
elasticsearch_1  | [2017-06-05T15:33:36,282][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.specification.version: 1.8
elasticsearch_1  | [2017-06-05T15:33:36,282][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.specification.vendor: Oracle Corporation
elasticsearch_1  | [2017-06-05T15:33:36,283][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.specification.name: Java Platform API Specification
elasticsearch_1  | [2017-06-05T15:33:36,283][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] os.name: Linux
elasticsearch_1  | [2017-06-05T15:33:36,283][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] os.arch: amd64
elasticsearch_1  | [2017-06-05T15:33:36,284][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] os.version: 4.9.27-moby
elasticsearch_1  | [2017-06-05T15:33:36,444][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] JVM supports the following 82 ciphers for https [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_DH_anon_WITH_AES_256_GCM_SHA384, TLS_DH_anon_WITH_AES_128_GCM_SHA256, TLS_DH_anon_WITH_AES_256_CBC_SHA256, TLS_ECDH_anon_WITH_AES_256_CBC_SHA, TLS_DH_anon_WITH_AES_256_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA256, TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_RSA_WITH_NULL_SHA256, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_RSA_WITH_NULL_SHA, TLS_ECDH_ECDSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_anon_WITH_NULL_SHA, SSL_RSA_WITH_NULL_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5]
elasticsearch_1  | [2017-06-05T15:33:36,451][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] JVM supports the following 82 ciphers for transport [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_DH_anon_WITH_AES_256_GCM_SHA384, TLS_DH_anon_WITH_AES_128_GCM_SHA256, TLS_DH_anon_WITH_AES_256_CBC_SHA256, TLS_ECDH_anon_WITH_AES_256_CBC_SHA, TLS_DH_anon_WITH_AES_256_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA256, TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_RSA_WITH_NULL_SHA256, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_RSA_WITH_NULL_SHA, TLS_ECDH_ECDSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_anon_WITH_NULL_SHA, SSL_RSA_WITH_NULL_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5]
elasticsearch_1  | [2017-06-05T15:33:36,454][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] Config directory is /usr/share/elasticsearch/config/, from there the key- and truststore files are resolved relatively
elasticsearch_1  | [2017-06-05T15:33:36,564][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [d21ee5e02672] uncaught exception in thread [main]
elasticsearch_1  | org.elasticsearch.bootstrap.StartupException: ElasticsearchException[Failed to load plugin class [com.floragunn.searchguard.SearchGuardPlugin]]; nested: InvocationTargetException; nested: ElasticsearchException[Unable to read /usr/share/elasticsearch/config/searchguard/ssl/d21ee5e02672-keystore.jks (/usr/share/elasticsearch/config/searchguard/ssl/d21ee5e02672-keystore.jks) Please make sure this files exists and is readable regarding to permissions];
elasticsearch_1  |      at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:127) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:114) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:67) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:122) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      at org.elasticsearch.cli.Command.main(Command.java:88) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:91) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:84) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  | Caused by: org.elasticsearch.ElasticsearchException: Failed to load plugin class [com.floragunn.searchguard.SearchGuardPlugin]
elasticsearch_1  |      at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:430) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:383) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:139) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      at org.elasticsearch.node.Node.<init>(Node.java:309) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      at org.elasticsearch.node.Node.<init>(Node.java:242) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      at org.elasticsearch.bootstrap.Bootstrap$6.<init>(Bootstrap.java:242) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:242) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:360) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:123) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      ... 6 more
elasticsearch_1  | Caused by: java.lang.reflect.InvocationTargetException
elasticsearch_1  |      at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
elasticsearch_1  |      at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
elasticsearch_1  |      at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
elasticsearch_1  |      at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[?:1.8.0_131]
elasticsearch_1  |      at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:419) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:383) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:139) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      at org.elasticsearch.node.Node.<init>(Node.java:309) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      at org.elasticsearch.node.Node.<init>(Node.java:242) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      at org.elasticsearch.bootstrap.Bootstrap$6.<init>(Bootstrap.java:242) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:242) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:360) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:123) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      ... 6 more
elasticsearch_1  | Caused by: org.elasticsearch.ElasticsearchException: Unable to read /usr/share/elasticsearch/config/searchguard/ssl/d21ee5e02672-keystore.jks (/usr/share/elasticsearch/config/searchguard/ssl/d21ee5e02672-keystore.jks) Please make sure this files exists and is readable regarding to permissions
elasticsearch_1  |      at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.checkStorePath(DefaultSearchGuardKeyStore.java:690) ~[?:?]
elasticsearch_1  |      at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.initSSLConfig(DefaultSearchGuardKeyStore.java:203) ~[?:?]
elasticsearch_1  |      at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.<init>(DefaultSearchGuardKeyStore.java:150) ~[?:?]
elasticsearch_1  |      at com.floragunn.searchguard.SearchGuardPlugin.<init>(SearchGuardPlugin.java:205) ~[?:?]
elasticsearch_1  |      at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
elasticsearch_1  |      at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
elasticsearch_1  |      at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
elasticsearch_1  |      at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[?:1.8.0_131]
elasticsearch_1  |      at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:419) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:383) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:139) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      at org.elasticsearch.node.Node.<init>(Node.java:309) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      at org.elasticsearch.node.Node.<init>(Node.java:242) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      at org.elasticsearch.bootstrap.Bootstrap$6.<init>(Bootstrap.java:242) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:242) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:360) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:123) ~[elasticsearch-5.4.0.jar:5.4.0]
elasticsearch_1  |      ... 6 more
elasticsearch_1  | Stalling for Elasticsearch...
elasticsearch_1  | Stalling for Elasticsearch...
elasticsearch_1  | Stalling for Elasticsearch...
elasticsearch_1  | Stalling for Elasticsearch...

Optional SSL

Doing https at ES level might not the best the idea, even more with a self signed SSL cert.

I'm running a https://docs.traefik.io/ in front of it. Which do a better job of secure with SSL (using real letsencrypt cert).

There should be an environment variable to not bind https on port 9200.

Multi Node on GCE

Hi,
It might be that i don't understand something how TLS should work in general.

I am setting up a production cluster on dockers in GCE (google cloud) with the gce discovery plugin. Every node on the startup generates all he certificates. So no node would connect with another failing on SSL and unknown_certificate exception.
I did resolve that issue where I am generating all the certificates in the docker image which is stored than i our private google container repository. So the node comes up and does not have to generate anything.
The question here is did i misunderstood something about security and the means how searchguard should work in general ?

I also think there is bug in the issue-31.yml thats a snippet from it.

    es-data:
        build: ../
        environment:
          SYSCTL_KEY: vm.max_map_count
          SYSCTL_VALUE: '262144'
          HEAP_SIZE: 1g
          CLUSTER_NAME: condor-es
          HOSTS: es-master
          NODE_DATA: 'true'
          NODE_INGEST: 'false'
          NODE_MASTER: 'false'
          NODE_NAME: ''
          ELASTIC_PWD: changeme
          KIBANA_PWD: changeme
          LOGSTASH_PWD: changeme
          BEATS_PWD: changeme
          CA_PWD: changeme
          TS_PWD: changeme
          KS_PWD: changeme
          HOSTS: 0.0.0.0, [::3]

HOSTS is repeated twice and last value overrides the actual es-master so i ran that example and didnt see that the nodes actually connect with each other.

EDIT:

I actually improved that a little bit.
I removed the node certificate generation from the gen_all.sh which is run inside the Dockerfile , and the node certificate generation running it on the node startup. The node are able to communicate with each other and each node has a different certificate

failed to find manifest for elasticsearch:5.4.1

Hi,

When I run docker-compose up from the Test folder. It complains that there is no manifest for elasticsearch:5.4.1

[root@container01 test]# docker-compose up
Building elasticsearch
Step 1/15 : FROM elasticsearch:5.4.1
ERROR: Service 'elasticsearch' failed to build: manifest for elasticsearch:5.4.1 not found

If I edit the Docker file to build from docker.elastic.co/elasticsearch/elasticsearch:5.4.1 instead I get a bunch of other errors with regards to permissions.

elastalert_1 ... ImportError: No module named botocore.session

Hi,
first: thanks to the author for great work for all of us.
However :) - we tried to follow your instruction on debian to run the ELK. Kibama seems to be working fine, however I'm not able to connect to elastic. Neither from kibana nor code. From kibana it says "no permissions for indices:data/read/search".
We found some alerts in logs. Can it cause the problem? (we left all credentials in default)

elastalert_1 | Dload Upload Total Spent Left Speed
100 340 100 340 0 0 6210 0 --:--:-- --:--:-- --:--:-- 6296
elastalert_1 | { "name" : "ab199d2af982", "cluster_name" : "elasticsearch-default", "cluster_uuid" : "Wn5FGOtUS6ObiU5aoQM3iQ", "version" : { "number" : "5.4.0", "build_hash" : "780f8c4", "build_date" : "2017-04-28T17:43:27.229Z", "build_snapshot" : false, "lucene_version" : "6.5.0" }, "tagline" : "You Know, for Search" }
elastalert_1 | Traceback (most recent call last):
elastalert_1 | File "/usr/local/bin/elastalert-create-index", line 6, in
elastalert_1 | from pkg_resources import load_entry_point
elastalert_1 | File "build/bdist.linux-x86_64/egg/pkg_resources/init.py", line 3019, in
elastalert_1 | File "build/bdist.linux-x86_64/egg/pkg_resources/init.py", line 3003, in _call_aside
elastalert_1 | File "build/bdist.linux-x86_64/egg/pkg_resources/init.py", line 3032, in _initialize_master_working_set
elastalert_1 | File "build/bdist.linux-x86_64/egg/pkg_resources/init.py", line 657, in _build_master
elastalert_1 | File "build/bdist.linux-x86_64/egg/pkg_resources/init.py", line 670, in _build_from_requirements
elastalert_1 | File "build/bdist.linux-x86_64/egg/pkg_resources/init.py", line 854, in resolve
elastalert_1 | pkg_resources.ContextualVersionConflict: (requests 2.4.3 (/usr/lib/python2.7/dist-packages), Requirement.parse('requests>=2.10.0'), set(['jira']))
elastalert_1 | $@
elastalert_1 | Traceback (most recent call last):
elastalert_1 | File "/elastalert/elastalert/elastalert.py", line 18, in
elastalert_1 | import kibana
elastalert_1 | File "/elastalert/elastalert/kibana.py", line 4, in
elastalert_1 | from util import EAException
elastalert_1 | File "/elastalert/elastalert/util.py", line 8, in
elastalert_1 | from auth import Auth
elastalert_1 | File "/elastalert/elastalert/auth.py", line 3, in
elastalert_1 | import boto3
elastalert_1 | File "/usr/local/lib/python2.7/dist-packages/boto3-1.4.4-py2.7.egg/boto3/init.py", line 16, in
elastalert_1 | from boto3.session import Session
elastalert_1 | File "/usr/local/lib/python2.7/dist-packages/boto3-1.4.4-py2.7.egg/boto3/session.py", line 17, in
elastalert_1 | import botocore.session
elastalert_1 | ImportError: No module named botocore.session

340 0 0 6503 0 --:--:-- --:--:-- --:--:-- 6538
elastalert_1 | { "name" : "ab199d2af982", "cluster_name" : "elasticsearch-default", "cluster_uuid" : "Wn5FGOtUS6ObiU5aoQM3iQ", "version" : { "number" : "5.4.0", "build_hash" : "780f8c4", "build_date" : "2017-04-28T17:43:27.229Z", "build_snapshot" : false, "lucene_version" : "6.5.0" }, "tagline" : "You Know, for Search" }
kibana_1 | {"type":"response","@timestamp":"2017-05-16T07:21:16Z","tags":[],"pid":34,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"localhost:5601","user-agent":"Links (2.8; Linux 3.16.0-4-amd64 x86_64; GNU C 4.9.1; text)","accept":"/","accept-language":"en,;q=0.1","accept-encoding":"gzip,deflate,bzip2,lzma,lzma2","accept-charset":"us-ascii,ISO-8859-1,ISO-8859-2,ISO-8859-3,ISO-8859-4,ISO-8859-5,ISO-8859-6,ISO-8859-7,ISO-8859-8,ISO-8859-9,ISO-8859-10,ISO-8859-13,ISO-8859-14,ISO-8859-15,ISO-8859-16,windows-1250,windows-1251,windows-1252,windows-1256,windows-1257,cp437,cp737,cp850,cp852,cp866,x-cp866-u,x-mac,x-mac-ce,x-kam-cs,koi8-r,koi8-u,koi8-ru,TCVN-5712,VISCII,utf-8","connection":"keep-alive"},"remoteAddress":"172.18.0.1","userAgent":"172.18.0.1"},"res":{"statusCode":302,"responseTime":2,"contentLength":9},"message":"GET / 302 2ms - 9.0B"}
kibana_1 | {"type":"response","@timestamp":"2017-05-16T07:21:16Z","tags":[],"pid":34,"method":"get","statusCode":200,"req":{"url":"/searchguard/login?nextUrl=%2F","method":"get","headers":{"host":"localhost:5601","user-agent":"Links (2.8; Linux 3.16.0-4-amd64 x86_64; GNU C 4.9.1; text)","accept":"/","accept-language":"en,;q=0.1","accept-encoding":"gzip,deflate,bzip2,lzma,lzma2","accept-charset":"us-ascii,ISO-8859-1,ISO-8859-2,ISO-8859-3,ISO-8859-4,ISO-8859-5,ISO-8859-6,ISO-8859-7,ISO-8859-8,ISO-8859-9,ISO-8859-10,ISO-8859-13,ISO-8859-14,ISO-8859-15,ISO-8859-16,windows-1250,windows-1251,windows-1252,windows-1256,windows-1257,cp437,cp737,cp850,cp852,cp866,x-cp866-u,x-mac,x-mac-ce,x-kam-cs,koi8-r,koi8-u,koi8-ru,TCVN-5712,VISCII,utf-8","connection":"keep-alive"},"remoteAddress":"172.18.0.1","userAgent":"172.18.0.1"},"res":{"statusCode":200,"responseTime":7,"contentLength":9},"message":"GET /searchguard/login?nextUrl=%2F 200 7ms - 9.0B"}

Thank you for any hints. I'm quite new in linux/docker/elk.
M.C.

Not yet initialized (you may need to run sgadmin)

  • I use docker image: khezen/elasticsearch:5.3.1
  • but I found error log of elasticsearch
  • Description of log
    2017-05-09T11:56:35.22964146Z [2017-05-09T11:56:35,229][INFO ][o.e.n.Node ] [elasticsearch-logging-v1-0r56b] started
    2017-05-09T11:56:36.828061781Z Stalling for Elasticsearch...
    2017-05-09T11:56:38.328989174Z [2017-05-09T11:56:38,328][ERROR][c.f.s.a.BackendRegistry ] Not yet initialized (you may need to run sgadmin)
    2017-05-09T11:56:43.452094244Z % Total % Received % Xferd Average Speed Time Time Time Current
    2017-05-09T11:56:43.452138248Z Dload Upload Total Spent Left Speed
    2017-05-09T11:56:43.472471808Z [2017-05-09T11:56:43,472][WARN ][c.f.s.h.SearchGuardHttpServerTransport] [elasticsearch-logging-v1-0r56b] Someone (/0:0:0:0:0:0:0:1:36944) speaks http plaintext instead of ssl, will close the channel
    2017-05-09T11:56:43.473286809Z
    0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
    100 46 0 0 100 46 0 2301 --:--:-- --:--:-- --:--:-- 2300curl: (52) Empty reply from server

2017-05-09T11:56:56.287447766Z [2017-05-09T11:56:56,287][WARN ][c.f.s.h.SearchGuardHttpServerTransport] [elasticsearch-logging-v1-0r56b] Someone (/10.32.0.8:37386) speaks http plaintext instead of ssl, will close the channel
2017-05-09T11:56:56.701588059Z Contacting elasticsearch cluster 'kubernetes-logging' and wait for YELLOW clusterstate ...
2017-05-09T11:56:56.782818999Z Clustername: kubernetes-logging
2017-05-09T11:56:56.782857932Z Clusterstate: GREEN
2017-05-09T11:56:56.783265435Z Number of nodes: 1
2017-05-09T11:56:56.783325131Z Number of data nodes: 1
2017-05-09T11:56:58.212625742Z searchguard index does not exists, attempt to create it ... [2017-05-09T11:56:58,212][INFO ][o.e.c.m.MetaDataCreateIndexService] [elasticsearch-logging-v1-0r56b] [searchguard] creating index, cause [api], templates [], shards [1]/[1], mappings []

Do you have solutions?
Thanks a lot!

jvm.options file missing on the config folder after build

After cloning the repo from the master branch:

[root@host docker]# git clone https://github.com/khezen/docker-elasticsearch.git

Then running copying the docker-compose.yml file to the the command on the repo folder using the default docker-compose.yml but with your image khezen/elasticsearch:6.5.4

[root@host docker-elasticsearch]# cp examples/docker-compose.yml .

I made the following alterations to the docker-compose.yml file:

version: '2'
services:
    es-master:
        build: .
        environment:
            NODE_NAME: master
            ELASTIC_PWD: changeme
            KIBANA_PWD: changeme
            CLUSTER_NAME: es-sg-cluster
            #HTTP_SSl: 'false'
        volumes:
            - /data/elasticsearch:/elasticsearch/data
            - /etc/elasticsearch:/elasticsearch/config
        ports:
             - "9202:9200"
             - "9302:9300"
        network_mode: bridge
        restart: always

I stumbled upon an error after the end of the configuration of searchguard. The following error messages were displayed:

es-master_1 | Stalling for Elasticsearch...
es-master_1 | Exception in thread "main" java.nio.file.NoSuchFileException: /elasticsearch/config/jvm.options
es-master_1 | at sun.nio.fs.UnixException.translateToIOException(UnixException.java:86)
es-master_1 | at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
es-master_1 | at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
es-master_1 | at sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:214)
es-master_1 | at java.nio.file.Files.newByteChannel(Files.java:361)
es-master_1 | at java.nio.file.Files.newByteChannel(Files.java:407)
es-master_1 | at java.nio.file.spi.FileSystemProvider.newInputStream(FileSystemProvider.java:384)
es-master_1 | at java.nio.file.Files.newInputStream(Files.java:152)
es-master_1 | at org.elasticsearch.tools.launchers.JvmOptionsParser.main(JvmOptionsParser.java:60)
es-master_1 | Stalling for Elasticsearch...
es-master_1 | Stalling for Elasticsearch...
es-master_1 | Stalling for Elasticsearch...

SOLUTION: add the jvm.options to the defined default /etc/elasticsearch/ folder where the volume is stored and then rerun the command docker-compose up

I guess you are deleting the file somewhere in the process, wich I have not been able to find in the Dockerfile.

Thank you.

Deprecation oft this project should be removed

You have to read the Elastic web page carefully, X-Pack is NOT under Apache 2.0 license, it's Elastic license! This means only some (More or less basic monitoring) features of X-Pack is in free tire: https://www.elastic.co/subscriptions
Security and auth is NOT in free tire! So this image will stay important for users who want to use Search guard with ES 6.3!

no such file or directory

No matter what I do, I get:

standard_init_linux.go:190: exec user process caused "no such file or directory"

I am running Docker on Windows 10

docker run -p 9200:9200 -p 9300:9300 -e ELASTIC_PWD=changeme -e KIBANA_PWD=changeme  khezen/elasticsearch:latest

in an Active Directory environment with shared drives enabled. I cloned the official Git repo. I loaded Docker as administrator and Powershell as administrator.

Why is this not working and how can this be fixed?

Run on Openshift cluster

Describe the bug
Not able to run on an openshift cluster

To Reproduce
Steps to reproduce the behavior:
Follow exact procedure to deploy an app from a docker hub image

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
Get a response from elasticsearch cluster

Desktop (please complete the following information):

  • OS: MacOSX leter ported to RedHat Linux
  • Browser Chrome

Smartphone (please complete the following information):
Not applicable

Additional context
None

Multi-Node Example?

Hello,

I'm trying to deploy this across a 4-host cluster where I have it setup with 3 master nodes, 1 ingest node, 1 tribe node, and 2 data nodes. The problem is that it's not clear how this should all work in a setup like this. I keep the data volume local to each host for each node type and I share a nfs volume with each host for /elasticsearch/config/searchguard/ssl so that each node can sign their certificate with the same CA root.

The problem is several layers deep:

  1. The startup scripts will clear out and regenerate ALL certificates if any "change" is detected, so password env variables need to be repeated across all node types even if they are not applicable.
  2. The startup scripts will NOT generate a certificate for a node if it thinks it already generated certificates, so if I have 7 nodes and one of them does the 'gen_all.sh' before any other container startup, then none of the other containers will generate node certificates and fail to launch - I have to manually go into each node container and run the generate script for that node (e.g. cd /elasticsearch/config/searchguard/ssl && NODE_NAME=$HOSTNAME /run/auth/certificates/gen_node_cert.sh)
  3. Even when all this is done - the cluster will not start up correctly, I get "cannot communicate" errors.

Here is my compose file (I use Rancher so some of it might be non-standard - I also use my own images which just pull from yours and adds a two ingest plugins, please ignore any mention of x-pack, that plugin is NOT installed):

version: '2'
volumes:
  elasticsearch-config:
    external: true
    driver: rancher-nfs
  es-storage-volume:
    driver: local
    per_container: true
services:
  es-storage:
    image: rawmind/alpine-volume:0.0.2-2
    environment:
      SERVICE_GID: '1000'
      SERVICE_UID: '1000'
      SERVICE_VOLUME: /elasticsearch/data
    network_mode: none
    volumes:
    - es-storage-volume:/elasticsearch/data
    labels:
      io.rancher.container.start_once: 'true'
  es-data:
    mem_limit: 2147483648
    cap_add:
    - IPC_LOCK
    image: someone1/elasticsearch-searchguard-xpack
    environment:
      HEAP_SIZE: 1g
      CLUSTER_NAME: condor-es
      HOSTS: es-master
      NODE_DATA: 'true'
      NODE_INGEST: 'false'
      NODE_MASTER: 'false'
      NODE_NAME: ''
      ELASTIC_PWD: <removed>
      KIBANA_PWD: <removed>
      LOGSTASH_PWD: <removed>
      BEATS_PWD: <removed>
      CA_PWD: <removed>
      TS_PWD: <removed>
      KS_PWD: <removed>
    ulimits:
      memlock:
        hard: -1
        soft: -1
      nofile:
        hard: 65536
        soft: 65536
    volumes:
    - elasticsearch-config:/elasticsearch/config/searchguard/ssl
    volumes_from:
    - es-storage
    command:
    - -Ebootstrap.memory_lock=true
    - -Esearch.remote.connect=false
    labels:
      io.rancher.scheduler.affinity:host_label: esready=true
      io.rancher.sidekicks: es-storage,es-sysctl
      io.rancher.container.hostname_override: container_name
      io.rancher.container.pull_image: always
      io.rancher.scheduler.global: 'true'
  es-sysctl:
    privileged: true
    image: rawmind/alpine-sysctl:0.1
    environment:
      SYSCTL_KEY: vm.max_map_count
      SYSCTL_VALUE: '262144'
    network_mode: none
    labels:
      io.rancher.container.start_once: 'true'
  es-ingest:
    mem_limit: 1073741824
    cap_add:
    - IPC_LOCK
    image: someone1/elasticsearch-searchguard-xpack
    environment:
      HEAP_SIZE: 512m
      CLUSTER_NAME: condor-es
      HOSTS: es-master
      NODE_DATA: 'false'
      NODE_INGEST: 'true'
      NODE_MASTER: 'false'
      NODE_NAME: ''
      ELASTIC_PWD: <removed>
      KIBANA_PWD: <removed>
      LOGSTASH_PWD: <removed>
      BEATS_PWD: <removed>
      CA_PWD: <removed>
      TS_PWD: <removed>
      KS_PWD: <removed>
    ulimits:
      memlock:
        hard: -1
        soft: -1
      nofile:
        hard: 65536
        soft: 65536
    volumes:
    - elasticsearch-config:/elasticsearch/config/searchguard/ssl
    volumes_from:
    - es-storage
    command:
    - -Ebootstrap.memory_lock=true
    - -Esearch.remote.connect=false
    labels:
      io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
      io.rancher.sidekicks: es-storage,es-sysctl
      io.rancher.container.hostname_override: container_name
      io.rancher.container.pull_image: always
  es-tribe:
    mem_limit: 1073741824
    cap_add:
    - IPC_LOCK
    image: someone1/elasticsearch-searchguard-xpack
    environment:
      CLUSTER_NAME: condor-es
      HOSTS: es-master
      NODE_DATA: 'false'
      NODE_INGEST: 'false'
      NODE_MASTER: 'false'
      NODE_NAME: ''
      HEAP_SIZE: 512m
      ELASTIC_PWD: <removed>
      KIBANA_PWD: <removed>
      LOGSTASH_PWD: <removed>
      BEATS_PWD: <removed>
      CA_PWD: <removed>
      TS_PWD: <removed>
      KS_PWD: <removed>
    ulimits:
      memlock:
        hard: -1
        soft: -1
      nofile:
        hard: 65536
        soft: 65536
    volumes:
    - elasticsearch-config:/elasticsearch/config/searchguard/ssl
    volumes_from:
    - es-storage
    ports:
    - 9200:9200/tcp
    command:
    - -Ebootstrap.memory_lock=true
    - -Esearch.remote.connect=false
    labels:
      io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
      io.rancher.sidekicks: es-storage,es-sysctl
      io.rancher.container.hostname_override: container_name
      io.rancher.container.pull_image: always
  es-master:
    mem_limit: 1073741824
    cap_add:
    - IPC_LOCK
    image: someone1/elasticsearch-searchguard-xpack
    environment:
      HEAP_SIZE: 512m
      CLUSTER_NAME: condor-es
      MINIMUM_MASTER_NODES: '2'
      HOSTS: es-master
      NODE_DATA: 'false'
      NODE_INGEST: 'false'
      NODE_MASTER: 'true'
      NODE_NAME: ''
      ELASTIC_PWD: <removed>
      KIBANA_PWD: <removed>
      LOGSTASH_PWD: <removed>
      BEATS_PWD: <removed>
      CA_PWD: <removed>
      TS_PWD: <removed>
      KS_PWD: <removed>
    ulimits:
      memlock:
        hard: -1
        soft: -1
      nofile:
        hard: 65536
        soft: 65536
    volumes:
    - elasticsearch-config:/elasticsearch/config/searchguard/ssl
    volumes_from:
    - es-storage
    command:
    - -Ebootstrap.memory_lock=true
    - -Esearch.remote.connect=false
    labels:
      io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
      io.rancher.sidekicks: es-storage,es-sysctl
      io.rancher.container.hostname_override: container_name
      io.rancher.container.pull_image: always

Any help/guidance getting this to work would be much appreciated!

Volumes: Exception in thread "main" java.nio.file.NoSuchFileException: /elasticsearch/config/jvm.options

I am running Docker on an Ubuntu 18 server.

docker run -d --name elasticsearch --security-opt apparmor=unconfined -v /data/elasticsearch-data:/elasticsearch/data -v /data/elasticsearch-config:/elasticsearch/config -p 9200:9200 -p 9300:9300 -e ELASTIC_PWD=changeme -e KIBANA_PWD=changeme khezen/elasticsearch:latest

Before running the above command I created

  • /data/elasticsearch-data
  • /data/elasticsearch-config

on the host machine having user:docker rights (where the docker group has write rights also). However, I am getting this error:

Stalling for Elasticsearch...
Exception in thread "main" java.nio.file.NoSuchFileException: /elasticsearch/config/jvm.options
at sun.nio.fs.UnixException.translateToIOException(UnixException.java:86)
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
at sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:214)
at java.nio.file.Files.newByteChannel(Files.java:361)
at java.nio.file.Files.newByteChannel(Files.java:407)
at java.nio.file.spi.FileSystemProvider.newInputStream(FileSystemProvider.java:384)
at java.nio.file.Files.newInputStream(Files.java:152)
at org.elasticsearch.tools.launchers.JvmOptionsParser.main(JvmOptionsParser.java:60)
Stalling for Elasticsearch...

Not sure where the problem is. The setup looks OK to me. I also did a "chown 1000:1000" in the container" for the shared folders without any success. Does anyone have an idea?

SSL certificate expired for ELK v5.6

Seems the SSL certificate for ELK v5.6 is only certify 2 years long, and now it is expired.
I try to modify the signing_ca.conf, but seems is not working.
Would you please help to extend the SSL certificate(suggest for 10 yrs or 20 yrs long..), or provide the method to me to create a new SSL certificate?
Error msg provided as below FYI:

image

[2020-12-01T02:19:01,517][ERROR][c.f.s.h.SearchGuardHttpServerTransport] [NODE-1] SSL Problem Received fatal alert: certificate_unknown
javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) ~[?:?]
        at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666) ~[?:?]
        at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634) ~[?:?]
        at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1800) ~[?:?]
        at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1083) ~[?:?]
        at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907) ~[?:?]
        at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) ~[?:?]
        at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[?:1.8.0_141]
        at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:255) ~[netty-handler-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1162) ~[netty-handler-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1084) ~[netty-handler-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:489) ~[netty-codec-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:428) ~[netty-codec-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265) ~[netty-codec-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:134) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:644) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:579) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:496) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:458) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858) [netty-common-4.1.13.Final.jar:4.1.13.Final]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_141]
[2020-12-01T02:19:02,079][ERROR][c.f.s.s.t.SearchGuardSSLNettyTransport] [NODE-1] SSL Problem Received fatal alert: certificate_unknown
javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) ~[?:?]
        at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666) ~[?:?]
        at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634) ~[?:?]
        at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1800) ~[?:?]
        at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1083) ~[?:?]
        at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907) ~[?:?]
        at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) ~[?:?]
        at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[?:1.8.0_141]
        at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:255) ~[netty-handler-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1162) ~[netty-handler-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1084) ~[netty-handler-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:489) ~[netty-codec-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:428) ~[netty-codec-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265) ~[netty-codec-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:134) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:644) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:579) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:496) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:458) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858) [netty-common-4.1.13.Final.jar:4.1.13.Final]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_141]
02:19:02.079 [elasticsearch[_client_][transport_client_boss][T#4]] ERROR com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport - SSL Problem General SSLEngine problem
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
        at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1478) ~[?:1.8.0_141]
        at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) ~[?:1.8.0_141]
        at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813) ~[?:1.8.0_141]
        at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) ~[?:1.8.0_141]
        at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[?:1.8.0_141]
        at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:255) ~[netty-handler-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1162) ~[netty-handler-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1084) ~[netty-handler-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:489) ~[netty-codec-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:428) ~[netty-codec-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265) ~[netty-codec-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:134) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:644) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:579) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:496) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:458) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858) [netty-common-4.1.13.Final.jar:4.1.13.Final]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_141]
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:1.8.0_141]
        at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728) ~[?:1.8.0_141]
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:304) ~[?:1.8.0_141]
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) ~[?:1.8.0_141]
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514) ~[?:1.8.0_141]
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:1.8.0_141]
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) ~[?:1.8.0_141]
        at sun.security.ssl.Handshaker$1.run(Handshaker.java:966) ~[?:1.8.0_141]
        at sun.security.ssl.Handshaker$1.run(Handshaker.java:963) ~[?:1.8.0_141]
        at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_141]
        at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416) ~[?:1.8.0_141]
        at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1301) ~[netty-handler-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1214) ~[netty-handler-4.1.13.Final.jar:4.1.13.Final]
        ... 18 more
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
        at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:362) ~[?:1.8.0_141]
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:270) ~[?:1.8.0_141]
        at sun.security.validator.Validator.validate(Validator.java:260) ~[?:1.8.0_141]
        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:1.8.0_141]
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) ~[?:1.8.0_141]
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[?:1.8.0_141]
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1501) ~[?:1.8.0_141]
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:1.8.0_141]
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) ~[?:1.8.0_141]
        at sun.security.ssl.Handshaker$1.run(Handshaker.java:966) ~[?:1.8.0_141]
        at sun.security.ssl.Handshaker$1.run(Handshaker.java:963) ~[?:1.8.0_141]
        at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_141]
        at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416) ~[?:1.8.0_141]
        at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1301) ~[netty-handler-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1214) ~[netty-handler-4.1.13.Final.jar:4.1.13.Final]
        ... 18 more
Caused by: java.security.cert.CertPathValidatorException: **timestamp check failed**
        at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135) ~[?:1.8.0_141]
        at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:223) ~[?:1.8.0_141]
        at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:140) ~[?:1.8.0_141]
        at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79) ~[?:1.8.0_141]
        at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292) ~[?:1.8.0_141]
        at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:357) ~[?:1.8.0_141]
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:270) ~[?:1.8.0_141]
        at sun.security.validator.Validator.validate(Validator.java:260) ~[?:1.8.0_141]
        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:1.8.0_141]
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) ~[?:1.8.0_141]
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[?:1.8.0_141]
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1501) ~[?:1.8.0_141]
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:1.8.0_141]
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) ~[?:1.8.0_141]
        at sun.security.ssl.Handshaker$1.run(Handshaker.java:966) ~[?:1.8.0_141]
        at sun.security.ssl.Handshaker$1.run(Handshaker.java:963) ~[?:1.8.0_141]
        at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_141]
        at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416) ~[?:1.8.0_141]
        at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1301) ~[netty-handler-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1214) ~[netty-handler-4.1.13.Final.jar:4.1.13.Final]
        ... 18 more
Caused by: java.security.cert.CertificateExpiredException: **NotAfter: Sat Nov 28 02:24:52 UTC 2020**
        at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274) ~[?:1.8.0_141]
        at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:629) ~[?:1.8.0_141]
        at sun.security.provider.certpath.BasicChecker.verifyTimestamp(BasicChecker.java:190) ~[?:1.8.0_141]
        at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:144) ~[?:1.8.0_141]
        at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125) ~[?:1.8.0_141]
        at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:223) ~[?:1.8.0_141]
        at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:140) ~[?:1.8.0_141]
        at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79) ~[?:1.8.0_141]
        at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292) ~[?:1.8.0_141]
        at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:357) ~[?:1.8.0_141]
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:270) ~[?:1.8.0_141]
        at sun.security.validator.Validator.validate(Validator.java:260) ~[?:1.8.0_141]
        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:1.8.0_141]
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) ~[?:1.8.0_141]
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[?:1.8.0_141]
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1501) ~[?:1.8.0_141]
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:1.8.0_141]
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) ~[?:1.8.0_141]
        at sun.security.ssl.Handshaker$1.run(Handshaker.java:966) ~[?:1.8.0_141]
        at sun.security.ssl.Handshaker$1.run(Handshaker.java:963) ~[?:1.8.0_141]
        at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_141]
        at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416) ~[?:1.8.0_141]
        at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1301) ~[netty-handler-4.1.13.Final.jar:4.1.13.Final]
        at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1214) ~[netty-handler-4.1.13.Final.jar:4.1.13.Final]
        ... 18 more

Getting stuck on creating an index pattern on 6.1.1

So installed 6.1.1 fine with ElasticSearch and Kibana, but when I tried to create a Index Pattern it just sits there and does nothing. I reverted back to version 6.0.0 and there it works fine.

Looking around I found this issue in the searchguard git hub:

https://github.com/floragunncom/search-guard/issues/444

and they said the following about the issue:

This is not an error in Search Guard. We used the the original repos you mentioned above and after configuring multi tenancy everything works as expected.

However, the Dockerfiles and the especially the SG configuration in this repo is not correct:

Multi tenancy is not enabled in sg_config
The Kibana server user that is configured in kibana.yml is not configured in sg_config
There is only one Kibana role, usually you should use two, one for the Kibana serve user, one for regular Kibana users
The permissions for the Kibana server user are not correct. They especially lack the indices:admin/template* permission
the "sgtenant" HTTP header is not whitelisted in kibana.yml
After fixing all these configuration errors in the Dockerfile everything works as expected. If you need further assistance in settup up MT, please ask on the Google Groups: https://groups.google.com/forum/#!forum/search-guard

Not sure if this is something you are aware of.

Question on data volumes for elasticsearch in openshift

We just aquired enterprise liscence for Search Guard. I have got few questions below for you consideration.

  1. I have a persistent volume on my openshift cluster (I can share yaml file for this) /usr/share/elasticsearch/data. I am running elasticsearch version 6.1.4. If I use the docker image (based on 6.1.4 and 22.3 SG version) from this repo with SG enterprise features enabled and point volume (/elasticsearch/data) to same persistant storage would this work ?

  2. if the above will work based on a new version of elasticsearch and SG enterprise ?

basic auth not working

HI,
I am running the latest image using command:
docker run -d -p 9200:9200 -p 9300:9300 -e ELASTIC_PWD=admin -e KIBANA_PWD=admin khezen/elasticsearch:latest

When I try to access it on https://localhost:9200 , it asks for username password
I am giving, username: admin and password:admin, in dialog box.
But, i can't login into it.
In logs it says :

[2019-05-07T10:54:01,742][WARN ][c.f.s.a.BackendRegistry ] [NODE-1] Authentication finally failed for admin from 172.17.0.1:53408
[2019-05-07T10:55:06,934][WARN ][c.f.s.a.BackendRegistry ] [NODE-1] Authentication finally failed for admin from 172.17.0.1:53408

Expected : Json output after login

Logstash unauthorized to connect to elasticsearch

Hi,

I have successfully installed elasticsearch and kibana with searchguard.

I am now trying to add logstash, and I get unauthorized-401 error.

Here is my output config of my logstash.conf file :

output {
   elasticsearch {
      hosts => ["elasticsearch:9200"]
      index => "waziup_all_sensors-%{+YYYY.MM.dd}"
      user => logstash
      password => logstash
      ssl => true
      ssl_certificate_verification => false
      truststore => "/var/docker/es_config/searchguard/ssl/truststore.jks"
      truststore_password => pass
   }

I have set ssl certificate verification to false, otherwise it says that it is not the correct host set into the certificate (elasticsearch). But with localhost I get connection refused.

Here is my docker-compose.yml file :

version: '2'
services:
    elasticsearch:
        image: khezen/elasticsearch
        environment:
            ELASTIC_PWD: ***
            KIBANA_PWD: ***
            TS_PWD: pass
        volumes:
            - /var/docker/es_data:/elasticsearch/data
            - /var/docker/es_config:/elasticsearch/config
        ports:
             - "9200:9200"
             - "9300:9300"
        networks:
            - elk
        restart: always

    kibana:
        links:
            - elasticsearch
        image: khezen/kibana
        environment:
            KIBANA_PWD: ***
            ELASTICSEARCH_HOST: elasticsearch
            ELASTICSEARCH_PORT: 9200
        volumes:
            - /var/docker/kibana_config:/opt/kibana-6.1.1-linux-x86_64/config
            - /var/docker/es_config:/etc/elasticsearch
        ports:
             - "5601:5601"
        networks:
            - elk
        restart: always

    logstash:
        links:
            - elasticsearch
        image: docker.elastic.co/logstash/logstash-oss:6.1.2
        environment:
            LOGSTASH_PWD: logstash
            TS_PWD: pass
            ELASTICSEARCH_HOST: elasticsearch
            ELASTICSEARCH_PORT: 9200
        volumes:
            - /var/docker/logstash_pipeline:/usr/share/logstash/pipeline
            - /var/docker/es_config:/var/docker/es_config
        ports:
            - "55555:55555"
        networks:
            - elk
        restart: always

networks:
elk:
        driver: bridge

And here is the error :

logstash_1`       | [2018-01-25T09:54:04,604][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"https://logstash:xxxxxx@elasticsearch:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :error=>"Got response code '401' contacting Elasticsearch at URL 'https://elasticsearch:9200/'"}

Any help ?

Thanks

Path does not chain with any of the trust anchors

I made 3 separate master/client/data nodes - each of them using the Dockerfile.
The client node has the following config:

Name:                   es-client
Namespace:              default
CreationTimestamp:      Sat, 06 May 2017 13:10:27 +0530
Labels:                 component=elasticsearch
                        role=client
Annotations:            deployment.kubernetes.io/revision=1
                        kubectl.kubernetes.io/last-applied-configuration={"apiVersion":"extensions/v1beta1","kind":"Deployment","metadata":{"annotations":{},"labels":{"component":"elasticsearch","role":"client"},"name":"es-c...
Selector:               component=elasticsearch,role=client
Replicas:               1 desired | 1 updated | 1 total | 1 available | 0 unavailable
StrategyType:           RollingUpdate
MinReadySeconds:        0
RollingUpdateStrategy:  1 max unavailable, 1 max surge
Pod Template:
  Labels:       component=elasticsearch
                role=client
  Init Containers:
   sysctl:
    Image:      busybox
    Port:
    Command:
      sysctl
      -w
      vm.max_map_count=262144
    Environment:        <none>
    Mounts:             <none>
  Containers:
   es-client:
    Image:      es-sg:latest
    Ports:      9200/TCP, 9300/TCP
    Environment:
      NAMESPACE:         (v1:metadata.namespace)
      NODE_NAME:         (v1:metadata.name)
      CLUSTER_NAME:     elasticsearch
      NODE_MASTER:      false
      NODE_DATA:        false
      HTTP_ENABLE:      true
      ES_JAVA_OPTS:     -Xms256m -Xmx256m
    Mounts:
      /data from storage (rw)
  Volumes:
   storage:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
Conditions:
  Type          Status  Reason
  ----          ------  ------
  Available     True    MinimumReplicasAvailable
OldReplicaSets: <none>
NewReplicaSet:  <none>
Events:         <none>

and the log for this client:

Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:352) ~[?:?]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:260) ~[?:?]
at sun.security.validator.Validator.validate(Validator.java:260) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[?:?]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1501) ~[?:?]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:?]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) ~[?:?]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:966) ~[?:?]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:963) ~[?:?]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_121]
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416) ~[?:?]
at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1167) ~[?:?]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1080) ~[?:?]
... 17 more

I havent changed much in the Dockerfile except for setting a few environment variables - so I'm not sure how the certificate path is causing problems.

HTTP_SSL: "false" -> Stalling for Elasticsearch...

Hi,

Using here tag 5 and docker-compose. If I set HTTP_SSL: "false" in the yaml file, I get Stalling for Elasticsearch... forever. If I remove HTTP_SSL env variable from the file, it works as expected.

This is the docker compose file to reproduce the error:

version: '3'
services:
    elasticsearch:
        container_name: elastic
        image: khezen/elasticsearch:5
        environment:
            ELASTIC_PWD: changeme
            KIBANA_PWD: changeme
            HEAP_SIZE: 1g
            LOG_LEVEL: DEBUG
            HTTP_SSL: "false"
        volumes:
            - ./es/data:/elasticsearch/data
            - ./es/config:/elasticsearch/config
        ports:
             - "9200:9200"
             - "9300:9300"
        network_mode: bridge
        restart: always

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.