Hi here I want to run Elastic and Kibana by docker compose but when it runs I get:
Kibana server is not ready yet.
Here is my docker ps -a
docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c19bf038aae9 focker.ir/kibana/kibana:8.13.4 "/bin/tini -- /usr/l…" 12 minutes ago Up 12 minutes 0.0.0.0:5601->5601/tcp kibana-elk
ab6f430d9049 focker.ir/elasticsearch/elasticsearch:8.13.4 "/bin/tini -- /usr/l…" 52 minutes ago Up 52 minutes 0.0.0.0:9200->9200/tcp, 0.0.0.0:9300->9300/tcp ELK_LG
My elasticsearch configuration:
version: '3.7'
services:
elasticsearch-elk:
image: focker.ir/elasticsearch/elasticsearch:8.13.4
container_name: ${NODE_NAME}
restart: unless-stopped
hostname: ${NODE_NAME}
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 131072
hard: 131072
nproc: 8192
fsize: -1
networks:
- elk-network
ports:
- 9200:9200/tcp
- 9300:9300/tcp
volumes:
- $PWD/var/lib/elasticsearch:/usr/share/elasticsearch/data
- $PWD/etc/certs:/usr/share/elasticsearch/config/certificates
environment:
ES_JAVA_OPTS: '-Xms12g -Xmx12g'
ELASTIC_PASSWORD: ${ELASTIC_PASSWORD}
cluster.name: single-node-cluster
node.name: elasticsearch-elk
bootstrap.memory_lock: 'true'
network.bind_host: 0.0.0.0
network.publish_host: 172.31.0.74
http.port: 9200
discovery.type: single-node
indices.query.bool.max_clause_count: 8192
search.max_buckets: 250000
action.destructive_requires_name: 'true'
xpack.security.http.ssl.key: /usr/share/elasticsearch/config/certificates/node.key
xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/certificates/node.pem
xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config/certificates/root-ca.pem
xpack.security.http.ssl.verification_mode: 'none'
xpack.security.http.ssl.enabled: 'true'
xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/certificates/node.key
xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/certificates/node.pem
xpack.security.transport.ssl.certificate_authorities: /usr/share/elasticsearch/config/certificates/root-ca.pem
xpack.security.transport.ssl.verification_mode: 'none'
xpack.security.transport.ssl.enabled: 'true'
xpack.security.enabled: 'true'
xpack.security.audit.enabled: 'false'
networks:
elk-network:
external: true
My docker compose for kibana:
version: '3.7'
services:
kibana:
image: focker.ir/kibana/kibana:8.13.4
container_name: kibana-elk
restart: unless-stopped
hostname: KIB_NODE_ELK
networks:
- elk-network
ports:
- 5601:5601/tcp
environment:
SERVER_NAME: 'KIB_NODE_ELK'
SERVER_HOST: '0.0.0.0'
SERVER_PORT: 5601
ELASTICSEARCH_HOSTS: 'https://172.22.0.2:9200'
ELASTICSEARCH_USERNAME: 'kibana_system'
ELASTICSEARCH_PASSWORD: 'oxe2NqMmH3nNTL'
ELASTICSEARCH_SSL_VERIFICATIONMODE: 'none'
ELASTICSEARCH_REQUESTTIMEOUT: 180000
ELASTICSEARCH_SHARDTIMEOUT: 180000
XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY: 'oM9K5fl3nbvW0eHG9M6V9xpzMq4DpIUk'
XPACK_SECURITY_ENCRYPTIONKEY: 'a3V9op6LF0Rbpl8VZlPr0sJtiWp2NvcH'
XPACK_REPORTING_ENCRYPTIONKEY: '8lfPqWmTYnRmVs0J1u7iLxGVnx1nTmDr'
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "10"
networks:
elk-network:
external: true
and also here is docker network inspect
[
{
"Name": "elk-network",
"Id": "59102b6438e42a7cdb7370bf32ab31d9c684ddc37af9e6a305b6a8503fcebc9c",
"Created": "2024-05-15T10:17:33.212808194+03:30",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.22.0.0/16",
"Gateway": "172.22.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"ab6f430d9049283a02409acd2abf41553e571f5a973ed6c7c6138da31bf3645e": {
"Name": "ELK_LG",
"EndpointID": "3b60af61d274fa56a9706c37fb80b49cc614c2a46ac89858e79b67ca1a1a750d",
"MacAddress": "02:42:ac:16:00:02",
"IPv4Address": "172.22.0.2/16",
"IPv6Address": ""
},
"c19bf038aae98277c9a6d605e8e7cbf09885288689ccafbec74088ac9a3ca9e6": {
"Name": "kibana-elk",
"EndpointID": "7da0a0cdfb6ba629b0e2e22515e81e8b90f849f99fed25f0f878ee2a17c36a50",
"MacAddress": "02:42:ac:16:00:03",
"IPv4Address": "172.22.0.3/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
and my .env file that is not production:
ELASTIC_USER=elastic
ELASTIC_PASSWORD=oxe2NqMmH3nNTL
NODE_NAME=ELK_LG
and finaly here is my log for kibana container:
docker logs -f kibana-elk
Kibana is currently running with legacy OpenSSL providers enabled! For details and instructions on how to disable see https://www.elastic.co/guide/en/kibana/8.13/production.html#openssl-legacy-provider
{"log.level":"info","@timestamp":"2024-05-15T09:21:52.836Z","log.logger":"elastic-apm-node","ecs.version":"8.10.0","agentVersion":"4.4.0","env":{"pid":7,"proctitle":"/usr/share/kibana/bin/../node/bin/node","os":"linux 5.15.0-105-generic","arch":"x64","host":"KIB_NODE_ELK","timezone":"UTC+00","runtime":"Node.js v20.12.2"},"config":{"active":{"source":"start","value":true},"breakdownMetrics":{"source":"start","value":false},"captureBody":{"source":"start","value":"off","commonName":"capture_body"},"captureHeaders":{"source":"start","value":false},"centralConfig":{"source":"start","value":false},"contextPropagationOnly":{"source":"start","value":true},"environment":{"source":"start","value":"production"},"globalLabels":{"source":"start","value":[["git_rev","f5dc24d1969f80e4aa3ced7cc375dd00554f8c0c"]],"sourceValue":{"git_rev":"f5dc24d1969f80e4aa3ced7cc375dd00554f8c0c"}},"logLevel":{"source":"default","value":"info","commonName":"log_level"},"metricsInterval":{"source":"start","value":120,"sourceValue":"120s"},"serverUrl":{"source":"start","value":"https://kibana-cloud-apm.apm.us-east-1.aws.found.io/","commonName":"server_url"},"transactionSampleRate":{"source":"start","value":0.1,"commonName":"transaction_sample_rate"},"captureSpanStackTraces":{"source":"start","sourceValue":false},"secretToken":{"source":"start","value":"[REDACTED]","commonName":"secret_token"},"serviceName":{"source":"start","value":"kibana","commonName":"service_name"},"serviceVersion":{"source":"start","value":"8.13.4","commonName":"service_version"}},"activationMethod":"require","message":"Elastic APM Node.js Agent v4.4.0"}
Native global console methods have been overridden in production environment.
[2024-05-15T09:21:55.363+00:00][INFO ][root] Kibana is starting
[2024-05-15T09:21:55.448+00:00][INFO ][node] Kibana process configured with roles: [background_tasks, ui]
[2024-05-15T09:22:06.687+00:00][INFO ][plugins-service] The following plugins are disabled: "cloudChat,cloudExperiments,cloudFullStory,profilingDataAccess,profiling,securitySolutionServerless,serverless,serverlessObservability,serverlessSearch".
[2024-05-15T09:22:06.793+00:00][INFO ][http.server.Preboot] http server running at http://0.0.0.0:5601
[2024-05-15T09:22:06.993+00:00][INFO ][plugins-system.preboot] Setting up [1] plugins: [interactiveSetup]
[2024-05-15T09:22:07.080+00:00][WARN ][config.deprecation] The default mechanism for Reporting privileges will work differently in future versions, which will affect the behavior of this cluster. Set "xpack.reporting.roles.enabled" to "false" to adopt the future behavior before upgrading.
[2024-05-15T09:22:11.606+00:00][INFO ][plugins-system.standard] Setting up [149] plugins: [devTools,translations,share,screenshotMode,usageCollection,telemetryCollectionManager,telemetryCollectionXpack,taskManager,kibanaUsageCollection,cloud,newsfeed,savedObjectsFinder,noDataPage,monitoringCollection,licensing,mapsEms,globalSearch,globalSearchProviders,features,guidedOnboarding,banners,licenseApiGuard,customBranding,ftrApis,fieldFormats,expressions,screenshotting,esUiShared,customIntegrations,contentManagement,dataViews,home,searchprofiler,painlessLab,management,spaces,security,telemetry,licenseManagement,snapshotRestore,lists,files,encryptedSavedObjects,eventLog,actions,notifications,cloudDataMigration,advancedSettings,grokdebugger,console,bfetch,data,savedObjectsTagging,savedObjectsManagement,unifiedSearch,graph,alerting,embeddable,uiActionsEnhanced,savedSearch,presentationUtil,expressionShape,expressionRevealImage,expressionRepeatImage,expressionMetric,expressionImage,controls,fileUpload,ingestPipelines,ecsDataQualityDashboard,dataViewFieldEditor,dataViewManagement,charts,watcher,visualizations,visTypeXy,visTypeVislib,visTypeVega,visTypeTimeseries,visTypeTimelion,visTypeTagcloud,visTypeTable,visTypeMetric,visTypeMarkdown,visTypeHeatmap,inputControlVis,expressionTagcloud,expressionPartitionVis,visTypePie,expressionMetricVis,expressionLegacyMetricVis,expressionHeatmap,expressionGauge,visTypeGauge,eventAnnotation,expressionXY,dashboard,lens,triggersActionsUi,transform,stackConnectors,stackAlerts,ruleRegistry,cases,timelines,sessionView,kubernetesSecurity,threatIntelligence,metricsDataAccess,aiops,links,discover,reporting,canvas,fleet,osquery,logsExplorer,indexManagement,rollup,remoteClusters,crossClusterReplication,indexLifecycleManagement,datasetQuality,cloudSecurityPosture,cloudDefend,discoverEnhanced,maps,dataVisualizer,ml,observabilityAIAssistant,logsShared,observabilityLogsExplorer,enterpriseSearch,observability,uptime,synthetics,observabilityOnboarding,elasticAssistant,securitySolution,securitySolutionEss,dashboardEnhanced,apmDataAccess,infra,upgradeAssistant,monitoring,logstash,assetManager,apm,ux]
[2024-05-15T09:22:11.900+00:00][INFO ][plugins.taskManager] TaskManager is identified by the Kibana UUID: e45dd955-125c-450e-8fcb-2ae4a1b863fd
[2024-05-15T09:22:12.416+00:00][INFO ][custom-branding-service] CustomBrandingService registering plugin: customBranding
[2024-05-15T09:22:13.222+00:00][WARN ][plugins.screenshotting.config] Chromium sandbox provides an additional layer of protection, but is not supported for Linux Ubuntu 20.04 OS. Automatically setting 'xpack.screenshotting.browser.chromium.disableSandbox: true'.
[2024-05-15T09:22:13.713+00:00][WARN ][plugins.security.config] Session cookies will be transmitted over insecure connections. This is not recommended.
[2024-05-15T09:22:13.754+00:00][WARN ][plugins.security.config] Session cookies will be transmitted over insecure connections. This is not recommended.
[2024-05-15T09:22:13.990+00:00][INFO ][plugins.encryptedSavedObjects] Hashed 'xpack.encryptedSavedObjects.encryptionKey' for this instance: +rW6aIzGO0BucOtdK6SaIjrcIqw3Lr+VwtL7U3j3C68=
[2024-05-15T09:22:14.199+00:00][INFO ][plugins.notifications] Email Service Error: Email connector not specified.
[2024-05-15T09:22:14.551+00:00][INFO ][plugins.alerting] using indexes and aliases for persisting alerts
[2024-05-15T09:22:17.617+00:00][INFO ][plugins.cloudSecurityPosture] Registered task successfully [Task: cloud_security_posture-stats_task]
[2024-05-15T09:22:21.650+00:00][INFO ][plugins.securitySolution.endpoint:user-artifact-packager:1.0.0] Registering endpoint:user-artifact-packager task with timeout of [20m], interval of [60s] and policy update batch size of [25]
[2024-05-15T09:22:22.262+00:00][INFO ][plugins.assetManager] Server is NOT enabled
[2024-05-15T09:22:22.885+00:00][ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. security_exception
Root causes:
security_exception: unable to authenticate user [kibana_system] for REST request [/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip]
[2024-05-15T09:22:23.818+00:00][INFO ][plugins.screenshotting.chromium] Browser executable: /usr/share/kibana/node_modules/@kbn/screenshotting-plugin/chromium/headless_shell-linux_x64/headless_shell
Can you solve my problem?I realy need your help!
This is a certificate issue. If you create single node cluster in docker, elasticsearch comes up with certificate authority (ca). It is needed for Kibana, Elasticsearch and other beats to communicate with each other.
Certificates and keys are generated for the transport and HTTP layers. The Transport Layer Security (TLS) configuration settings are written to elasticsearch.yml. A password is generated for the elastic user. An enrollment token is generated for Kibana.
If you want to create multi node cluster please follow these instructions here: https://www.elastic.co/guide/en/elasticsearch/reference/8.6/docker.html
The script in command section creates .crt and .key certificates out of .ca which you need to use in your docker compose.