dockerでelastiflowを構築するときにkibanaが動作しない
elastiflowをdockerで構築しようと思っています。下記の公式のドキュメントを参考にしました。
https://docs.elastiflow.com/docs/elasticsearch_xsmall
ブラウザでkibanaに入ろうとすると"Kibana server is not ready yet"と表示されました。kibanaのログを見てみると"Unable to retrieve version information from Elasticsearch nodes"と表示されます。通信自体ができないのかと思ってkibanaのコンテナにアタッチし、elasticsearchへpingしてみましたが応答が帰ってきたので普通に通信できてるようです。
elasticsearchのログは"Authentication of [kibana_system] was terminated by realm [reserved] - failed to authenticate user [kibana_system]"と表示されていました。そもそも"kibana_system"も"CHANGEME"も公式が示しているdocker-composeに書かれてあったものなので、デフォルト値であり、こちらが何もしなくてもこの値であれば特に変更しなくても認証されると思っていたのですが違うのでしょうか?それに関する言及が公式ドキュメント上に一切なく途方に暮れています。だれかELKに詳しい方教えていただけないでしょうか?
yml
version: '3' services: kibana: image: docker.elastic.co/kibana/kibana:7.13.1 restart: unless-stopped hostname: kibana # network_mode: bridge networks: elastic: proxy_network: ports: # HTTP/REST - 5601:5601/tcp environment: TZ: Asia/Tokyo VIRTUAL_HOST: hogehoge.com VIRTUAL_PORT: 5601 TELEMETRY_ENABLED: 'false' NEWSFEED_ENABLED: 'false' SERVER_NAME: 'kibana' SERVER_HOST: '0.0.0.0' SERVER_PORT: 5601 SERVER_MAXPAYLOADBYTES: 8388608 ELASTICSEARCH_HOSTS: 'http://elasticsearch:9200' ELASTICSEARCH_USERNAME: 'kibana_system' ELASTICSEARCH_PASSWORD: 'CHANGEME' ELASTICSEARCH_REQUESTTIMEOUT: 132000 ELASTICSEARCH_SHARDTIMEOUT: 120000 ELASTICSEARCH_SSL_VERIFICATIONMODE: 'none' KIBANA_AUTOCOMPLETETIMEOUT: 3000 KIBANA_AUTOCOMPLETETERMINATEAFTER: 2500000 VIS_TYPE_VEGA_ENABLEEXTERNALURLS: 'true' XPACK_MAPS_SHOWMAPVISUALIZATIONTYPES: 'true' XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY: 'ElastiFlow_0123456789_0123456789_0123456789' elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch:7.13.1 container_name: elasticsearch restart: unless-stopped hostname: elasticsearch ulimits: memlock: soft: -1 hard: -1 nofile: soft: 131072 hard: 131072 nproc: 8192 fsize: -1 networks: elastic: ports: - 9200:9200/tcp volumes: - ./elasticsearch:/usr/share/elasticsearch/data - ./certs:/usr/share/elasticsearch/config/certificates environment: ES_JAVA_OPTS: '-Xms2g -Xmx2g' ELASTIC_PASSWORD: 'CHANGEME' cluster.name: elastiflow node.name: elasticsearch bootstrap.memory_lock: 'true' network.host: 0.0.0.0 http.port: 9200 discovery.type: 'single-node' indices.query.bool.max_clause_count: 8192 search.max_buckets: 250000 action.destructive_requires_name: 'true' reindex.remote.whitelist: '*:*' reindex.ssl.verification_mode: 'none' xpack.security.http.ssl.enabled: 'false' xpack.monitoring.collection.enabled: 'true' xpack.monitoring.collection.interval: 30s xpack.security.enabled: 'true' xpack.security.audit.enabled: 'false' # ElastiFlow Unified Flow Collector flow-collector: image: elastiflow/flow-collector:5.3.5 container_name: flow-collector restart: 'unless-stopped' network_mode: 'host' volumes: - /etc/elastiflow:/etc/elastiflow environment: EF_FLOW_SERVER_UDP_IP: '0.0.0.0' EF_FLOW_SERVER_UDP_PORT: 9995 EF_FLOW_DECODER_ENRICH_IPADDR_METADATA_ENABLE: 'false' EF_FLOW_DECODER_ENRICH_DNS_ENABLE: 'true' EF_FLOW_DECODER_ENRICH_DNS_NAMESERVER_IP: '1.1.1.1' EF_FLOW_DECODER_ENRICH_DNS_NAMESERVER_TIMEOUT: 3000 EF_FLOW_DECODER_ENRICH_MAXMIND_ASN_ENABLE: 'false' EF_FLOW_DECODER_ENRICH_MAXMIND_GEOIP_ENABLE: 'false' EF_FLOW_DECODER_ENRICH_RISKIQ_ASN_ENABLE: 'false' EF_FLOW_DECODER_ENRICH_RISKIQ_THREAT_ENABLE: 'false # Elasticsearch EF_FLOW_OUTPUT_ELASTICSEARCH_ENABLE: 'true' EF_FLOW_OUTPUT_ELASTICSEARCH_ECS_ENABLE: 'false' EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_SHARDS: 1 EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_REPLICAS: 0 # A comma separated list of Elasticsearch nodes to use. DO NOT include "http://" or "https://" EF_FLOW_OUTPUT_ELASTICSEARCH_ADDRESSES: '127.0.0.1:9200' EF_FLOW_OUTPUT_ELASTICSEARCH_USERNAME: 'kibana_system' EF_FLOW_OUTPUT_ELASTICSEARCH_PASSWORD: 'CHANGEME' EF_FLOW_OUTPUT_ELASTICSEARCH_TLS_ENABLE: 'false' EF_FLOW_OUTPUT_ELASTICSEARCH_TLS_SKIP_VERIFICATION: 'false' EF_FLOW_OUTPUT_ELASTICSEARCH_TLS_CA_CERT_FILEPATH: '' # Splunk EF_FLOW_OUTPUT_SPLUNK_HEC_ENABLE: 'false' EF_FLOW_OUTPUT_SPLUNK_HEC_ADDRESSES: '127.0.0.1:8088' EF_FLOW_OUTPUT_SPLUNK_HEC_TOKEN: '' # Logz.io EF_FLOW_OUTPUT_LOGZIO_ENABLE: 'false' EF_FLOW_OUTPUT_LOGZIO_ADDRESSES: 'listener.logz.io:8070' EF_FLOW_OUTPUT_LOGZIO_TOKEN: '' # Kafka EF_FLOW_OUTPUT_KAFKA_ENABLE: 'false' EF_FLOW_OUTPUT_KAFKA_BROKERS: '' #EF_FLOW_OUTPUT_KAFKA_VERSION: '1.0.0' #EF_FLOW_OUTPUT_KAFKA_TOPIC: 'elastiflow-flow-codex' #EF_FLOW_OUTPUT_KAFKA_PARTITION_KEY: 'flow.export.ip.addr' #EF_FLOW_OUTPUT_KAFKA_CLIENT_ID: 'elastiflow-flowcoll' #EF_FLOW_OUTPUT_KAFKA_RACK_ID: '' #EF_FLOW_OUTPUT_KAFKA_TIMEOUT: 30 EF_FLOW_OUTPUT_KAFKA_SASL_ENABLE: 'false' # Cribl EF_FLOW_OUTPUT_CRIBL_ENABLE: 'false' EF_FLOW_OUTPUT_CRIBL_ADDRESSES: '127.0.0.1:10080' EF_FLOW_OUTPUT_CRIBL_TOKEN: '' # RiskIQ EF_FLOW_OUTPUT_RISKIQ_ENABLE: 'false' networks: elastic: driver: bridge driver_opts: com.docker.network.bridge.enable_icc: "true" proxy_network: external: true
まだ回答がついていません
会員登録して回答してみよう