如何运行需要elasticsearch验证的beat容器

6uxekuva  于 2021-06-10  发布在  ElasticSearch
关注(0)|答案(1)|浏览(482)

主要目的:我想使用logstash来收集依赖于远程服务器的日志文件。
我的麋鹿堆栈是使用docker-compose.yml创建的

version: '3.3'
services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.5.1
    ports:
      - "9200:9200"
      - "9300:9300"
    volumes:
      - '/share/elk/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro'
    environment:
      ES_JAVA_OPTS: "-Xmx512m -Xms256m"
      ELASTIC_PASSWORD: changeme
      discovery.type: single-node
    networks:
      - elk
    deploy:
      mode: replicated
      replicas: 1
  logstash:
    image: docker.elastic.co/logstash/logstash:7.5.1
    ports:
      - "5000:5000"
      - "9600:9600"
    volumes:
      - '/share/elk/logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml:ro'
      - '/share/elk/logstash/pipeline/logstash.conf:/usr/share/logstash/pipeline/logstash.conf:ro'
    environment:
      LS_JAVA_OPTS: "-Xmx512m -Xms256m"
    networks:
      - elk
    deploy:
      mode: replicated
      replicas: 1

  kibana:
    image: docker.elastic.co/kibana/kibana:7.5.1
    ports:
      - "5601:5601"
    volumes:
      - '/share/elk/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml:ro'
    networks:
      - elk
    deploy:
      mode: replicated
      replicas: 1

networks:
  elk:
    driver: overlay

然后我想在目标主机上安装一个filebeat,以便将日志发送到elk主机。

docker run docker.elastic.co/beats/filebeat-oss:7.5.1 setup \
-E setup.kibana.host=x.x.x.x:5601  \
-E ELASTIC_PASSWORD="changeme" \
-E output.elasticsearch.hosts=["x.x.x.x:9200"]

但一旦按下回车键,就会出现错误

Exiting: Couldn't connect to any of the configured Elasticsearch hosts. Errors: [Error connection to Elasticsearch http://x.x.x.x:9200: 401 Unauthorized: {"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}]

也试过了 -E ELASTICS_USERNAME="elastic" 错误仍然存在

eqzww0vc

eqzww0vc1#

您应该在下面提到的es docker image的环境变量下禁用基本的x-pack安全性,默认情况下在elasticsearch 7.x版本中启用,并启动es docker容器。

xpack.security.enabled : false

在这之后,不需要通过 ES 你也可以从你的es环境中移除下面的内容。变量:

ELASTIC_PASSWORD: changeme

相关问题