Open st11x opened 2 years ago
The informational message (it's not an error, that's why we print it on INFO
level and not on ERROR
level) you are getting is:
"Auto-configuration will not generate a password for the elastic built-in superuser, as we cannot determine if there is a terminal attached to the elasticsearch process. You can use the `bin/elasticsearch-reset-password` tool to set the password for the elastic user."`
You are running docker-compose up
with -d
which means : "Detached mode: Run containers in the background". When containers run in "Detached mode" then there is no terminal attached to the elasticsearch process and we don't proceed to generate and write out the password and enrollment token.
You need to run docker-compose up
without -d
, or you can use the CLI tools to get the password and kibana enrollment token:
docker exec -ti elastic_1 /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic
docker exec -ti elastic_1 /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana
I'm going to close this issue as this is expected behavior, if you don't mind. If you have further questions around configuration or how to use elasticsearch, you can reach out to our forums in https://discuss.elastic.co
Thank you for the explanation. I did use those scripts to reset the password and create the token. I was going to use the forums but was advised to create a new issue in issue 83654.
The instructions given at https://hub.docker.com/_/elasticsearch gave the example of running the container in detached mode, and did not warn that the password will not be generated. Hence, leading to the misunderstanding.
Thanks
Thanks @st11x for bringing this to our attention! We will reach out to folks in hub.docker.com and update the example there so that it won't be confusing for folks any more.
I have the following docker-compose.yml
file.
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:8.4.0
container_name: es-node01
ports:
- "9200:9200"
- "9300:9300"
kibana:
image: docker.elastic.co/kibana/kibana:8.4.0
container_name: kib-01
ports:
- "5601:5601"
When I run docker compose up
(without the -d
) I get the "Auto-configuration will not generate a password for the elastic built-in superuser..." log message and no security information is generated.
Everything works if I type the docker run
commands directly as described in Run Kibana on Docker for development. As far as I can tell, this docker-compose.yml
should be doing the same thing as those commands.
The informational message (it's not an error, that's why we print it on
INFO
level and not onERROR
level) you are getting is:"Auto-configuration will not generate a password for the elastic built-in superuser, as we cannot determine if there is a terminal attached to the elasticsearch process. You can use the `bin/elasticsearch-reset-password` tool to set the password for the elastic user."`
You are running
docker-compose up
with-d
which means : "Detached mode: Run containers in the background". When containers run in "Detached mode" then there is no terminal attached to the elasticsearch process and we don't proceed to generate and write out the password and enrollment token.You need to run
docker-compose up
without-d
, or you can use the CLI tools to get the password and kibana enrollment token:docker exec -ti elastic_1 /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic docker exec -ti elastic_1 /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana
I'm going to close this issue as this is expected behavior, if you don't mind. If you have further questions around configuration or how to use elasticsearch, you can reach out to our forums in https://discuss.elastic.co
Even I use docker-compose up without -d, It still reports "Auto-configuration will not generate a password for the elastic built-in superuser..." My version is 8.5.0 es.
@jkakavas @jerryjune I am attempting to re-open this ticket as I get the same notice without the -d
flag. I might also like to add that the solution provided by @jkakavas requires an interactive terminal which is not what will be necessary to start a remote service. I will check back here to see if any updates are provided.
Re-opening this as it reproduces for me on an M1 with docker-compose up
.
hi, i have the same problem too, docker-compose up without "-d" is not detected by elastic search container
same issue here with the latest elastic search docker image 8.12.
Basically if you run a container with docker run you will get this section printed
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✅ Elasticsearch security features have been automatically configured!
✅ Authentication is enabled and cluster connections are encrypted.
ℹ️ Password for the elastic user (reset with `bin/elasticsearch-reset-password -u elastic`):
3a9r7wdwOfglJd=ey6qs
ℹ️ HTTP CA certificate SHA-256 fingerprint:
28f284ed0e0615bba5b121739c6e5391588b4e72e20b2efa806b8fa33c825fe4
ℹ️ Configure Kibana to use this cluster:
• Run Kibana and click the configuration link in the terminal when Kibana starts.
• Copy the following enrollment token and paste it into Kibana in your browser (valid for the next 30 minutes):
eyJ2ZXIiOiI4LjEyLjAiLCJhZHIiOlsiMTcyLjE3LjAuMjo5MjAwIl0sImZnciI6IjI4ZjI4NGVkMGUwNjE1YmJhNWIxMjE3MzljNmU1MzkxNTg4YjRlNzJlMjBiMmVmYTgwNmI4ZmEzM2M4MjVmZTQiLCJrZXkiOiJISUpaWkkwQndlS2U4VVRVcW0wMTp5M1BET1lUclMtRzVpMTc0TGdYRW1RIn0=
ℹ️ Configure other nodes to join this cluster:
• Copy the following enrollment token and start new Elasticsearch nodes with `bin/elasticsearch --enrollment-token <token>` (valid for the next 30 minutes):
eyJ2ZXIiOiI4LjEyLjAiLCJhZHIiOlsiMTcyLjE3LjAuMjo5MjAwIl0sImZnciI6IjI4ZjI4NGVkMGUwNjE1YmJhNWIxMjE3MzljNmU1MzkxNTg4YjRlNzJlMjBiMmVmYTgwNmI4ZmEzM2M4MjVmZTQiLCJrZXkiOiJIWUpaWkkwQndlS2U4VVRVcW0wMTp6cUJ1ZmJFR1F3ZTg1NlBNZlRtZ1F3In0=
If you're running in Docker, copy the enrollment token and run:
`docker run -e "ENROLLMENT_TOKEN=<token>" docker.elastic.co/elasticsearch/elasticsearch:8.12.0`
However if you run elastic search and THE SAME IMAGE with docker compose up or docker compose -d in both cases the log is only until
VYbA","elasticsearch.node.id":"uNnSJpAgSUGLMsRDOBRnww","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2024-02-01T11:14:47.735Z", "log.level": "INFO", "message":"license [5d2fbac1-fd70-4c7d-80a4-8983ed42dfbb] mode [basic] - valid", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.license.ClusterStateLicenseService","elasticsearch.cluster.uuid":"qrE8O1JwSQyvaSdd35VYbA","elasticsearch.node.id":"uNnSJpAgSUGLMsRDOBRnww","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
so the lines with fingerprint and password are missing.
EXPECTED: docker compose up to work the same as docker run ACTUAL: parts in the output are missing when using docker compose
Right now the workaround is super user hostile.
in order to get both password and fingerprint if using docker-compose you have to :
after running lets say that the container is called "elasticsearch"
docker exec -it elasticsearch /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic
docker cp elasticsearch:/usr/share/elasticsearch/config/certs/http_ca.crt /tmp/.
openssl x509 -fingerprint -sha256 -noout -in /tmp/http_ca.crt | awk -F"=" {' print $2 '} | sed s/://g
Hi,
This is my docker compose file.
When I start up the container (docker-compose up -d), it does not generate the elastic user password and it also does not generate the Kibana token.
You can see the error in the log file
Auto-configuration will not generate a password for the elastic built-in superuser, ...
This is very similar to this issue
Adds known issue for aarch64 pwd generation by jkakavas · Pull Request #83654 · elastic/elasticsearch (github.com)
But it is supposed to be fixed and I'm also not on ARM nor M1. I'm running on Ubuntu 20.04 x86_64. This is a Linux VM (virtualbox). No shared mounts from Windows.
Log file from the container
elastic.log.zip