Open linghengqian opened 2 years ago
Pinging @elastic/security-solution (Team: SecuritySolution)
services:
setup:
image: docker.elastic.co/elasticsearch/elasticsearch:8.15.0
volumes:
- certs:/usr/share/elasticsearch/config/certs
user: "0"
command: >
bash -c '
if [ ! -f config/certs/ca.zip ]; then
bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
unzip config/certs/ca.zip -d config/certs;
fi;
if [ ! -f config/certs/certs.zip ]; then
echo -ne \
"instances:\n"\
" - name: es01\n"\
" dns:\n"\
" - es01\n"\
" - localhost\n"\
" ip:\n"\
" - 127.0.0.1\n"\
> config/certs/instances.yml;
bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
unzip config/certs/certs.zip -d config/certs;
fi;
chown -R root:root config/certs;
find . -type d -exec chmod 750 \{\} \;;
find . -type f -exec chmod 640 \{\} \;;
until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:es01changeme" -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"kibanachangeme\"}" | grep -q "^{}"; do sleep 10; done;
'
healthcheck:
test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"]
interval: 1s
timeout: 5s
retries: 120
es01:
depends_on:
setup:
condition: service_healthy
image: docker.elastic.co/elasticsearch/elasticsearch:8.15.0
volumes:
- certs:/usr/share/elasticsearch/config/certs
- esdata01:/usr/share/elasticsearch/data
ports:
- "127.0.0.1:9200:9200"
environment:
- node.name=es01
- cluster.name=elasticsearch-shardingsphere
- cluster.initial_master_nodes=es01
- discovery.seed_hosts=127.0.0.1,[::1]
- ELASTIC_PASSWORD=es01changeme
- bootstrap.memory_lock=true
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=certs/es01/es01.key
- xpack.security.http.ssl.certificate=certs/es01/es01.crt
- xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.key=certs/es01/es01.key
- xpack.security.transport.ssl.certificate=certs/es01/es01.crt
- xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.license.self_generated.type=basic
mem_limit: '1gb'
ulimits:
memlock:
soft: -1
hard: -1
healthcheck:
test:
[
"CMD-SHELL",
"curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
]
interval: 10s
timeout: 10s
retries: 120
kibana:
depends_on:
es01:
condition: service_healthy
image: docker.elastic.co/kibana/kibana:8.15.0
volumes:
- certs:/usr/share/kibana/config/certs
- kibanadata:/usr/share/kibana/data
ports:
- "5601:5601"
environment:
- SERVERNAME=kibana
- ELASTICSEARCH_HOSTS=https://es01:9200
- ELASTICSEARCH_USERNAME=kibana_system
- ELASTICSEARCH_PASSWORD=kibanachangeme
- ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
- I18N_LOCALE=zh-CN
mem_limit: '1gb'
healthcheck:
test:
[
"CMD-SHELL",
"curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
]
interval: 10s
timeout: 10s
retries: 120
volumes:
certs:
esdata01:
kibanadata:
- Should this issue be closed?
@azasypkin @MindyRS @kevinlog @elasticmachine So, 2 years later I'm back testing the Elastic Stack. This interface no longer appears to exist, so there seems to be no point in keeping this issue open.
I'll defer that decision to @MindyRS @kevinlog
Kibana version:
Elasticsearch version:
Server OS version:
Browser version:
Browser OS version:
Original install method (e.g. download page, yum, from source, etc.):
Describe the bug:
I18N_LOCALE: zh-CN
, Kibana’s Security icon is brokenSteps to reproduce:
Assuming the following
docker-compose.yml
file, the kibana API key is generated bybin/elasticsearch-create-enrollment-token -s kibana
.Start with
docker compose up -d
. Open Kibana normally, and the icon is normal at this time.Then change docker-compose.yml as follows, add environment variable I18N_LOCALE: zh-CN, and docker compose up -d again.
At this time, the Security icon of Kibana is damaged and cannot be viewed, which should not be normal behavior.
Expected behavior:
I18N_LOCALE: zh-CN
is not configured.Screenshots (if relevant):
Errors in browser console (if relevant):
Provide logs and/or server output (if relevant):
Any additional context: