Advise required - override kibana.yml and elsaticsearch.yml

[silentFred]

Hi all,

Firstly thank you all for this epic contribution!

I'm playing around and trying to get basic user management and security up and running without any 3rd party plugins. So far I understand this should be possible with the pre-installed x-pack plugins.

I've tried overriding the yml configs by using a docker compose file and mounting file directly into the image where the configs are expected to be like so:

    image: sebp/elk
    ports:
        # Kibana port
        - "80:5601"
        # Logstash port
        - "90:31311"
        - "5044:5044"
        - "9200:9200"
    volumes:
        - './logstash-input.local.conf:/etc/logstash/conf.d/03-input.conf'
        - './30-output.conf:/etc/logstash/conf.d/30-output.conf'
        - './kibana.yml:/opt/kibana/config/kibana.yml'
        - './elasticsearch.yml:/etc/elasticsearch/config/elasticsearch.yml'

Pretty simple but it seems Kibana is ignoring the flags I am setting:

elasticsearch.username: "someuser" elasticsearch.password: "somepassword"

Has anyone else managed to spin up the stack with basic user management and login? Am I even putting these configs where they should be? Been stuck here a few days now and Search Guard plugin installation has also not proven fruitful given the package optimisation stalling regardless of the resources allocated to the image.

[sandeepsuvit]

Hi @silentFred i think for this we need to activate this plugin elasticsearch-setup-passwords as per elastic docs https://www.elastic.co/guide/en/elasticsearch/reference/7.8/built-in-users.html#set-built-in-user-passwords but i am not sure where do we enable this in the current package. Any thoughts?

[sandeepsuvit]

Also when i tried to do this manually from within docker container. I got this error

root@9cc2090d64e4:/opt/elasticsearch/bin# ./elasticsearch-plugin install x-pack
-> Installing x-pack
-> Failed installing x-pack
ERROR: X-Pack is not available with the oss distribution; to use X-Pack features use the default distribution

Which means that the current distribution oss doesn't support X-Pack which is required for user management. @spujadas Any comments on how to get this working please.

[spujadas]

@sandeepsuvit use a non-oss version of the image, then follow Elastic docs.

[sandeepsuvit]

Got it @spujadas. I did try your suggestion and it worked out well, thanks. One more question related to this: So i used the version without oss tag and it does show the X-Pack plugin files. Now is there a way i can enable default users without manually going and triggering bin/elasticsearch-setup-passwords auto from inside the container, through some scripts after elk setup completes?

[spujadas]

Well as far as I know there isn't a nice streamlined way to do this, but the closest may be to use post-hooks (https://elk-docker.readthedocs.io/#pre-post-hooks) to run the command after everything starts. Still a bit inconvenient, but this fiddliness doesn't seem to be Docker-specific.