I'm trying to run elasticsearch and kibana via dockers, and I'm getting errors with kibana.
I'm using elasticsearch and kibana version 7.6.2
and Ubuntu 18.04.6 LTS
I run elasticsearch with the following command:
docker run -p 127.0.0.1:9200:9200 -p 127.0.0.1:9300:9300 -e "discovery.type=single-node" docker.elastic.co/elasticsearch/elasticsearch:7.6.2
And it seems that elasticsearch is on (I can bulk documents and get information about the index from python code).
I'm running kibana with the following commands:
docker network create elastic
docker run --net elastic -p 127.0.0.1:5601:5601 -e "ELASTICSEARCH_HOSTS=http://127.0.0.1:9200" docker.elastic.co/kibana/kibana:7.6.2
I see the following message in the web browser: Kibana server is not ready yet
And I see the following logs in the console:
{"type":"log","#timestamp":"2022-05-22T06:45:20Z","tags":["info","savedobjects-service"],"pid":7,"message":"Waiting until all Elasticsearch nodes are compatible with Kibana before starting saved objects migrations..."}
{"type":"log","#timestamp":"2022-05-22T06:45:20Z","tags":["error","elasticsearch","data"],"pid":7,"message":"Request error, retrying\nHEAD http://127.0.0.1:9200/.apm-agent-configuration => connect ECONNREFUSED 127.0.0.1:9200"}
{"type":"log","#timestamp":"2022-05-22T06:45:20Z","tags":["error","elasticsearch","data"],"pid":7,"message":"Request error, retrying\nGET http://127.0.0.1:9200/_xpack => connect ECONNREFUSED 127.0.0.1:9200"}
{"type":"log","#timestamp":"2022-05-22T06:45:20Z","tags":["error","elasticsearch","admin"],"pid":7,"message":"Request error, retrying\nGET http://127.0.0.1:9200/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip => connect ECONNREFUSED 127.0.0.1:9200"}
{"type":"log","#timestamp":"2022-05-22T06:45:20Z","tags":["warning","elasticsearch","data"],"pid":7,"message":"Unable to revive connection: http://127.0.0.1:9200/"}
{"type":"log","#timestamp":"2022-05-22T06:45:20Z","tags":["warning","elasticsearch","data"],"pid":7,"message":"No living connections"}
Could not create APM Agent configuration: No Living connections
{"type":"log","#timestamp":"2022-05-22T06:45:20Z","tags":["warning","elasticsearch","data"],"pid":7,"message":"Unable to revive connection: http://127.0.0.1:9200/"}
{"type":"log","#timestamp":"2022-05-22T06:45:20Z","tags":["warning","elasticsearch","data"],"pid":7,"message":"No living connections"}
How can I run kibana via docker ?
Did you try enrolling kibana to you elasticsearch cluster?
The enrollment token is valid for 30 minutes. If you need to generate a new enrollment token, run the elasticsearch-create-enrollment-token tool on your existing node. This tool is available in the Elasticsearch bin directory of the Docker container.
For example, run the following command on the existing es01 node to generate an enrollment token for newer nodes to be added:
docker exec -it es01
/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s
node
When you start Kibana, a unique link is output to your terminal.
To access Kibana, click the generated link in your terminal.
Then in your browser, paste the enrollment token that you copied when starting Elasticsearch and click the button to connect your Kibana instance with Elasticsearch.
Log in to Kibana as the elastic user with the password that was generated when you started Elasticsearch.
More details here
You've created a docker network for the Kibana container, but the Elastic container is not joined to it. Since you can access Elastic from your localhost:9200, there is no need to use the elastic network for the Kibana container.
Update the Kibana docker run command to docker run -p 127.0.0.1:5601:5601 -e "ELASTICSEARCH_HOSTS=http://host.docker.internal:9200" docker.elastic.co/kibana/kibana:7.6.2
This removes the join to the elastic network, and updates the ELASTICSEARCH_HOSTS environment variable so that it uses the localhost of the machine instead of container.
Hi~~ I'm doing the official tutorial from the follwoing link.
My system is windows 10, I'm using VirtualBox 6.0 and downloaded the latest sandbox.
The following are what I did step by setp:
(1) Boot up: I cannot upload image but the information on boot up are as follow:
Hostname: gpdb-sandbox.localdomain
IP: 192.168.5.138
GPDB Admin: gpadmin
GPDB Password: pivotal
Tutorial User: gpuser
Tutorial User Password: pivotal
(2) Navigate to pg_hba.conf and add "host all all 0.0.0.0/0 md5" to the last of it
(3) Navigate to postgresql.conf and add "listen_addresses = '*'" to it
(4) Then I loged in the OS and run the following commmand
./start_all.sh
(5) Then I opened a cmd.exe from my windows and run
psql -U gpadmin -h 192.168.5.138 -p 5432 postgres
(6) The program replies with request for password, then I typed in "pivotal"
And then the program replies with an authentication failure. Can anyone help me with that so that I can start the first step of the tutorial??
Thanks a lot!
No need to type all the parameters if you are connecting to database from the sand box terminal.
just do psql and press enter you will be connected to gpadmin database.
if you changeor add any entries in pg_hba.conf please relode the configurations by running below command.
gpstop -u
I have an AWS DocumentDB set up that I can connect to just fine through my jump box using:
mongo --ssl --host aws-host:27017 --sslCAFile rds-combined-ca-bundle.pem --username my_user --password <insertYourPassword>
I'd like to be able to connect to it through localhost for some testing. I cannot connect directly so I attempted to open a tunnel from my jump:
ssh -i ~/.ssh/my-key user#my_jump -L 27017:aws-host:27017 -N
After that I tried the basic MongoDB connect command:
mongo --ssl --host localhost:27017 --sslCAFile rds-combined-ca-bundle.pem --username my_user --password <insertYourPassword>
I get an error I understand:
The server certificate does not match the host name. Hostname: localhost does not match SAN(s)
I tried using export http_proxy to use http://my_jump:27017 and using the command above again with no luck.
Any suggestions or help on how to connect?
Try to disable ssl hostname validation:
mongo --ssl --sslAllowInvalidHostnames ...
Note --sslAllowInvalidHostnames is available from version 3.0.
If this does not work, try to remove --ssl entirely from the connection options, as according to the documentation:
The mongo shell verifies that the hostname (specified in --host option
or the connection string) matches the SAN (or, if SAN is not present,
the CN) in the certificate presented by the mongod or mongos. If SAN
is present, mongo does not match against the CN. If the hostname does
not match the SAN (or CN), the mongo shell will fail to connect.
Mac here, running Docker Community Edition Version 17.12.0-ce-mac49 (21995).
I have Dockerized a web app with a Dockerfile like so:
FROM openjdk:8
RUN mkdir /opt/myapp
ADD build/libs/myapp.jar /opt/myapp
ADD application.yml /opt/myapp
ADD logback.groovy /opt/myapp
WORKDIR /opt/myapp
EXPOSE 9200
ENTRYPOINT ["java", "-Dspring.config=.", "-jar", "myapp.jar"]
I then build that image like so:
docker build -t myapp .
I then run a container of that image like so:
docker run -it -p 9200:9200 --net="host" --env-file ~/myapp-local.env --name myapp myapp
In the console I see the app start up without any errors, and all seems to be well. Even my metrics publishes (which publish heartbeat and other health metrics every 20 seconds) are printing to the console as I would expect them to. Everything seems to be fine.
Except when I go to run a curl against my app from another terminal/session:
curl -i -H "Content-Type: application/json" -X POST -d '{"username":"heyitsme","password":"12345"}' http://localhost:9200/v1/auth/signIn
curl: (7) Failed to connect to localhost port 9200: Connection refused
Now, if this were a situation where the /v1/auth/signIn path wasn't valid, or if there was something wrong with my request entity/payload, the server would pick up on it and send an error (I assure you; as I can confirm this exact same curl works when I run the server outside of Docker as just a standalone service).
So this is definitely a situation where the curl command can't connect to localhost:9200. Again, when I run my app outside of Docker, that same curl command works perfectly, so I know my app is trying to standup on port 9200.
Any ideas as to what could be going wrong here, or how I could begin troubleshooting?
The way you run your container has 2 conflicting parts:
-p 9200:9200 says: "publish (bind) port 9200 of the container to port 9200 of the host"
--net="host" says: "use the host's networking stack"
According to Docker for Mac - Networking docs / Known limitations, use cases, and workarounds, you should only publish a port:
I want to connect to a container from the Mac
Port forwarding works for localhost; --publish, -p, or -P all work. Ports exposed from Linux are forwarded to the Mac.
Our current recommendation is to publish a port, or to connect from another container. This is what you need to do even on Linux if the container is on an overlay network, not a bridge network, as these are not routed.
The command to run the nginx webserver shown in Getting Started is an example of this.
$ docker run -d -p 80:80 --name webserver nginx
Check that your app bind to 0.0.0.0:9200 and not localhost:9200 or something similar
Problem seems to be in the network mode you are running the container.
Quick test: Login to your container and run the curl cmd there, hopefully it works. That would isolate the problem to request not being forwarded from host to container.
Try running your container on the default bridge network and test.
Refer to this blog for details on the network modes in docker
TLDR; You will need to add an IPtables entry to allow the traffic to enter your container.
I Have docker hosted in a win2K16 server (in the test scenario the host itself is a Domain Controller but in the real case scenario the host will be a machine in the domain).
In the container I have a IIS site that is required to do authentication through AD.
I have created a gMSA following the instructions in this url and tried to configure the host and the container using this steps
I start the container using the command: docker run -d --security-opt "credentialspec=file://gmsa.json" -h gmsa <image-name> (I've tried with and without the -h parameter) and loggin in with docker exec -ti <container-id> cmd.
In the host the command nltest /parentdomain returns as expected but nltest /query always return:
Flags: 0
Connection Status = 1786 0x6fa ERROR_NO_TRUST_LSA_SECRET
Can anyone point me out what I'm doing wrong?
Turns out that you cannot use host the container in the Domain Controller because you can't add the DC computer to the gMSA group.