Couldn't parse CURLOPT_RESOLVE entry in setup lib.sh of tls branch #1137
Description
Problem description
The setup container is unable to connect with the elasticsearch container. The wait for elastic search function always fails with curl error 49 "Couldn't parse CURLOPT_RESOLVE entry".
Extra information
This is in the tls branch.
The resolve argument for the wait function in setup/lib.sh evaluates to elasticsearch:9200:elasticsearch when ELASTICSEARCH_HOST is not set (it is not set by default). But this format will always be invalid as the last part of the resolve arg should be an IP address HOST:PORT:ADDRESS.
function wait_for_elasticsearch {
local elasticsearch_host="${ELASTICSEARCH_HOST:-elasticsearch}"
local -a args=( '-s' '-D-' '-m15' '-w' '%{http_code}' 'https://elasticsearch:9200/'
'--resolve' "elasticsearch:9200:${elasticsearch_host}" '--cacert' "$es_ca_cert" )Stack configuration
Keeping data in a local directory instead of docker volume.
/opt/elkcopy of configurations/mnt/elkdata
diff --git a/docker-compose.yml b/docker-compose.yml
index 98e4be0..b919f3c 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -12,16 +12,14 @@ services:
tls:
profiles:
- setup
- build:
- context: tls/
- args:
- ELASTIC_VERSION: ${ELASTIC_VERSION}
- user: root # ensures we can write to the local tls/ directory.
+ image: $ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com/elk/elasticsearch:8.19.7
+ entrypoint: /entrypoint.sh
+ user: root
init: true
volumes:
- - ./tls/entrypoint.sh:/entrypoint.sh:ro,Z
- - ./tls/instances.yml:/usr/share/elasticsearch/tls/instances.yml:ro,Z
- - ./tls/certs:/usr/share/elasticsearch/tls/certs:z
+ - /opt/elk/tls/entrypoint.sh:/entrypoint.sh:ro,Z
+ - /opt/elk/tls/instances.yml:/usr/share/elasticsearch/tls/instances.yml:ro,Z
+ - /mnt/elk/tls/certs:/usr/share/elasticsearch/tls/certs:z
# The 'setup' service runs a one-off script which initializes users inside
# Elasticsearch — such as 'logstash_internal' and 'kibana_system' — with the
@@ -40,17 +38,14 @@ services:
setup:
profiles:
- setup
- build:
- context: setup/
- args:
- ELASTIC_VERSION: ${ELASTIC_VERSION}
+ image: $ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com/elk/elasticsearch:8.19.7
+ entrypoint: /entrypoint.sh
init: true
volumes:
- - ./setup/entrypoint.sh:/entrypoint.sh:ro,Z
- - ./setup/lib.sh:/lib.sh:ro,Z
- - ./setup/roles:/roles:ro,Z
- # (!) CA certificate. Generate using the 'tls' service.
- - ./tls/certs/ca/ca.crt:/ca.crt:ro,z
+ - /opt/elk/setup/entrypoint.sh:/entrypoint.sh:ro,Z
+ - /opt/elk/setup/lib.sh:/lib.sh:ro,Z
+ - /opt/elk/setup/roles:/roles:ro,Z
+ - /mnt/elk/tls/certs/ca/ca.crt:/ca.crt:ro,z
environment:
ELASTIC_PASSWORD: ${ELASTIC_PASSWORD:-}
LOGSTASH_INTERNAL_PASSWORD: ${LOGSTASH_INTERNAL_PASSWORD:-}
@@ -74,54 +69,45 @@ services:
kibana-genkeys:
profiles:
- setup
- build:
- context: kibana/
- args:
- ELASTIC_VERSION: ${ELASTIC_VERSION}
+ image: $ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com/elk/kibana:8.19.7
command:
- bin/kibana-encryption-keys
- generate
network_mode: none
elasticsearch:
- build:
- context: elasticsearch/
- args:
- ELASTIC_VERSION: ${ELASTIC_VERSION}
+ image: $ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com/elk/elasticsearch:8.19.7
volumes:
- - ./elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro,Z
- - elasticsearch:/usr/share/elasticsearch/data:Z
- # (!) TLS certificates. Generate using the 'tls' service.
- - ./tls/certs/ca/ca.crt:/usr/share/elasticsearch/config/ca.crt:ro,z
- - ./tls/certs/elasticsearch/elasticsearch.crt:/usr/share/elasticsearch/config/elasticsearch.crt:ro,z
- - ./tls/certs/elasticsearch/elasticsearch.key:/usr/share/elasticsearch/config/elasticsearch.key:ro,z
+ - /opt/elk/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro,Z
+ - /mnt/elk/elasticsearch:/usr/share/elasticsearch/data:Z
+ - /mnt/elk/tls/certs/ca/ca.crt:/usr/share/elasticsearch/config/ca.crt:ro,z
+ - /mnt/elk/tls/certs/elasticsearch/elasticsearch.crt:/usr/share/elasticsearch/config/elasticsearch.crt:ro,z
+ - /mnt/elk/tls/certs/elasticsearch/elasticsearch.key:/usr/share/elasticsearch/config/elasticsearch.key:ro,z
ports:
- 9200:9200
- 9300:9300
environment:
- node.name: elasticsearch
- ES_JAVA_OPTS: -Xms512m -Xmx512m
+ ES_SETTING_NODE_NAME: elasticsearch
+ ES_SETTING_DISCOVERY_TYPE: single-node
+ ES_JAVA_OPTS: >-
+ -Des.enforce.bootstrap.checks=true
+ -Xms512m
+ -Xmx512m
# Bootstrap password.
# Used to initialize the keystore during the initial startup of
# Elasticsearch. Ignored on subsequent runs.
ELASTIC_PASSWORD: ${ELASTIC_PASSWORD:-}
- # Use single node discovery in order to disable production mode and avoid bootstrap checks.
- # see: https://www.elastic.co/docs/deploy-manage/deploy/self-managed/bootstrap-checks
- discovery.type: single-node
networks:
- elk
restart: unless-stopped
logstash:
- build:
- context: logstash/
- args:
- ELASTIC_VERSION: ${ELASTIC_VERSION}
+ image: $ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com/elk/logstash:8.19.7
volumes:
- - ./logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml:ro,Z
- - ./logstash/pipeline:/usr/share/logstash/pipeline:ro,Z
- # (!) CA certificate. Generate using the 'tls' service.
- - ./tls/certs/ca/ca.crt:/usr/share/logstash/config/ca.crt:ro,z
+ - /opt/elk/logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml:ro,Z
+ - /opt/elk/logstash/pipeline:/usr/share/logstash/pipeline:ro,Z
+ - /mnt/elk/logstash:/usr/share/logstash/data:Z
+ - /mnt/elk/tls/certs/ca/ca.crt:/usr/share/logstash/config/ca.crt:ro,z
ports:
- 5044:5044
- 50000:50000/tcp
@@ -137,29 +123,30 @@ services:
restart: unless-stopped
kibana:
- build:
- context: kibana/
- args:
- ELASTIC_VERSION: ${ELASTIC_VERSION}
+ image: $ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com/elk/kibana:8.19.7
volumes:
- - ./kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml:ro,Z
- # (!) TLS certificates. Generate using the 'tls' service.
- - ./tls/certs/ca/ca.crt:/usr/share/kibana/config/ca.crt:ro,z
- - ./tls/certs/kibana/kibana.crt:/usr/share/kibana/config/kibana.crt:ro,Z
- - ./tls/certs/kibana/kibana.key:/usr/share/kibana/config/kibana.key:ro,Z
+ - /opt/elk/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml:ro,Z
+ - /mnt/elk/kibana:/usr/share/kibana/data:Z
+ - /mnt/elk/tls/certs/ca/ca.crt:/usr/share/kibana/config/ca.crt:ro,z
+ - /mnt/elk/tls/certs/kibana/kibana.crt:/usr/share/kibana/config/kibana.crt:ro,Z
+ - /mnt/elk/tls/certs/kibana/kibana.key:/usr/share/kibana/config/kibana.key:ro,Z
ports:
- 5601:5601
environment:
+ SERVER_NAME: ***********
+ SERVER_PUBLICBASEURL: ***********
KIBANA_SYSTEM_PASSWORD: ${KIBANA_SYSTEM_PASSWORD:-}
networks:
- elk
depends_on:
- elasticsearch
restart: unless-stopped
+ healthcheck:
+ test: [
+ "CMD-SHELL",
+ "curl --silent --fail --output /dev/null --insecure https://localhost:5601/api/status"]
+ start_period: 30s
networks:
elk:
driver: bridge
-
-volumes:
- elasticsearch:
diff --git a/elasticsearch/config/elasticsearch.yml b/elasticsearch/config/elasticsearch.yml
index d3e32fe..fd672e9 100644
--- a/elasticsearch/config/elasticsearch.yml
+++ b/elasticsearch/config/elasticsearch.yml
@@ -5,7 +5,6 @@
cluster.name: docker-cluster
network.host: 0.0.0.0
-xpack.license.self_generated.type: trial
xpack.security.enabled: true
##
diff --git a/kibana/config/kibana.yml b/kibana/config/kibana.yml
index 1f3c5fa..09a6b15 100644
--- a/kibana/config/kibana.yml
+++ b/kibana/config/kibana.yml
@@ -27,7 +27,7 @@ elasticsearch.ssl.certificateAuthorities: [ config/ca.crt ]
## Communications between web browsers and Kibana
## see https://www.elastic.co/guide/en/kibana/current/configuring-tls.html#configuring-tls-browser-kib
#
-server.ssl.enabled: false
+server.ssl.enabled: true
server.ssl.certificate: config/kibana.crt
server.ssl.key: config/kibana.keyDocker setup
$ docker version
Client:
Version: 25.0.13
API version: 1.44
Go version: go1.24.9
Git commit: 0bab007
Built: Mon Nov 3 00:00:00 2025
OS/Arch: linux/amd64
Context: default
Server:
Engine:
Version: 25.0.13
API version: 1.44 (minimum version 1.24)
Go version: go1.24.9
Git commit: 165516e
Built: Mon Nov 3 00:00:00 2025
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 2.1.5
GitCommit: fcd43222d6b07379a4be9786bda52438f0dd16a1
runc:
Version: 1.3.3
GitCommit: d842d7719497cc3b774fd71620278ac9e17710e0
docker-init:
Version: 0.19.0
GitCommit: de40ad0$ docker compose version
Docker Compose version v5.0.0Container logs
$ docker compose logs
setup-1 | [+] Waiting for availability of Elasticsearch. This can take several minutes.
setup-1 | ⠍ Connection to Elasticsearch failed. Exit code: 49