启动后通过IP:PORT可以查看到当前单台情况

通过IP:PORT/_cat/nodes?pretty 可以当前集群情况

172.19.0.16 26 93 50 1.40 3.47 4.23 mdi - es06
172.19.0.14 33 93 54 1.40 3.47 4.23 mdi * es04
172.19.0.15 17 93 54 1.40 3.47 4.23 mdi - es05

修改es00.yml配置，重新启动。

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true

[root@izm5ej4bsah4npfgi5wl3vz elasticsearch]# vi config/es00.yml 
cluster.name: mses-cluster
node.name: es00
node.master: true
node.data: true
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
network.host: 172.20.0.10
http.port: 9200
transport.tcp.port: 9300
http.cors.enabled: true
http.cors.allow-origin: "*"
discovery.seed_hosts: ["172.20.0.10:9300","172.20.0.11:9300"]
cluster.initial_master_nodes: ["es00","es01"]
discovery.zen.minimum_master_nodes: 2
http.cors.allow-headers: Authorization
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true

docker restart es00

查看启动日志

docker logs -f --tail=10 es00

看到启动完成后，访问ip:端口，会弹出登录对话窗口

进入容器，

docker exec -it es00 /bin/bash

keystore文件，默认会创建在config目录下生成elasticsearch.keystore文件

bin/elasticsearch-keystore create

执行过程：

[root@ee7fae207374 elasticsearch]# bin/elasticsearch-keystore create
Created elasticsearch keystore in /usr/share/elasticsearch/config
[root@ee7fae207374 elasticsearch]# ls config/
elasticsearch.keystore elasticsearch.yml jvm.options log4j2.properties role_mapping.yml roles.yml users users_roles

正常情况得到结果：说明设置正常，我这里所有的用户密码都是设置为：elastic

[root@21650b6ea0f2 elasticsearch]# bin/elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]: 
Reenter password for [elastic]: 
Enter password for [apm_system]: 
Reenter password for [apm_system]: 
Enter password for [kibana]: 
Reenter password for [kibana]: 
Enter password for [logstash_system]: 
Reenter password for [logstash_system]: 
Enter password for [beats_system]: 
Reenter password for [beats_system]: 
Enter password for [remote_monitoring_user]: 
Reenter password for [remote_monitoring_user]: 
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
Possible causes include:
 * The password for the 'elastic' user has already been changed on this cluster
 * Your elasticsearch node is running against a different keystore
 * This tool used the keystore at /usr/share/elasticsearch/config/elasticsearch.keystore
解决A：很纠结的不一定成功。也成功做。
关闭ElasticSearch的xpack安全验证（即修改/docker/elasticsearch/config/elasticsearch.yml
中的xpack.security.enabled和xpack.security.transport.ssl.enabled为false）；
重启ElasticSearch服务
重启好后用以下命令删除索引 .secutity-6
curl -XDELETE http://localhost:9204/.secutity-6
1
or

curl -XDELETE   http://127.0.0.1:9200/.secutity-6

删除好后再重新按照上面设置密码的操作打开xpack验证重启ElasticSearch服务进入容器内部进行密码设置
 解决B：不管他，接着走下面的步骤，最后，再来解决这个用户无法创建的问题，就当做忘记密码。
解决办法：创建一个新的临时用户，然后赋予这个用户超级管理员角色。
再退出外面，用这个用户修改密码。
docker exec -it es10 bash
./bin/elasticsearch-users useradd tempchen -r superuser
curl -XPUT -u tempchen:tempchen http://127.0.0.1:9200/_xpack/security/user/elastic/_password -H "Content-Type: application/json" -d '
 "password": "elastic"
执行过程：
// 进入容器
[root@izm5ej4bsah4npfgi5wl3vz ~]# docker exec -it es10 bash
// 创建用户
[root@467d3709b7db elasticsearch]# ./bin/elasticsearch-users useradd tempchen -r superuser
Enter new password: 
Retype new password: 
// 退出容器
[root@467d3709b7db elasticsearch] exit
// 根据IP修改密码
[root@izm5ej4bsah4npfgi5wl3vz elasticsearch2]# curl -XPUT -u tempchen:tempchen http://172.21.0.10:9200/_xpack/security/user/elastic/_password -H "Content-Type: application/json" -d '
>  "password": "elastic"
// 此时修改密码成功，密码为elastic
[root@izm5ej4bsah4npfgi5wl3vz elasticsearch2]# 
Unexpected response code [503] from calling PUT http://172.20.0.10:9200/_security/user/apm_system/_password?pretty
Cause: Cluster state has not been recovered yet, cannot write to the security index
配置master节点先修改为1个
cluster.initial_master_nodes: ["es04"]
在页面登录输入任何账号都能登录正常，看到信息。
[root@ee7fae207374 elasticsearch]# bin/elasticsearch-certutil ca
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.bouncycastle.jcajce.provider.drbg.DRBG (file:/usr/share/elasticsearch/lib/tools/security-cli/bcprov-jdk15on-1.61.jar) to constructor sun.security.provider.Sun()
WARNING: Please consider reporting this to the maintainers of org.bouncycastle.jcajce.provider.drbg.DRBG
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
This tool assists you in the generation of X.509 certificates and certificate
signing requests for use with SSL/TLS in the Elastic stack.
The 'ca' mode generates a new 'certificate authority'
This will create a new X.509 certificate and private key that can be used
to sign certificate when running in 'cert' mode.
Use the 'ca-dn' option if you wish to configure the 'distinguished name'
of the certificate authority
By default the 'ca' mode produces a single PKCS#12 output file which holds:
    * The CA certificate
    * The CA's private key
If you elect to generate PEM format certificates (the -pem option), then the output will
be a zip file containing individual files for the CA certificate and private key
Please enter the desired output file [elastic-stack-ca.p12]: 
Enter password for elastic-stack-ca.p12 : 
[root@ee7fae207374 elasticsearch]# ls
123456  LICENSE.txt  NOTICE.txt  README.textile  bin  config  data  elastic-stack-ca.p12  jdk  lib  logs  modules  plugins
生成私钥证书




    

bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
会提示输入密码，这里我直接回车，无密码。
 查看当前目录，即可看到：elastic-certificates.p12 这个就是我们的私钥了，所有节点，统一要将这证书放置到指定位置即可各个节点互通交互了。
[root@21650b6ea0f2 elasticsearch]# ls
LICENSE.txt  NOTICE.txt  README.textile  bin  config  data  elastic-certificates.p12  elastic-stack-ca.p12  jdk  lib  logs  modules  plugins
只需要使用由同一CA签名的证书，即可自动允许该节点加入集群。
将证书复制到宿主机
宿主机目录我这里是/home/soft/ES/config
docker cp 复制
es04 是运行的容器名称
/usr/share/elasticsearch/elastic-certificates.p12 要复制的容器内的文件具体路径
/home/soft/ES/config 物理机路径
# docker cp es04:/usr/share/elasticsearch/elastic-certificates.p12 /home/soft/ES/config
将证书复制到所有需要集群的es节点
docker cp /home/soft/ES/config/elastic-certificates.p12 es04:/usr/share/elasticsearch/config/
docker cp /home/soft/ES/config/elastic-certificates.p12 es05:/usr/share/elasticsearch/config/
docker cp /home/soft/ES/config/elastic-certificates.p12 es06:/usr/share/elasticsearch/config/
修改所有需要集群的节点
主要是增加这几行配置
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate 
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
// es04.yml 文件
cluster.name: esinner
node.name: es04
node.master: true
node.data: true
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
network.host: 172.19.0.14
http.port: 9200
transport.tcp.port: 9300
http.cors.enabled: true
http.cors.allow-origin: "*"
discovery.seed_hosts: ["172.19.0.14:9300","172.19.0.15:9300","172.19.0.16:9300"]
cluster.initial_master_nodes: ["es04","es05","es06"]
discovery.zen.minimum_master_nodes: 2
http.cors.allow-headers: Authorization
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate 
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
// es05.yml 文件
cluster.name: esinner
node.name: es05
node.master: true
node.data: true
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
network.host: 172.19.0.15
http.port: 9200
transport.tcp.port: 9300
http.cors.enabled: true
http.cors.allow-origin: "*"
discovery.seed_hosts: ["172.19.0.14:9300","172.19.0.15:9300","172.19.0.16:9300"]
cluster.initial_master_nodes: ["es04","es05","es06"]
discovery.zen.minimum_master_nodes: 2
http.cors.allow-headers: Authorization
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate 
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
// es06.yml 文件
cluster.name: esinner
node.name: es06
node.master: true
node.data: true
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
network.host: 172.19.0.16
http.port: 9200
transport.tcp.port: 9300
http.cors.enabled: true
http.cors.allow-origin: "*"
discovery.seed_hosts: ["172.19.0.14:9300","172.19.0.15:9300","172.19.0.16:9300"]
cluster.initial_master_nodes: ["es04","es05","es06"]
discovery.zen.minimum_master_nodes: 2
http.cors.allow-headers: Authorization
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate 
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
View Code
重启所有节点
完整报错：
{"type": "server", "timestamp": "2020-05-27T15:21:10,235+0000", "level": "WARN", "component": "o.e.b.ElasticsearchUncaughtExceptionHandler", "cluster.name": "esinner", "node.name": "es05",  "message": "uncaught exception in thread [main]" , 
"stacktrace": ["org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: failed to load plugin class [org.elasticsearch.xpack.core.XPackPlugin]",
"at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:163) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-7.1.1.jar:7.1.1]",
"at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-7.1.1.jar:7.1.1]",
"Caused by: java.lang.IllegalStateException: failed to load plugin class [org.elasticsearch.xpack.core.XPackPlugin]",
"at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:614) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:556) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:471) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:163) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.node.Node.<init>(Node.java:308) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.node.Node.<init>(Node.java:252) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:211) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:211) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:325) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.1.1.jar:7.1.1]",
"... 6 more",
"Caused by: java.lang.reflect.InvocationTargetException",
"at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]",
"at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]",
"at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]",
"at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]",
"at java.lang.reflect.Constructor.newInstance(Constructor.java:481) ~[?:?]",
"at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:605) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:556) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:471) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:163) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.node.Node.<init>(Node.java:308) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.node.Node.<init>(Node.java:252) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:211) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:211) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:325) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.1.1.jar:7.1.1]",
"... 6 more",
"Caused by: org.elasticsearch.ElasticsearchException: failed to initialize a TrustManagerFactory",
"at org.elasticsearch.xpack.core.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:61) ~[?:?]",
"at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:382) ~[?:?]",
"at java.util.HashMap.computeIfAbsent(HashMap.java:1133) ~[?:?]",
"at org.elasticsearch.xpack.core.ssl.SSLService.loadSSLConfigurations(SSLService.java:434) ~[?:?]",
"at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:119) ~[?:?]",
"at org.elasticsearch.xpack.core.XPackPlugin.<init>(XPackPlugin.java:144) ~[?:?]",
"at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]",
"at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]",
"at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]",
"at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]",
"at java.lang.reflect.Constructor.newInstance(Constructor.java:481) ~[?:?]",
"at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:605) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:556) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:471) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:163) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.node.Node.<init>(Node.java:308) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.node.Node.<init>(Node.java:252) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:211) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:211) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:325) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.1.1.jar:7.1.1]",
"... 6 more",
"Caused by: java.nio.file.AccessDeniedException: /usr/share/elasticsearch/config/elastic-certificates.p12",
"at sun.nio.fs.UnixException.translateToIOException(UnixException.java:90) ~[?:?]",
"at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111) ~[?:?]",
"at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:116) ~[?:?]",
"at sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:219) ~[?:?]",
"at java.nio.file.Files.newByteChannel(Files.java:373) ~[?:?]",
"at java.nio.file.Files.newByteChannel(Files.java:424) ~[?:?]",
"at java.nio.file.spi.FileSystemProvider.newInputStream(FileSystemProvider.java:420) ~[?:?]",
"at java.nio.file.Files.newInputStream(Files.java:158) ~[?:?]",
"at org.elasticsearch.xpack.core.ssl.TrustConfig.getStore(TrustConfig.java:87) ~[?:?]",
"at org.elasticsearch.xpack.core.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:58) ~[?:?]",
"at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:382) ~[?:?]",
"at java.util.HashMap.computeIfAbsent(HashMap.java:1133) ~[?:?]",
"at org.elasticsearch.xpack.core.ssl.SSLService.loadSSLConfigurations(SSLService.java:434) ~[?:?]",
"at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:119) ~[?:?]",
"at org.elasticsearch.xpack.core.XPackPlugin.<init>(XPackPlugin.java:144) ~[?:?]",
"at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]",
"at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]",
"at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]",
"at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]",
"at java.lang.reflect.Constructor.newInstance(Constructor.java:481) ~[?:?]",
"at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:605) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:556) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:471) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:163) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.node.Node.<init>(Node.java:308) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.node.Node.<init>(Node.java:252) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:211) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:211) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:325) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.1.1.jar:7.1.1]",
"... 6 more"] }
分析：有用的几句
"stacktrace": ["org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: failed to load plugin class [org.elasticsearch.xpack.core.XPackPlugin]",
"Caused by: java.lang.reflect.InvocationTargetException",
"Caused by: org.elasticsearch.ElasticsearchException: failed to initialize a TrustManagerFactory",
"Caused by: java.nio.file.AccessDeniedException: /usr/share/elasticsearch/config/elastic-certificates.p12",
----------访问权限异常，说明docker容器运行elastic的用户权限访问我们复制容器内的文件异常【elastic-certificates.p12】
解决：趁着容器运行时，赶快到容器内给文件访问权限，赋权限后重启，启动正常
# docker exec -it es04 /bin/bash
# chmod 777 config/*

# docker exec -it es05 /bin/bash
# chmod 777 config/*

# docker exec -it es06 /bin/bash
# chmod 777 config/*
 配置kibana访问。之前系统预设的用户，如下，密码都是相同的elastic
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.



配置kibana.yml
增加用户名，密码等信息。

server.name: kibana
server.host: "0"
elasticsearch.hosts: [ "http://192.168.89.138:9204","http://192.168.89.138:9205", "http://192.168.89.138:9206" ]
elasticsearch.username: "elastic"
elasticsearch.password: "elastic"
server.port: 5601
elasticsearch.requestTimeout: 90000
docker run --restart=always -m 1000m \
-d --name kibana -p 5601:5601 \
-v /home/soft/ELK/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml \
kibana:7.1.1
或重启已有服务
docker restart kibana
查看结果。。。可以在管理界面看到。用户。角色管理菜单了
输入密码kibana/elastic
{"statusCode":403,"error":"Forbidden","message":"Forbidden"}

那就换超级用户elastic,登录成功。