1. Describe your incident:
Graylog could not be connected with Opensearch when plugins.security.disabled setted as ‘false’ for Opensearch. (There were no TLS/SSL settings for both Graylog and Opensearch)
2. Describe your environment:
- OS Information:
- Windows 10 Pro (64bits)
- Package Version:
- graylog: 5.1
- opensearch: 2.11.1
- opensearch-dashboard: latest
- Service logs, configurations, and environment variables:
docker-compose.yml file
version: '3'
networks:
graynet:
driver: bridge
# This is how you persist data between container restarts
volumes:
mongo_data:
driver: local
log_data:
driver: local
graylog_data:
driver: local
services:
# Graylog stores configuration in MongoDB
mongo:
image: mongo
container_name: mongodb
volumes:
- "mongo_data:/data/db"
networks:
- graynet
# The logs themselves are stored in Opensearch
opensearch:
image: opensearchproject/opensearch:2.11.1
container_name: opensearch
environment:
- "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
- "bootstrap.memory_lock=true"
- "discovery.type=single-node"
- "action.auto_create_index=false"
- "plugins.security.ssl.http.enabled=false"
- "plugins.security.disabled=false"
volumes:
- "log_data:/usr/share/opensearch/data"
- "./config/custom_internal_users.yml:/usr/share/opensearch/config/opensearch-security/internal_users.yml"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
ports:
- 9200:9200/tcp
networks:
- graynet
# restart: unless-stopped
# opensearch-dashboards
opensearch-dashboards:
image: opensearchproject/opensearch-dashboards:latest
container_name: opensearch-dashboards
ports:
- 5601:5601
environment:
OPENSEARCH_HOSTS: "http://opensearch:9200"
OPENSEARCH_USERNAME: "admin"
OPENSEARCH_PASSWORD: "admin"
networks:
- graynet
graylog:
image: graylog/graylog:5.1
container_name: graylog
environment:
# Setted Password Secret Correctly
GRAYLOG_PASSWORD_SECRET: ""
# Setted Root Password Secret Correctly
GRAYLOG_ROOT_PASSWORD_SHA2: ""
GRAYLOG_HTTP_BIND_ADDRESS: "0.0.0.0:9000"
GRAYLOG_HTTP_EXTERNAL_URI: "http://localhost:9000/"
GRAYLOG_ELASTICSEARCH_HOSTS: "http://opensearch:9200"
GRAYLOG_MONGODB_URI: "mongodb://mongodb:27017/graylog"
GRAYLOG_TIMEZONE: "America/Detroit"
TZ: "America/Detroit"
GRAYLOG_TRANSPORT_EMAIL_PROTOCOL: "smtp"
GRAYLOG_TRANSPORT_EMAIL_WEB_INTERFACE_URL: "http://192.168.3.233:9000/"
GRAYLOG_TRANSPORT_EMAIL_HOSTNAME: "outbound.mailhop.org"
GRAYLOG_TRANSPORT_EMAIL_ENABLED: "true"
GRAYLOG_TRANSPORT_EMAIL_PORT: "587"
GRAYLOG_TRANSPORT_EMAIL_USE_AUTH: "true"
GRAYLOG_TRANSPORT_EMAIL_AUTH_USERNAME: "xxxxx"
GRAYLOG_TRANSPORT_EMAIL_AUTH_PASSWORD: "xxxxx"
GRAYLOG_TRANSPORT_EMAIL_USE_TLS: "true"
GRAYLOG_TRANSPORT_EMAIL_USE_SSL: "false"
GRAYLOG_TRANSPORT_FROM_EMAIL: "graylog@example.com"
GRAYLOG_TRANSPORT_SUBJECT_PREFIX: "[graylog]"
entrypoint: /usr/bin/tini -- wait-for-it opensearch:9200 -- /docker-entrypoint.sh
volumes:
- "graylog_data:/usr/share/graylog/data"
networks:
- graynet
restart: always
depends_on:
opensearch:
condition: "service_started"
mongo:
condition: "service_started"
ports:
- 9000:9000
- 12201:12201
- 1514:1514
docker-logs
- opensearch container
3. What steps have you already taken to try and solve the problem?
- The Graylog was operated successfully when setting plugins.security.disabled setted as 'true for Opensearch.
4. How can the community help?
- Please explain the reason the Graylog could not be connected with Opensearch and looking forward any advices to resolve this issue.
