Restart behavior should be addressed for ES and Kibana at docker-compose.yml.

In order to generate the random passwords the elasticsearch-setup-passwords binary requires to trust the ES certs. Step 6 must be modified to handle first the CA addition to the trust set.

6. Run the *elasticsearch-generate-passwords* tool on es01 to generate passwords for all built-in users and kibana_system. Make note of these passwords.
    ```
    docker exec es01 /bin/bash -c "ln -s /usr/share/elasticsearch/config/certificates/ca/ca.crt /etc/pki/ca-trust/source/anchors/es-cluster-ca.crt"
    docker exec es01 /bin/bash -c "update-ca-trust"
    docker exec es01 /bin/bash -c "bin/elasticsearch-setup-passwords auto --batch --url https://es01:9200"
    ```

Originally posted by @juan-vg in #1 (comment)

Thank you very much for this repo. Finally all together🙂

I have a fresh machine in the cloud where I run this repo.

The open ports are 80, 443, 8080, 9200, 5601.
System: Ubuntu 20.04
Docker: 20.10.12, build e91ed57
docker-compose: 1.29.2, build 5becea4c

When running your instructions, I see the following error message using "docker logs -f es01":

{"type": "server", "timestamp": "2022-01-17T11:58:16,798Z", "level": "WARN", "component": "o.e.d.SeedHostsResolver", "cluster.name": "es-docker-cluster", "node.name": "es01", "message": "failed to resolve host [es02]", "stacktrace": ["java.net.UnknownHostException: es02", "at java.net.InetAddress$CachedAddresses.get(InetAddress.java:801) ~[?:?]", "at java.net.InetAddress.getAllByName0(InetAddress.java:1509) ~[?:?]", "at java.net.InetAddress.getAllByName(InetAddress.java:1367) ~[?:?]", "at java.net.InetAddress.getAllByName(InetAddress.java:1301) ~[?:?]", "at org.elasticsearch.transport.TcpTransport.parse(TcpTransport.java:597) ~[elasticsearch-7.16.2.jar:7.16.2]", "at org.elasticsearch.transport.TcpTransport.addressesFromString(TcpTransport.java:539) ~[elasticsearch-7.16.2.jar:7.16.2]", "at org.elasticsearch.transport.TransportService.addressesFromString(TransportService.java:1111) ~[elasticsearch-7.16.2.jar:7.16.2]", "at org.elasticsearch.discovery.SeedHostsResolver.lambda$resolveHostsLists$0(SeedHostsResolver.java:152) ~[elasticsearch-7.16.2.jar:7.16.2]", "at java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[?:?]", "at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:718) ~[elasticsearch-7.16.2.jar:7.16.2]", "at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) [?:?]", "at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) [?:?]", "at java.lang.Thread.run(Thread.java:833) [?:?]"] }

When I continue, I get the following message when executing the line
docker exec es01 /bin/bash -c "bin/elasticsearch-setup-passwords auto --batch --url https://es01:9200"

`Failed to determine the health of the cluster running at https://es01:9200
Unexpected response code [503] from calling GET https://es01:9200/_cluster/health?pretty
Cause: master_not_discovered_exception

It is recommended that you resolve the issues with your cluster before running elasticsearch-setup-passwords.
It is very likely that the password changes will fail when run against an unhealthy cluster.

Unexpected response code [503] from calling PUT https://es01:9200/_security/user/apm_system/_password?pretty
Cause: Cluster state has not been recovered yet, cannot write to the [null] index

Possible next steps:

• Try running this tool again.
• Try running with the --verbose parameter for additional messages.
• Check the elasticsearch logs for additional error details.
• Use the change password API manually.

ERROR: Failed to set password for user [apm_system].`

Can someone please tell me what I am doing wrong?

the commands in the readme arent clear and doesn't work