My aim is to enable authentication in Kibana login page but I'm not able to do that. I'm alays directed to the dashboard directly and it never asks for username and password
ELK servers are running on Docker containers.
In my docker-compose.yaml file elasticsearch.yml file mapping is from conf directory i.e ./elasticsearch/conf/elasticsearch.yml
and I had enabled x-pack.security: true in kibana.yml, logstash.yml and elasticserach.yml as well as docker-compose.yaml
When I tried to setup passwords by going inside the elasticserach containers and navigated to bin directory and tried running script elasticsearch-setup-passwords interactive it gave me the below error
Unexpected response code [500] from calling GET http://172.21.0.2:9200/_security/_authenticate?pretty
It doesn't look like the X-Pack security feature is enabled on this Elasticsearch node.
Please check if you have enabled X-Pack security in your elasticsearch.yml configuration file.
ERROR: X-Pack Security is disabled by configuration.
As a result I tried enabling x-pack security inside elasticsearch config folder using the below command-
and restarted the conatiners again- it started giving me below errors-
[INFO ][o.e.x.s.a.AuthenticationService] [inlxdev02] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]
Please don't post pictures of text or code or logs. They are difficult to read, impossible to search and replicate (if it's code), and some people may not be even able to see them
Perhaps you should try setting this up without docker first just download the tar.gz or zip of elasticsearch and kibana and get it working the way you want. Then replicate with docker.
Also The path in docker to the elasticsearch.yml is not correct, so it is probably not being found. I think perhaps you need to be a little more careful with path, rebuilding containers etc..
Correct /usr/share/elasticsearch/config/elasticsearch.yml
not /usr/share/elasticsearch/conf/elasticsearch.yml
You should probably double check the other paths as well.
Kibana path is not correct either.
Logstash I don't have running...
You can use the following command to look into the containers.
@stephenb thanks a lot for your response! I was also able to figure out the root cause- path configuration.
Now, I'm able to get the login page on Kibana and everything works fine except one thing- in my elasticsearch server I'm still getting the authentication error and I'm not getting the reason-
{"type": "server", "timestamp": "2021-06-07T01:16:21,457Z", "level": "INFO", "component": "o.e.x.s.a.AuthenticationService", "cluster.name": "docker-cluster", "node.name": "fcf49d1a87d0", "message": "Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "cluster.uuid": "bSnpaUuRQ0yoAhWoERU31A", "node.id": "Zj-mswZjSX-CnRKUUFkYKg" }
{"type": "server", "timestamp": "2021-06-07T01:16:22,346Z", "level": "INFO", "component": "o.e.x.s.a.AuthenticationService", "cluster.name": "docker-cluster", "node.name": "fcf49d1a87d0", "message": "Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "cluster.uuid": "bSnpaUuRQ0yoAhWoERU31A", "node.id": "Zj-mswZjSX-CnRKUUFkYKg" }
And below is the logstash logs-
[2021-06-07T08:36:07,429][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://elastic:xxxxxx@elasticsearch:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :error=>"Got response code '401' contacting Elasticsearch at URL 'http://elasticsearch:9200/'"}
[2021-06-07T08:36:07,429][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://elastic:xxxxxx@elasticsearch:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :error=>"Got response code '401' contacting Elasticsearch at URL 'http://elasticsearch:9200/'"}
@warkolm I have provided the codes in proper format. The reason for posting snapshots/images were for references only and they are optional. Still I'll keep that in mind from next time. Thanks for your suggestion
@stephenb Before deploying I changed the password for elastic superuser and got success message as well using elasticsearch-setup-passwords interactive
now, also I again changed it in Kibana devtool by using this command and got success as well but still getting the same authentication errors-
POST /_security/user/elastic/_password
{
"password" : "my_password"
}
log into the logstash container and try the same curl command to check elasticsearch but you will need to use the elasticsearch container name you defined in your docker compose for elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.