Hello everyone,
I have my two node cluster (8.3.2.1) - working. I generated the certificates of each element (elastic-vm-1, elastic-vm2, kibana, logstash) including DNS and IP for each certificate.
Kibana - that when I change the user it is put in disabled mode - it seems that it has some authentication problem when connecting to elasticsearch.
kibana logs:
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-07-12T10:57:40.699+02:00","message":"Authentication attempt failed: {\" error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"unable to authenticate user [kibana_system] for REST request [/_security/_authenticate]\ ",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\",\" Bearer realm=\\\"security\\\"\",\"ApiKey\"]}}],\"type\":\"security_exception\",\"reason\":\"unable to authenticate user [ kibana_system] for REST request [/_security/_authenticate]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\" charset=\\\" UTF-8\\\"\",\"Bearer realm=\\\"security\\\"\",\"ApiKey\"]}},\"status\":401}","log": {"level":"INFO","logger":"plugins.security.authentication"},"process":{"pid":705},"trace":{"id":"9a227874dd779f220b70a5f835779620"},"transaction ":{"id":"79bcebc151899fc5"}}
Log Elastic:
[2022-07-12T11:12:01,414][INFO ][o.e.x.s.a.RealmsAuthenticator] [elastic-vm-1] Authentication of [kibana_system] was terminated by realm [reserved] - failed to authenticate user [kibana_system]
Kibana settings:
server.port: 5601
server.host: "10.172.211.14"
server.publicBaseUrl: "https://10.172.211.30:5601"
server.name: "kibana"
server.ssl.enabled: true
server.ssl.certificate: /etc/kibana/kibana.crt
server.ssl.key: /etc/kibana/kibana.key
elasticsearch.hosts: ["https://10.172.211.30:9200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "passworddddd"
elasticsearch.ssl.certificate: /etc/kibana/kibana.crt
elasticsearch.ssl.key: /etc/kibana/kibana.key
elasticsearch.ssl.certificateAuthorities: [ "/etc/kibana/ca.crt" ]
pid.file: /run/kibana/kibana.pid
xpack.security.encryptionKey: "shkhKFBqncoQJCPQJwoixioynoqwneioAOjdnoihfafsfda"
I have created a profile with no configuration limits and assigned a user with that profile to the kibaba configuration. Same mistake.
It seems that it is not from elasticserach permissions. I have read that it could be because of the certificates - but I generated all of them again including the IP in each of them and I managed to solve another problem... but now I have this one.
If in elasticsearch.hosts I put in DNS of the host - then kibana doesn't start... and if I put the IP this connection fails.