Beats issue with keystore and Nginx basic auth


I have an issue since cluster and beats has bee updated to 6.7
i have a Nginx front-end that handle basic-auth to access ES.

Steps done:
Old keystore seems to not be recognized since update. ( filebeat keystore list reply nothing )
When password is in filebeat.yml (in clear), there is no issue.
When recreating keystore, Nginx replay with an Error 401.
Same error on filebeat and metricbeat

filebeat config:

    enabled: true
    path: /etc/filebeat/inputs.d/*.yml
    reload.enabled: true
    reload.period: 30s
    enabled: true
    path: /etc/filebeat/modules.d/*.yml
    reload.enabled: true
    reload.period: 30s

- add_locale:
    format: abbreviation
- add_cloud_metadata: ~
- add_host_metadata: ~

  hosts: ["https://ip:port"]
  ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
  username: "beats"
  password: "$(ES_PWD)"

  index.number_of_shards: 1
  index.number_of_replicas: 0

  host: "ip:port"
  protocol: "https"
  ssl.enabled: true
  ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
  username: kibana
  password: "${KI_PWD}"

This is indead a bug in 6.7.0 a fix will be included in 6.7.1, but in the meantime you can use the following workaround.

Thanks for your quick answer, i tried this already and i keep issuing the same error
i just did a new try
filebeat test output:

elasticsearch: https://ip:port...
  parse url... OK
    parse host... OK
    dns lookup... OK
    addresses: ip
    dial up... OK
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.2
    dial up... OK
  talk to server... ERROR 401 Unauthorized: <html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.