Cannot log into Kibana as anyone except kibana user


(Mark Petronic) #1

I just installed ES/Kibana 6.1.1 and setup xpack per documentation. I also installed logstash 6.0.0 (latest as of now). I am able to run logstash and input from Kafka and output to my ES cluster of a single node, for now. I can log into Kibana using the built in default kibana username and can see all the cluster metrics and logstash metrics under monitoring.

However, when I list the indices in the developer console, I only see this:

health status index                             uuid                   pri rep docs.count docs.deleted store.size pri.store.size
yellow open   .kibana                           onBrS8iFSAmJECqH8sIZcw   1   1         19            5       57kb           57kb
yellow open   .monitoring-logstash-6-2018.01.06 453cZGrQTm2b0RDJ3tWAVg   1   1                                                  
yellow open   .watcher-history-7-2018.01.06     FQUkM1gVTXyoKwz6hIIfYg   1   1                                                  
yellow open   .monitoring-kibana-6-2018.01.06   dxUgc_nnTN-Y_flXRupWmw   1   1                                                  
yellow open   .monitoring-es-6-2018.01.05       YJtY2MThRae_LbP1ldIC0Q   1   1                                                  
yellow open   .monitoring-es-6-2018.01.06       -bgg9OItQmuBNXSCqlqvyQ   1   1                                                  
yellow open   netflow-logstash-metrics          PdfqU0klS_qgK47A7s9hag   5   1                                                  
yellow open   .monitoring-kibana-6-2018.01.05   0ycDq7rOQsKNmicFfY7xFg   1   1                                                  
yellow open   .watches                          ipiQTdyeSpmLuQX2DI7rIQ   1   1                                                  
yellow open   .triggered_watches                WodWN5ZkRsyo1g3fDhgMeg   1   1                                                  
yellow open   netflow-raw-2018.01.06            ecjw1ESJSBaAg_eXlcR7GA   5   1                                                  
yellow open   .watcher-history-7-2018.01.05     dq5xyp7gQ-CdBLcQBIQAvg   1   1                                                  
yellow open   .watcher-history-6-2018.01.05     0tuzDguGSHixzEmHQ80gMA   1   1                                                  
green  open   .security-6                       uGdWarZnTluI5PkFk4EVQA   1   0                                                  
yellow open   netflow-raw-2018.01.04            UV8cSXrSSDap8X7lUGdhXg   5   1                                                  
yellow open   .monitoring-alerts-6              j_6tp5kET1a2nBFzJu3r9g   1   1                                                  

But I know data is there because a curl command from a terminal like this works:

curl -u elastic:xxxxx -XGET "http://elastic01:9200/_cat/indices?v"
health status index                             uuid                   pri rep docs.count docs.deleted store.size pri.store.size
yellow open   .kibana                           onBrS8iFSAmJECqH8sIZcw   1   1         19            5       57kb           57kb
yellow open   .monitoring-logstash-6-2018.01.06 453cZGrQTm2b0RDJ3tWAVg   1   1       3846            0    693.3kb        693.3kb
yellow open   .watcher-history-7-2018.01.06     FQUkM1gVTXyoKwz6hIIfYg   1   1       7942            0      7.8mb          7.8mb
yellow open   .monitoring-kibana-6-2018.01.06   dxUgc_nnTN-Y_flXRupWmw   1   1       6810            0      1.8mb          1.8mb
yellow open   .monitoring-es-6-2018.01.05       YJtY2MThRae_LbP1ldIC0Q   1   1       5594          148      3.1mb          3.1mb
yellow open   .monitoring-es-6-2018.01.06       -bgg9OItQmuBNXSCqlqvyQ   1   1     124415          440     57.6mb         57.6mb
yellow open   netflow-logstash-metrics          PdfqU0klS_qgK47A7s9hag   5   1      15893            0      4.8mb          4.8mb
yellow open   .monitoring-kibana-6-2018.01.05   0ycDq7rOQsKNmicFfY7xFg   1   1        162            0    170.2kb        170.2kb
yellow open   .watches                          ipiQTdyeSpmLuQX2DI7rIQ   1   1          5            0     76.4kb         76.4kb
yellow open   .triggered_watches                WodWN5ZkRsyo1g3fDhgMeg   1   1          0            0      403kb          403kb
yellow open   netflow-raw-2018.01.06            ecjw1ESJSBaAg_eXlcR7GA   5   1   39008107            0      7.4gb          7.4gb
yellow open   .watcher-history-7-2018.01.05     dq5xyp7gQ-CdBLcQBIQAvg   1   1        294            0    391.4kb        391.4kb
yellow open   .watcher-history-6-2018.01.05     0tuzDguGSHixzEmHQ80gMA   1   1        147            0    292.9kb        292.9kb
green  open   .security-6                       uGdWarZnTluI5PkFk4EVQA   1   0          4            0     15.8kb         15.8kb
yellow open   netflow-raw-2018.01.04            UV8cSXrSSDap8X7lUGdhXg   5   1       7137            0      2.5mb          2.5mb
yellow open   .monitoring-alerts-6              j_6tp5kET1a2nBFzJu3r9g   1   1          1            0     12.9kb         12.9kb

No matter which user I log into Kibana with, it always seems to log in as the kibana user. I have tried as the elastic user and a new user mpetronic that I also created from using curl and user API. In either case, if you look at the lower left panel in kibana where the logout link is, the user always shows up as "kibana". So, I cannot use the management feature to manage users or do pretty much anything. I know that no one should even be logging in using the kibana user. Can anyone shed some light?

Besides the defaults, the configuration files have:

/etc/kibana/kibana.yml:

elasticsearch.username: "kibana"
elasticsearch.password: "xxxxxx"

/etc/elasticsearch/elasticsearch.yml:

xpack.ssl.key: certs/node-1/node-1.key
xpack.ssl.certificate: certs/node-1/node-1.crt
xpack.ssl.certificate_authorities: certs/ca/ca.crt
xpack.security.transport.ssl.enabled: false

(Felix Stürmer) #2

Hi @mpetronic,

that definitely sounds weird. The kibana user is intended for use by the Kibana server only (via the elasticsearch.username setting). So your kibana.yml looks correct. I would first try to ensure that the browser does not use any stale state, so deleting the cookies and localstorage would be first step. Maybe trying to log in from a "private browsing"/"incognito" session would be a good test. Which browser version are you using?


(Mark Petronic) #3

WOW! That did the trick. I just deleted all cookies from Chrome. Never
thought of that. I feel like I was trying to rewire my whole house because
the light would not turn on without first checking if the light bulb was
burned out. Duh! Thank you, Felix for the tip!


(Felix Stürmer) #4

Sometimes browsers do the weirdest non-standard things to the cookies. Add to that some browser extensions and one can end up with a very flaky system. :wink: Glad it worked out for you!


(system) #5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.