Cannot SIGHUP Kibana with SSL enabled


#1

I have SSL enabled in kibana using "server.ssl.cert: /etc/opt/zookeeper/kafkapoc.pem" (and the associated key is also set). This works just fine and uses SSL. However, I just configured logrotate and when I send SIGHUP to the kibana process it logs that it is going to reconfigure logging and then exits

/usr/share/kibana/src/server/config/config.js:116
throw results.error;
^

ValidationError: child "server" fails because [child "ssl" fails because ["cert" is not allowed]]
at Object.exports.process (/usr/share/kibana/node_modules/joi/lib/errors.js:140:17)
at internals.Any._validateWithOptions (/usr/share/kibana/node_modules/joi/lib/any.js:649:25)
at root.validate (/usr/share/kibana/node_modules/joi/lib/index.js:102:23)
at Config._commit (/usr/share/kibana/src/server/config/config.js:113:35)
at Config.set (/usr/share/kibana/src/server/config/config.js:84:10)
at Config.extendSchema (/usr/share/kibana/src/server/config/config.js:57:10)

I can change logrotate to do stop/start to workaround this. I recently installed xpack and told it not to enable security (since I already had SSL enabled in my whole ELK / kafka / zookeeper environment. I am not sure if this happens without xpack. Anyways it seems wrong that restart does validation not done on startup.


(Brandon Kobel) #2

@Badger this is caused because of a bug being tracked here. For the time being I'd recommend using elasticsearch.ssl.certificate if you'd like to use SIGHUP to restart the kibana process.


#3

That would be server.ssl.certificate, but yes, that fixes the problem. Thanks!


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.