Disable enrolment-token requirement on initial startup of Elasticsearch and Kibana

Hello. I'm running Elasticsearch and Kibana via docker containers, whose images I'm building from the Dockerfiles from this repository: GitHub - elastic/dockerfiles: Dockerfiles for the official Elastic Stack images. On initial startup, Elasticsearch logs an enrolment token and password to be used to login to the Kibana UI.

I'm wondering if it's possible to configure either the elasticsearch.yml file or the kibana.yml file, or both, in such a way that the need to enter an enrolment token is no longer required. Also, is there a way to preconfigure the password needed for authentication?

Have you looked at this

Hi Stephen. Thanks for the link! I had not seen it. I followed the instructions and was able to start Elasticsearch and Kibana while bypassing the requirement for the enrolment token. That is what I was looking for.

However, I guess I'm trying to understand exactly which parts of the code are responsible for disabling the enrolment token. If you have any clues or other links that would help to understand, it would be greatly appreciated. Thanks!

Hi @Matt_Johnston

I will Take another look when I get a chance, but I'm pretty sure it's just the fact that the needed settings are set before Kibana starts.

      - ELASTICSEARCH_HOSTS=https://es01:9200
      - ELASTICSEARCH_USERNAME=kibana_system
      - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
      - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt

Pretty sure this is easy to test. You can simply download a copy of Kibana, put some values for those in the Kibana.yml or set ENV and for those doesn't really matter if it connects or not and pretty sure it'll start up without asking for the token.

1 Like

Hi Stephen. Sure enough, when I comment out these three lines

# - ELASTICSEARCH_HOSTS=https://es01:9200
# - ELASTICSEARCH_USERNAME=kibana_system
# - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}

and then run the containers again, Kibana asks for the enrolment token. Thanks a bunch!

2 Likes

So, I've been trying out a few different things and had another question. I decided to see if I could run separate kibana and elasticsearch containers from the Github repository I linked to above and configure them in a way that the enrolment token was not necessary. I wanted to see if I could mimic what the docker-compose.yml file does based on what I understand are the key parts of why the enrolment token doesn't show up when I run the contains through Docker Compose.

In the kibana.yml file I added these two lines:

elasticsearch.username: kibana_system
elasticsearch.password: kibana

similar to what the docker-compose.yml file has as environment variables for the kibana container. However, when I run the elasticsearch and kibana containers and try to access kibana in the browser, I get a message in the top left corner of the browser saying that the "Kibana server is not ready yet." Any idea what's going on here?

Most likely there is a network issue.. the containers don't know about each other suspect you need to read a bit about docker networking and host network vs docker networks...

Some reading here..

Please start new threads with the appropriate Subject if you have more questions..

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.