We are trying to remove Readonly Rest from authentication equation and setup x-pack on ( ES 7.15 )
[2021-12-23T11:08:27,433][INFO ][o.e.x.s.a.AuthenticationService] [XXXX] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]
[2021-12-23T11:08:27,434][DEBUG][o.e.x.s.r.SecurityRestFilter] [XXXX] Authentication failed for REST request [/]
org.elasticsearch.ElasticsearchSecurityException: unable to authenticate user [elastic] for REST request [/]
I have setup the password using /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive and post that i am seeing the above logs.
I have tried setting up the password from the API however no luck. How can i setup xpack with minimal settings.
Though I'm not sure what " remove Readonly Rest from authentication equation" really means, the log looks only showing the username ('elastic') and password does not match.
As the Elasticsearch-setup-passwords uses elastic bootstrap password, it could not be used after the bootstrap password are changed.
Hey @Tomo_M i am trying to use elasticstack by using natively supported authentication ( xpack ) rather than added plugin ( Readonly Rest from Beshu )
I have redone the config in the meantime and i am getting a differnt error in kibana log now, i have already added the elasticsearch.password into kibana keystore and have elasticsearch.username in my kibana.yml
{"type":"log","@timestamp":"2021-12-25T06:34:04-05:00","tags":["error","savedobjects-service"],"pid":19145,"message":"Unable to retrieve version information from Elasticsearch nodes. security_
`exception: [security_exception] Reason: missing authentication credentials for REST request [/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip]"}`
Not sure what credentials its referring to now
Here are logs from Elasticsearch
[2021-12-25T06:39:31,940][DEBUG][r.suppressed ] [XXXXXX] path: /_nodes, params: {filter_path=nodes.*.version,nodes.*.http.publish_address,nodes.*.ip}
org.elasticsearch.ElasticsearchSecurityException: missing authentication credentials for REST request [/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip]
at org.elasticsearch.xpack.core.security.support.Exceptions.authenticationError(Exceptions.java:19) ~[x-pack-core-7.15.2.jar:7.15.2]
at org.elasticsearch.xpack.core.security.authc.DefaultAuthenticationFailureHandler.createAuthenticationError(DefaultAuthenticationFailureHandler.java:164) ~[x-pack-core-7.15.2.jar:7.15.2]
Sorry I don't understand your prerequisites. In the first place, ELK works on its own. How does the plugin relate to your cluster?
If you want to remove and revert the once installed plugin, ask to the plugin developer will solve the problem sooner.
Anyway, can you access root elasticsearch url and log in to it? If you can and you know the password of user "elastic" (or any other user with appropriate role), you can use "change passwords API" and "create users API".
I found command line elasticsearch-reset-password tool for 8.0, but it is not supported in 7.15.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.