Elasticsearch/Kibana "authentication_failed"

I am configuring an Elasticsearch/Kibana running under Docker-compose.
And I am have some problems with authentication.
When running docker-compose build:

version: '3.7'

services:
  create_cert:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.14.0
    command: >
      bash -c '
        if [[ ! -f /certs/elasticsearch.p12 || \
              ! -f /certs/kibana.zip ]]; then
          echo "Removing certificates" &&
          rm -rf /certs/* &&

          echo "Generating CA" &&
          bin/elasticsearch-certutil ca --silent --pass QwerTy  --pem --out /certs/ca.zip &&
          unzip /certs/ca.zip -d /certs &&

          echo "Generating certificate for Elasticsearch" &&
          bin/elasticsearch-certutil cert --silent --ca-cert /certs/ca/ca.crt --ca-key /certs/ca/ca.key --ca-pass QwerTy --pass QwerTy --dns elasticsearch --out /certs/elasticsearch.p12 &&

          echo "Generating certificate for Kibana" &&
          bin/elasticsearch-certutil cert --silent --ca-cert /certs/ca/ca.crt --ca-key /certs/ca/ca.key --ca-pass QwerTy --pass QwerTy --pem --dns kibana --out /certs/kibana.zip &&
          unzip /certs/kibana.zip -d /certs &&

          mv /certs/instance/instance.crt /certs/kibana.crt &&
          mv /certs/instance/instance.key /certs/kibana.key &&
          rm -rf /certs/instance &&

          chown -R 1000:0 /certs 
        fi;
       '
    user: "0"
    working_dir: /usr/share/elasticsearch
    volumes:
      - /srv/elasticsearch/certs:/certs
      - /srv/elasticsearch/config:/usr/share/elasticsearch/config/
    networks:
      - elastic
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.14.0
    container_name: elasticsearch
    environment:
      - node.master=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - discovery.type=single-node
      - network.host=0.0.0.0
      - node.name=elasticsearch 
      - discovery.seed_hosts=["127.0.0.1"]

      - xpack.security.enabled=true
      - xpack.security.authc.token.enabled=true
      - xpack.security.audit.enabled=true
      - xpack.security.authc.realms.file.file1.order=0
      - xpack.security.authc.realms.native.native1.order=1
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.keystore.password=QwerTy
      - xpack.security.transport.ssl.truststore.password=QwerTy
      - xpack.security.transport.ssl.keystore.path=certs/elasticsearch.p12
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.keystore.password=QwerTy
      - xpack.security.http.ssl.truststore.password=QwerTy
      - xpack.security.http.ssl.keystore.path=certs/elasticsearch.p12
      - xpack.security.http.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=trial
      - ELASTICSEARCH_USERNAME=elastic
      - ELASTICSEARCH_PASSWORD=changeme
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    cap_add:
      - IPC_LOCK
    user: "0"
    ports:
      - 9200:9200
    networks:
      - elastic
    volumes:
      - /srv/elasticsearch/certs:/usr/share/elasticsearch/config/certs:rw
  kibana:
    container_name: kibana
    image: docker.elastic.co/kibana/kibana:7.14.0
    environment:
      - ELASTICSEARCH_HOSTS=["https://elasticsearch:9200"]
      - ELASTICSEARCH_URL=https://elasticsearch:9200
      - XPACK_SECURITY_ENABLED=true
      - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
      - ELASTICSEARCH_SSL_VERIFICATIONMODE=certificate
      - SERVER_SSL_ENABLED=true
      - SERVER_SSL_KEY=config/certs/kibana.key
      - SERVER_SSL_CERTIFICATE=config/certs/kibana.crt
      - SERVER_SSL_PASSWORD=QwerTy
      - SERVER_SSL_KEYPASSPHRASE=QwerTy
      - XPACK_SECURITY_ENCRYPTIONKEY=aqwqdqwdkoijiojqwdqwdq133wedqqe2
      - ELASTICSEARCH_USERNAME=elastic
      - ELASTICSEARCH_PASSWORD=changeme
    ports:
      - 5601:5601
    depends_on:
      - elasticsearch
    links: ['elasticsearch']
    networks:
      - elastic
    volumes:
      - /srv/elasticsearch/certs:/usr/share/kibana/config/certs:rw
networks:
  elastic:
    driver: bridge

I am getting the error from elasticsearch:

elasticsearch | {"type":"audit", "timestamp":"2021-08-24T13:18:24,001+0000", "node.id":"9dPw2uqMRqyV6aYwbTQ-ZA", "event.type":"rest", "event.action":"authentication_failed", "user.name":"elastic", "origin.type":"rest", "origin.address":"172.18.0.3:41838", "url.path":"/_nodes", "url.query":"filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip", "request.method":"GET", "request.id":"PXNxlu7RQ96o_FFZuA00Yw"}

from kibana:

kibana | {"type":"log","@timestamp":"2021-08-24T13:18:10+00:00","tags":["error","savedobjects-service"],"pid":1213,"message":"Unable to retrieve version information from Elasticsearch nodes. security_exception: [security_exception] Reason: unable to authenticate user [elastic] for REST request [/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip]"}

When run elasticsearch-setup-passwords interactive under elasticsearch container and input passwords (changeme) kibana connect elasticsearch.
I am understand default:

ELASTICSEARCH_USERNAME=elastic
ELASTICSEARCH_PASSWORD=changeme

disable after 6.0.0 version.

How connect kibana with elasticsearch in one docker-compose.yml?

The above environment settings do not work for the elasticsearch container. It should be

       - ELASTIC_PASSWORD=changeme

Note it is ELASTIC instead of ELASTICSEARCH.

Thank you so much!!! It's work!

How I can configuring docker-compose.yml for API key?

The API key feature is automatically enabled by default when you enable xpack.security.http.ssl.enabled, which is the case of your docker-compose file. You can create API keys using the Create API key API

PS: Currently API keys require you enabling HTTPS. But we will be removing this requirement in future releases.

Thank you.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.