Elasticsearch/Kibana "authentication_failed"

IlyaZ · August 24, 2021, 1:40pm

I am configuring an Elasticsearch/Kibana running under Docker-compose.
And I am have some problems with authentication.
When running docker-compose build:

version: '3.7'

services:
  create_cert:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.14.0
    command: >
      bash -c '
        if [[ ! -f /certs/elasticsearch.p12 || \
              ! -f /certs/kibana.zip ]]; then
          echo "Removing certificates" &&
          rm -rf /certs/* &&

          echo "Generating CA" &&
          bin/elasticsearch-certutil ca --silent --pass QwerTy  --pem --out /certs/ca.zip &&
          unzip /certs/ca.zip -d /certs &&

          echo "Generating certificate for Elasticsearch" &&
          bin/elasticsearch-certutil cert --silent --ca-cert /certs/ca/ca.crt --ca-key /certs/ca/ca.key --ca-pass QwerTy --pass QwerTy --dns elasticsearch --out /certs/elasticsearch.p12 &&

          echo "Generating certificate for Kibana" &&
          bin/elasticsearch-certutil cert --silent --ca-cert /certs/ca/ca.crt --ca-key /certs/ca/ca.key --ca-pass QwerTy --pass QwerTy --pem --dns kibana --out /certs/kibana.zip &&
          unzip /certs/kibana.zip -d /certs &&

          mv /certs/instance/instance.crt /certs/kibana.crt &&
          mv /certs/instance/instance.key /certs/kibana.key &&
          rm -rf /certs/instance &&

          chown -R 1000:0 /certs 
        fi;
       '
    user: "0"
    working_dir: /usr/share/elasticsearch
    volumes:
      - /srv/elasticsearch/certs:/certs
      - /srv/elasticsearch/config:/usr/share/elasticsearch/config/
    networks:
      - elastic
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.14.0
    container_name: elasticsearch
    environment:
      - node.master=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - discovery.type=single-node
      - network.host=0.0.0.0
      - node.name=elasticsearch 
      - discovery.seed_hosts=["127.0.0.1"]

      - xpack.security.enabled=true
      - xpack.security.authc.token.enabled=true
      - xpack.security.audit.enabled=true
      - xpack.security.authc.realms.file.file1.order=0
      - xpack.security.authc.realms.native.native1.order=1
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.keystore.password=QwerTy
      - xpack.security.transport.ssl.truststore.password=QwerTy
      - xpack.security.transport.ssl.keystore.path=certs/elasticsearch.p12
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.keystore.password=QwerTy
      - xpack.security.http.ssl.truststore.password=QwerTy
      - xpack.security.http.ssl.keystore.path=certs/elasticsearch.p12
      - xpack.security.http.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=trial
      - ELASTICSEARCH_USERNAME=elastic
      - ELASTICSEARCH_PASSWORD=changeme
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    cap_add:
      - IPC_LOCK
    user: "0"
    ports:
      - 9200:9200
    networks:
      - elastic
    volumes:
      - /srv/elasticsearch/certs:/usr/share/elasticsearch/config/certs:rw
  kibana:
    container_name: kibana
    image: docker.elastic.co/kibana/kibana:7.14.0
    environment:
      - ELASTICSEARCH_HOSTS=["https://elasticsearch:9200"]
      - ELASTICSEARCH_URL=https://elasticsearch:9200
      - XPACK_SECURITY_ENABLED=true
      - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
      - ELASTICSEARCH_SSL_VERIFICATIONMODE=certificate
      - SERVER_SSL_ENABLED=true
      - SERVER_SSL_KEY=config/certs/kibana.key
      - SERVER_SSL_CERTIFICATE=config/certs/kibana.crt
      - SERVER_SSL_PASSWORD=QwerTy
      - SERVER_SSL_KEYPASSPHRASE=QwerTy
      - XPACK_SECURITY_ENCRYPTIONKEY=aqwqdqwdkoijiojqwdqwdq133wedqqe2
      - ELASTICSEARCH_USERNAME=elastic
      - ELASTICSEARCH_PASSWORD=changeme
    ports:
      - 5601:5601
    depends_on:
      - elasticsearch
    links: ['elasticsearch']
    networks:
      - elastic
    volumes:
      - /srv/elasticsearch/certs:/usr/share/kibana/config/certs:rw
networks:
  elastic:
    driver: bridge

I am getting the error from elasticsearch:

elasticsearch | {"type":"audit", "timestamp":"2021-08-24T13:18:24,001+0000", "node.id":"9dPw2uqMRqyV6aYwbTQ-ZA", "event.type":"rest", "event.action":"authentication_failed", "user.name":"elastic", "origin.type":"rest", "origin.address":"172.18.0.3:41838", "url.path":"/_nodes", "url.query":"filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip", "request.method":"GET", "request.id":"PXNxlu7RQ96o_FFZuA00Yw"}

from kibana:

kibana | {"type":"log","@timestamp":"2021-08-24T13:18:10+00:00","tags":["error","savedobjects-service"],"pid":1213,"message":"Unable to retrieve version information from Elasticsearch nodes. security_exception: [security_exception] Reason: unable to authenticate user [elastic] for REST request [/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip]"}

When run elasticsearch-setup-passwords interactive under elasticsearch container and input passwords (changeme) kibana connect elasticsearch.
I am understand default:

ELASTICSEARCH_USERNAME=elastic
ELASTICSEARCH_PASSWORD=changeme

disable after 6.0.0 version.

How connect kibana with elasticsearch in one docker-compose.yml?

Yang_Wang · August 24, 2021, 1:57pm

The above environment settings do not work for the elasticsearch container. It should be

       - ELASTIC_PASSWORD=changeme

Note it is ELASTIC instead of ELASTICSEARCH.

IlyaZ · August 24, 2021, 2:19pm

Thank you so much!!! It's work!

How I can configuring docker-compose.yml for API key?

Yang_Wang · August 25, 2021, 11:55am

The API key feature is automatically enabled by default when you enable xpack.security.http.ssl.enabled, which is the case of your docker-compose file. You can create API keys using the Create API key API

PS: Currently API keys require you enabling HTTPS. But we will be removing this requirement in future releases.

IlyaZ · August 25, 2021, 5:33pm

Thank you.

system · September 22, 2021, 5:34pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana TLS to Elastic cluster in docker-compose: self signed certificate in certificate chain Kibana	3	10767	April 18, 2020
SSL error in docker container Elasticsearch elastic-stack-security , docker	1	750	December 18, 2023
Security_exception: unable to authenticate user [kibana_system] for REST request [/_nodes?filter_path=nodes..version%2Cnodes..http.publish_address%2Cnodes.*.ip] Kibana elastic-stack-security , docker	2	407	December 18, 2023
Kibana Failed to authenticate with host “https://<IP_Address>:9200”: “” Kibana elastic-stack-security , docker	4	654	March 30, 2024
Kibana unable to authenticate user [elastic] Kibana elastic-stack-security , docker	2	1348	March 22, 2023

Elasticsearch/Kibana "authentication_failed"

Related topics