Elasticsearch stop working after enable x-pack

ikakavas · August 15, 2019, 4:23pm

If you don't use other realms ,the native realm is enabled by default as we say in our documentation:
https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-native-realm.html

Just remove the

xpack.security.authc.realms.native:  xpack:
  security:
    authc:
      realms:
        native:
          native1:
            order: 0

part entirely. For reference, the correct way to define the native realm ,if need be , would be like :

xpack:
  security:
    authc:
      realms:
        native:
          native1:
            order: 0

as also shown in the same doc above.

Ayush_Verma · August 16, 2019, 6:52am

I did every thing elasticsearch is up and running kibana is also up and running but after firing this curl -XEGT -u kibana '10.128.*.**:5601/' i got this.
Kibana server is not ready yet

kibana log:

     green - Ready","prevState":"yellow","prevMsg":"Waiting for Elasticsearch"}
{"type":"log","@timestamp":"2019-08-16T06:52:34Z","tags":["status","plugin:index_lifecycle_management@7.3.0","info"],"pid":18478,"state":"green","message":"Status changed from
 yellow to green - Ready","prevState":"yellow","prevMsg":"Waiting for Elasticsearch"}
{"type":"log","@timestamp":"2019-08-16T06:52:34Z","tags":["status","plugin:rollup@7.3.0","info"],"pid":18478,"state":"green","message":"Status changed from yellow to green - R
eady","prevState":"yellow","prevMsg":"Waiting for Elasticsearch"}
{"type":"log","@timestamp":"2019-08-16T06:52:34Z","tags":["status","plugin:remote_clusters@7.3.0","info"],"pid":18478,"state":"green","message":"Status changed from yellow to 
green - Ready","prevState":"yellow","prevMsg":"Waiting for Elasticsearch"}
{"type":"log","@timestamp":"2019-08-16T06:52:34Z","tags":["status","plugin:cross_cluster_replication@7.3.0","info"],"pid":18478,"state":"green","message":"Status changed from 
yellow to green - Ready","prevState":"yellow","prevMsg":"Waiting for Elasticsearch"}
{"type":"log","@timestamp":"2019-08-16T06:52:34Z","tags":["status","plugin:file_upload@7.3.0","info"],"pid":18478,"state":"green","message":"Status changed from yellow to gree
n - Ready","prevState":"yellow","prevMsg":"Waiting for Elasticsearch"}
{"type":"log","@timestamp":"2019-08-16T06:52:34Z","tags":["status","plugin:snapshot_restore@7.3.0","info"],"pid":18478,"state":"green","message":"Status changed from yellow to
 green - Ready","prevState":"yellow","prevMsg":"Waiting for Elasticsearch"}
{"type":"log","@timestamp":"2019-08-16T06:52:34Z","tags":["info","monitoring","kibana-monitoring"],"pid":18478,"message":"Starting monitoring stats collection"}
{"type":"log","@timestamp":"2019-08-16T06:52:34Z","tags":["status","plugin:maps@7.3.0","info"],"pid":18478,"state":"green","message":"Status changed from yellow to green - Rea
dy","prevState":"yellow","prevMsg":"Waiting for Elasticsearch"}
{"type":"log","@timestamp":"2019-08-16T06:52:35Z","tags":["status","plugin:reporting@7.3.0","info"],"pid":18478,"state":"green","message":"Status changed from uninitialized to
 green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2019-08-16T06:52:35Z","tags":["status","plugin:spaces@7.3.0","error"],"pid":18478,"state":"red","message":"Status changed from yellow to red - acti
on [indices:admin/get] is unauthorized for user [kibana]: [security_exception] action [indices:admin/get] is unauthorized for user [kibana]","prevState":"yellow","prevMsg":"Wa
iting for Elasticsearch"}
{"type":"log","@timestamp":"2019-08-16T06:52:36Z","tags":["fatal","root"],"pid":18478,"message":"{ [security_exception] action [indices:admin/get] is unauthorized for user [ki
bana] :: {\"path\":\"/kibanaindx\",\"query\":{},\"statusCode\":403,\"response\":\"{\\\"error\\\":{\\\"root_cause\\\":[{\\\"type\\\":\\\"security_exception\\\",\\\"reason\\\":\
\\"action [indices:admin/get] is unauthorized for user [kibana]\\\"}],\\\"type\\\":\\\"security_exception\\\",\\\"reason\\\":\\\"action [indices:admin/get] is unauthorized for
 user [kibana]\\\"},\\\"status\\\":403}\"}\n    at respond (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:315:15)\n    at checkRespForFailure (/usr/share/k
ibana/node_modules/elasticsearch/src/lib/transport.js:274:7)\n    at HttpConnector.<anonymous> (/usr/share/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:166:7)\
n    at IncomingMessage.wrapper (/usr/share/kibana/node_modules/elasticsearch/node_modules/lodash/lodash.js:4929:19)\n    at IncomingMessage.emit (events.js:194:15)\n    at en
dReadableNT (_stream_readable.js:1103:12)\n    at process._tickCallback (internal/process/next_tick.js:63:19)\n  status: 403,\n  displayName: 'AuthorizationException',\n  mess
age:\n   'action [indices:admin/get] is unauthorized for user [kibana]: [security_exception] action [indices:admin/get] is unauthorized for user [kibana]',\n  path: '/kibanain
dx',\n  query: {},\n  body:\n   { error:\n      { root_cause: [Array],\n        type: 'security_exception',\n        reason:\n         'action [indices:admin/get] is unauthori
zed for user [kibana]' },\n     status: 403 },\n  statusCode: 403,\n  response:\n   '{\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"action [indices:
admin/get] is unauthorized for user [kibana]\"}],\"type\":\"security_exception\",\"reason\":\"action [indices:admin/get] is unauthorized for user [kibana]\"},\"status\":403}',
\n  toString: [Function],\n  toJSON: [Function],\n  isBoom: true,\n  isServer: false,\n  data: null,\n  output:\n   { statusCode: 403,\n     payload:\n      { message:\n      
   'action [indices:admin/get] is unauthorized for user [kibana]: [security_exception] action [indices:admin/get] is unauthorized for user [kibana]',\n        statusCode: 403,
\n        error: 'Forbidden' },\n     headers: {} },\n  reformat: [Function],\n  [Symbol(SavedObjectsClientErrorCode)]: 'SavedObjectsClient/forbidden' }"}
{"type":"log","@timestamp":"2019-08-16T06:52:54Z","tags":["info","plugins-system"],"pid":18591,"message":"Setting up [1] plugins: [translations]"}
{"type":"log","@timestamp":"2019-08-16T06:52:54Z","tags":["info","plugins","translations"],"pid":18591,"message":"Setting up plugin"}
{"type":"log","@timestamp":"2019-08-16T06:52:54Z","tags":["info","plugins-system"],"pid":18591,"message":"Starting [1] plugins: [translations]"}

Ayush_Verma · August 16, 2019, 6:56am

kibana.yml :

server.port: 5601
# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: 10.128.0.26
# Enables you to specify a path to mount Kibana at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
#server.basePath: ""
# Specifies whether Kibana should rewrite requests that are prefixed with
# `server.basePath` or require that they are rewritten by your reverse proxy.
# This setting was effectively always `false` before Kibana 6.3 and will
# default to `true` starting in Kibana 7.0.
#server.rewriteBasePath: false
# The maximum payload size in bytes for incoming server requests.
#server.maxPayloadBytes: 1048576
# The Kibana server's name.  This is used for display purposes.
server.name: testing
# The URLs of the Elasticsearch instances to use for all your queries.
elasticsearch.hosts: http://10.128.0.26:9200
# When this setting's value is true Kibana uses the hostname specified in the server.host
# setting. When the value of this setting is false, Kibana uses the hostname of the host
# that connects to this Kibana instance.
#elasticsearch.preserveHost: true
# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
# dashboards. Kibana creates a new index if the index doesn't already exist.
kibana.index: kibanaindx
# The default application to load.
#kibana.defaultAppId: "home"

# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
elasticsearch.username: "kibana"
elasticsearch.password: "kibana"
# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
#server.ssl.enabled: false
#server.ssl.certificate: /path/to/your/server.crt
#server.ssl.key: /path/to/your/server.key
# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
# These files validate that your Elasticsearch backend uses the same key files.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key

# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
# These files validate that your Elasticsearch backend uses the same key files.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key
# Optional setting that enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]
# To disregard the validity of SSL certificates, change this setting's value to 'none'.
#elasticsearch.ssl.verificationMode: full
# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
# the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500
# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
#elasticsearch.requestTimeout: 30000
# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]
# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 30000
# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying.
#elasticsearch.startupTimeout: 5000
# Logs queries sent to Elasticsearch. Requires logging.verbose set to true.
#elasticsearch.logQueries: false
# Specifies the path where Kibana creates the process ID file.
#pid.file: /var/run/kibana.pid
# Enables you specify a file where Kibana stores log output.
logging.dest: /etc/kibana/kibana.log
xpack.security.encryptionKey: "something_at_least_32_characters"
xpack.reporting.encryptionKey: "kibana"
#xpack.monitoring.enabled: true
# Set the value of this setting to true to suppress all logging output.
#logging.silent: false
# Set the value of this setting to true to suppress all logging output other than error messages.
#logging.quiet: false
# Set the value of this setting to true to log all events, including system usage information
# and all requests.
#logging.verbose: false
# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000.
#ops.interval: 5000
# Specifies locale to be used for all localizable strings, dates and number formats.
# Supported languages are the following: English - en , by default , Chinese - zh-CN . 
#i18n.locale: "en"

ikakavas · August 16, 2019, 7:10am

There is no point usually doing a curl to Kibana. You most probably want to use Kibana as a user interface so you'd normally access that with your browser.

Also, kibana is the user that Kibana uses to communicate to Elasticsearch, and should not be the user you use to authenticate to Kibana as an end user.

So, open up your browser, type http://<YOUR IP ADDRESS>:5601 , and when prompted for a username and password, use elastic as the username and the password you have set for the elastic user.

Ayush_Verma · August 16, 2019, 7:15am

yes i did that too and its printing same message Kibana server is not ready yet in the web browser. Also i am getting this message before username and password. What else i can do.

should i do this .

Set up roles and users to control access to Elasticsearch.

For example, to grant John Doe full access to all indices that match the pattern events* and enable him to create visualizations and dashboards for those indices in Kibana, you could create an events_admin role and assign the role to a new johndoe user.

curl -XPOST -u elastic 'localhost:9200/_security/role/events_admin' -H "Content-Type: application/json" -d '{
  "indices" : [
    {
      "names" : [ "events*" ],
      "privileges" : [ "all" ]
    },
    {
      "names" : [ ".kibana*" ],
      "privileges" : [ "manage", "read", "index" ]
    }
  ]
}'

curl -XPOST -u elastic 'localhost:9200/_security/user/johndoe' -H "Content-Type: application/json" -d '{
  "password" : "userpassword",
  "full_name" : "John Doe",
  "email" : "john.doe@anony.mous",
  "roles" : [ "events_admin" ]
}'

ikakavas · August 16, 2019, 8:01am

Yes, at some point, but not for this exact problem you are seeing now.

Try using a different browser or try restarting your browser, or try clearing your cache and cookies. When you get prompted for username/password again, use the elastic user and its password.

Ayush_Verma · August 19, 2019, 5:56am

Really thanx, now everything is working fine.

system · September 16, 2019, 5:56am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.