I have a one node Elasticsearch (1.7.1) cluster setting up with Marvel and Kibana and everything working OK. Then I followed the Shield (1.3.2) online doc to install the product, created an admin user, marvel_agent and marvel_user. But I got the following error when I restart ES:
error adding the marvel template to [x.x.x.x:8200] response code [401 Unauthorized]. content: [{"error":"AuthenticationException[missing authentication token for REST request [/_template/marvel]]","status":401}]
could not connect to any configured elasticsearch instances: [x.x.x.x:8200]
After I login to Marvel UI as admin, I am not able to see any index in the Overview page. What's wrong?
Thanks for the reply, Jay. If you are referring the following credentials, I already confirmed that these are the default setting in the roles.yml right after I installed the Shield. All I did was to create the user marvel_agent and marvel_user after the install and restart ES according to the install doc. But it didn't work. If you are referring other credentials than this. please be more specific, may be I am missing something. Appreciate your help - Ming
on the marvel indices
marvel_user:
cluster: cluster:monitor/nodes/info, cluster:admin/plugin/license/get
indices:
'.marvel-*': all
Sorry I wasn't more specific; in your elasticsearch.yml file did you specify the marvel.agent.exporter.es.hosts setting with a user that has the marvel_agent role? If not, you will need to do that so that the exporter can index into the cluster.
I didn't do that change. When I read that section, somehow I got caught in the langue that it is only for configuring HTTPS. Once I make the change I am able to see all the indices. But one more question, the password of that user is in plain text in the elasticsearch.yml. which is a security concern. How to encrypt the password in the yml file, or I didn't do it correctly?
You have done it correctly. The password is in plaintext and that is a limitation that currently exists. We're looking at ways to provide better security for this, but there are some issues. If you have an encrypted value, then a key is needed to decrypt the value, and if the key is right next to the encrypted data then there really is not much added security.
One option, could be to use the elasticsearch prompt support, and start elasticsearch in the foreground. This will require you to enter the value for the marvel.agent.exporter.es.hosts when you start elasticsearch. This way your passwords are not stored in the elasticsearch.yml file. More information can be found at https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-configuration.html#styles (look for ${prompt.text} and ${prompt.secret}).
Thanks for the reply. While the suggestion is a work around to the plain text, we then can't practically start ES automatically, e.g. after a server reboot. So I will just wait for the enhancement on this issue.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.