Failed to connect to backoff

rachelyang · September 22, 2021, 6:13pm

I set up minimum and basic TLS security for the Elasticsearch cluster. The metricbeat cannot push data to the Elasticsearch node. Here is the error in log file.
metricbeat[26335]: 2021-09-22T18:08:39.471Z ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(Elasticsearch(http://localhost:9200)): 401 Unauthorized: {"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":"Basic realm="security" charset="UTF-8""}}],"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":"Basic realm="security" charset="UTF-8""}},"status":401}
How do I set up communication between metricbeat and secured Elasticsearch?

TimV · September 23, 2021, 4:45am

rachelyang · September 23, 2021, 2:45pm

Hi Tim,
Thanks for your help. I set up api key to grant access for Metricbeat. Here is my Post:
curl -X POST "localhost:9200/_security/api_key?pretty" -H 'Content-Type: application/json' -d'
{
"name": "metricbeat_host001",
"expiration": "10y",
"role_descriptors": {
"metricbeat_writer": {
"cluster": ["all"],
"index": [
{
"names": ["metricbeat-"],
"privileges": ["view_index_metadata", "create_doc"]
}
]
},
"metricbeat_monitoring": {
"cluster": ["monitor"],
"index": [
{
"names": [".monitoring-beats-"],
"privileges": ["create_index", "create"]
}
]
},
"metricbeat_setup": {
"cluster": ["all"],
"index": [
{
"names": ["metricbeat-*"],
"privileges": ["all"]
}
]
}
}
}
'
I got an error in the reply.
{
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "missing authentication credentials for REST request [/_security/api_key?pretty]",
"header" : {
"WWW-Authenticate" : "Basic realm="security" charset="UTF-8""
}
}
],
"type" : "security_exception",
"reason" : "missing authentication credentials for REST request [/_security/api_key?pretty]",
"header" : {
"WWW-Authenticate" : "Basic realm="security" charset="UTF-8""
}
},
"status" : 401
}
What credential do I miss?

rachelyang · September 23, 2021, 3:14pm

I added username:password in the post curl:
curl --user beats_system:YUXmRQJ2rflzBMUyXIgu -X POST "localhost:9200/_security/api_key?pretty" -H 'Content-Type: application/json' -d'{
"name": "metricbeat_host001",
"role_descriptors": {
"metricbeat_writer": {
"cluster": ["all"],
"index": [
{
"names": ["metricbeat-"],
"privileges": ["view_index_metadata", "create_doc"]
}
]
},
"metricbeat_monitoring": {
"cluster": ["monitor"],
"index": [
{
"names": [".monitoring-beats-"],
"privileges": ["create_index", "create"]
}
]
},
"metricbeat_setup": {
"cluster": ["all"],
"index": [
{
"names": ["metricbeat-*"],
"privileges": ["all"]
}
]
}
}
}
'

The error message:
{
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "action [cluster:admin/xpack/security/api_key/create] is unauthorized for user [beats_system] with roles [beats_system], this action is granted by the cluster privileges [manage_own_api_key,manage_api_key,manage_security,all]"
}
],
"type" : "security_exception",
"reason" : "action [cluster:admin/xpack/security/api_key/create] is unauthorized for user [beats_system] with roles [beats_system], this action is granted by the cluster privileges [manage_own_api_key,manage_api_key,manage_security,all]"
},
"status" : 403
}
Which role can create api key?

TimV · September 24, 2021, 2:20am

You can use a superuser like elastic to create an API Key, however for a production environment we would typically recommend you create a dedicated user to manage API Keys for your beats.

system · October 22, 2021, 2:20am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.