Failed to start Elasticsearch

Tybe_sacha · October 20, 2023, 1:43pm

Hi everybody,

So I uninstall, clean all directories and reinstall Elastic Kibana.

Here is my conf :

root@srv-elk-ims-2:/usr/share/kibana/bin# ls -l /etc/elasticsearch/
total 56
drwxr-x--- 2 root elasticsearch  4096 Oct 19 14:16 certs
-rw-rw---- 1 root elasticsearch  1042 Sep 19 08:23 elasticsearch-plugins.example.yml
-rw-rw---- 1 root elasticsearch   536 Oct 19 14:16 elasticsearch.keystore
-rw-rw---- 1 root elasticsearch  4049 Oct 20 12:57 elasticsearch.yml
-rw-r----- 1 root elasticsearch  4058 Oct 19 15:04 elasticsearch.yml.backup
-rw-rw---- 1 root elasticsearch  2780 Sep 19 08:23 jvm.options
drwxr-s--- 2 root elasticsearch  4096 Sep 19 08:23 jvm.options.d
-rw-rw---- 1 root elasticsearch 17969 Sep 19 08:23 log4j2.properties
-rw-rw---- 1 root elasticsearch   473 Sep 19 08:23 role_mapping.yml
-rw-rw---- 1 root elasticsearch   197 Sep 19 08:23 roles.yml
-rw-rw---- 1 root elasticsearch     0 Oct 20 13:26 users
-rw-rw---- 1 root elasticsearch     0 Oct 20 13:26 users_roles

root@srv-elk-ims-2:/usr/share/kibana/bin# ls -l /etc/elasticsearch/certs/
total 24
-rw-rw---- 1 root elasticsearch 10045 Oct 19 14:16 http.p12
-rw-rw---- 1 root elasticsearch  1915 Oct 19 14:16 http_ca.crt
-rw-rw---- 1 root elasticsearch  5822 Oct 19 14:16 transport.p12

Here is my elasticsearch.yml :

# Enable security features
xpack.security.enabled: true

xpack.security.enrollment.enabled: true

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["srv-elk-ims-2"]

# Allow HTTP API connections from anywhere
# Connections are encrypted and require user authentication
http.host: 0.0.0.0

# Allow other nodes to join the cluster from anywhere
# Connections are encrypted and mutually authenticated
#transport.host: 0.0.0.0

I configured security with an enrollment token (so automatically I assume) and right now I can access my Kibana with http://ipadress:5601

What the official next step to configure https please ?

Do I need to follow this doc from beggining ?

Thank you for your time, I sincerely appreciate it

grumo35 · October 20, 2023, 1:57pm

Hi,

What you've done is a first nice step !

Yes ! The documentation you've send is really good and explain all the steps

Encrypt Elastic client communication ( used when directly querying or clustering
)
Encrypt Kibana <--> Elasticsearch
Encrypt Kibana <--> Client(s)

Enjoy !

stephenb · October 20, 2023, 2:20pm

Hi @Tybe_sacha

So you're through the completion of the auto security setup! Excellent.

What you don't get with that is HTTPS between your browser and Kibana

No, you don't need to follow all the steps from the beginning. Everything is done except for HTTPS on Kibana 5601

Encrypt traffic between your browser and Kibana are the steps for that.

Of course if you do a self-signed cert which is okay ...your browser is going to complain... But that's okay, you're just going to need to accept it or this is where a publicly signed certificate would work better.

That's your choice.

Tybe_sacha · October 20, 2023, 2:23pm

Hi grumo35,

Thank you for being that fast !

So to resume :

Encrypt Elastic client communication : already done automatically with enrollment token
Encrypt Kibana <--> Elasticsearch :

Copy the elasticsearch-ca.pem file to the Kibana configuration directory, as defined by the $KBN_PATH_CONF path.
Open kibana.yml and add the following line to specify the location of the security certificate for the HTTP layer.

elasticsearch.ssl.certificateAuthorities: $KBN_PATH_CONF/elasticsearch-ca.pem

I don't have any *.pem file ... Is this normal ?

And then :

Encrypt Kibana <--> Client(s)

Tybe_sacha · October 20, 2023, 2:27pm

Hi Stephen,

Thank you too to reply

Ok so I'm reading the documentation and at the beggining it says :

You create a server certificate and private key for Kibana. Kibana uses this server certificate and corresponding private key when receiving connections from web browsers.

Where the certificate is supposed to be ?

Cause I don't have any in /usr/share/kibana

grumo35 · October 20, 2023, 2:27pm

As @stephenb said you might be good for the two first part of the tutorial,

you could just follow through starting from here :
https://www.elastic.co/guide/en/elasticsearch/reference/current/security-basic-setup-https.html#encrypt-kibana-browser

grumo35 · October 20, 2023, 2:29pm

Encrypt Kibana <--> Elasticsearch :

I want to point out that you can easily check if the communication is already secure looking at your Kibana configuration ( it should point on https elastic endpoint )

Also just keep in mind that Kibana is basically just a web server that need a key and a certificate to be able to talk to client using https.

Sooo you really just have to generate those starting with

Generate a server certificate and private key for Kibana.

./bin/elasticsearch-certutil csr -name kibana-server -dns example.com,www.example.com

Tybe_sacha · November 8, 2023, 2:23pm

Hi everybody, thank you very much for your time.

My project had to be stopped but your answers helped me a lot to understand how Elastic, Kibana, encryption work.

Have a good day

system · December 6, 2023, 2:23pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.