Https endpoint for LB healthcheck


#1

Hi,

What is the recommended api endpoint in Kibana for my LB to conduc healthcheck at defined interval via https connection?


(Marius Dragomir) #2

You can use the /api/status endpoint and look for the overall state to be green.


#3

Thanks, we will try this. Health check will be conducted by load balancer, so it will wait for 200 response code if it is up to validate that the packet can be forwarded to kibana host.


#4

@Marius_Dragomir, our load balancer will access kibana /api/status over ssl.

How can LB access it without providing username and password? or if there is any best practice to encrypt it and pull that credential during healthcheck?

curl -I --cacert ./certs/ca.crt 'https://kibana:5601/api/status'
HTTP/1.1 401 Unauthorized


(Marius Dragomir) #5

passing the username and password is the easiest way. you could set up a an user with no role assigned: this way he will have no permission to do or modify anything, and it still has access to the status API.


#6

I tried it but didn't work. I am testing it at 6.5 version. I even escalated it to superuser role... With the reserve role (kibana), it is working fine. with the custom role, it didn't work. I am sure my password is correct because I logged in to kibana using that account.

bash-4.2$ curl -I -u kibana:###### --cacert ./ca.crt 'https://kibana.local:5601/api/status'
HTTP/1.1 200 OK
kbn-name: kibana
kbn-xpack-sig: 32a2457688f21bd7fbb13c6cefbb1447
content-type: application/json; charset=utf-8
set-cookie: sid=Fe26.206dc603ec054ffdcb8893ea07bd43019f6d59e13cab87bd2cec52cea4826b7ec8f3jO7GK53sI15EK04kj2QWt5YgypubItbKLEFqTFD8zRpmNqxWT7ie5qG5nwGZkcwdlMlfp4GSM5RNRaDb7E_IyhTb3SVbfb93FQ-220aYapCrSfX0kbktpI1-f4X1GssbpSKEEt5M_McyTluYHNsvh-QTFyAO8tgDIxGoQRR6w813928d7d71e5c63b0768d977a318be67eee5b722c33e47526760812f6553074*tvb0WwIWWOYNWTHyiV58WXzlFGOKrGmKcjTT6poLYeU; Secure; HttpOnly; Path=/
cache-control: no-cache
connection: close
Date: Wed, 05 Dec 2018 03:39:10 GMT

bash-4.2$ curl -I -u f5lb:###### --cacert ./ca.crt 'https://kibana.local:5601/api/status'
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Bearer realm="security"
WWW-Authenticate: Basic realm="security" charset="UTF-8"
kbn-name: kibana
kbn-xpack-sig: 32a2457688f21bd7fbb13c6cefbb1447
content-type: application/json; charset=utf-8
cache-control: no-cache
connection: close
Date: Wed, 05 Dec 2018 03:39:15 GMT