I am using ELK cluster consists of three nodes. I can't access Kibana using its URL https://kibana_IP:5601.
When I checked the logs of /var/log/elasticsearch/elasticsearch.log I found these errors:
Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]
When I checked the logs of kibana, I found the below error:
Unable to authenticate user [kibana_system] for REST request [/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip]
I tried to reset the password for elastic user using this command /usr/share/elasticsearch/bin/elasticsearch-reset-password -i -u elastic
but I got this error:
Error: Failed to determine the health of the cluster. Cluster health is currently RED
I checked elastisearch service in all nodes and it is up and running.
How to solve this problem, please?
Regards,
Hi @linux_admin ,
Have you checked the health of the cluster using the _cluster/health API?
Do you have the password for the elastic and kibana_system users? There is also a useful way to check passwords in this topic .
Hi @carly.richmond
Stop elasticsearch service on all cluster nodes using systemctl stop elasticsearch
Set xpack.security.enabled: false in elasticsearch.yml on all nodes, and restart elasticsearch on all nodes using systemctl start elasticsearch
Reset elastic and kibana_system users password using bin/elasticsearch-reset-password -u elastic --interactive and bin/elasticsearch-reset-password -u kibana_system --interactive
Update /etc/kibana/kibana.yml with the new password of kibana_system
Stop elasticsearch service on all nodes again using systemctl stop elasticsearch
Reenable xpack.security.enabled: true in elasticsearch.yml on all nodes, and restart elasticsearch on all nodes using systemctl start elasticsearch
Restart kibana service
Great, thanks for sharing the solution @linux_admin !
system
June 13, 2023, 9:02am
5
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.