I am using ELK cluster consists of three nodes. I can't access Kibana using its URL https://kibana_IP:5601.
When I checked the logs of /var/log/elasticsearch/elasticsearch.log I found these errors:
Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]
When I checked the logs of kibana, I found the below error:
Unable to authenticate user [kibana_system] for REST request [/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip]
I tried to reset the password for elastic user using this command /usr/share/elasticsearch/bin/elasticsearch-reset-password -i -u elastic
but I got this error:
Error: Failed to determine the health of the cluster. Cluster health is currently RED
I checked elastisearch service in all nodes and it is up and running.
How to solve this problem, please?
Regards,
Hi @linux_admin ,
Have you checked the health of the cluster using the _cluster/health
API? ?
Do you have the password for the elastic
and kibana_system
users? There is also a useful way to check passwords in this topic .
Hi @carly.richmond
Thanks for your support!
The problem has been solved using the followings:
Stop elasticsearch service on all cluster nodes using systemctl stop elasticsearch
Set xpack.security.enabled: false
in elasticsearch.yml
on all nodes, and restart elasticsearch on all nodes using systemctl start elasticsearch
Reset elastic
and kibana_system
users password using bin/elasticsearch-reset-password -u elastic --interactive
and bin/elasticsearch-reset-password -u kibana_system --interactive
Update /etc/kibana/kibana.yml
with the new password of kibana_system
Stop elasticsearch
service on all nodes again using systemctl stop elasticsearch
Reenable xpack.security.enabled: true
in elasticsearch.yml
on all nodes, and restart elasticsearch on all nodes using systemctl start elasticsearch
Restart kibana service
Great, thanks for sharing the solution @linux_admin !
system
(system)
Closed
June 13, 2023, 9:02am
5
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.