Inability to set up Shield/Security within X-Pack Trial

tvoll · August 3, 2018, 2:12pm

So, I'm currently testing out the trial of X-Pack on my test install, and i'm having an issue enabling the Security portion of X-Pack. From the guides provided, it is presented that it should be as easy as entering xpack.security.enabled = true at the end of my elasticsearch.yml. However, every time I do this, Elasticsearch will fail to start up.

Are there any other steps that I'd need to do? Was hoping the trial would snap into action a bit faster.

ikakavas · August 3, 2018, 2:33pm

Can you please add a little more context / information ? What is the error message?

Which Elasticsearch version are you trying out?

ikakavas · August 3, 2018, 2:37pm

Also, not sure if you misspoke above, but elasticsearch.yml is a YAML file and as such the correct syntax is

xpack.security.enabled: true

and not

xpack.security.enabled= true

tvoll · August 3, 2018, 3:24pm

Whoops, it might have just been a stupid mistake on my part.
Running everything at v6.3.2. I believe that was all it was, just a simple =.
Since it wasn't specified in the guides as xpack.security.enabled: true, but instead 'set xpack.security.enabled' to true, so my first thought was =, I guess.
Thanks once again and sorry for the silliness.

tvoll · August 3, 2018, 3:30pm

I am still having issues, but I have gotten a little bit further.
Now I have Kibana constantly reloading after enabling security.
I already have nginx basic authentication being used, and am not sure if this could be the cause for the issue.

My logs look like this for Kibana

Aug 3 10:25:39 ELKD01 kibana[23568]: {"type":"log","@timestamp":"2018-08-03T15:25:39Z","tags":["info","authentication"],"pid":23568,"message":"Authentication attempt failed: [security_exception] unable to authenticate user [tjvadmin] for REST request [/_xpack/security/_authenticate], with { header={ WWW-Authenticate="Basic realm=\"security\" charset=\"UTF-8\"" } }"}
Aug 3 10:25:39 ELKD01 kibana[23568]: {"type":"log","@timestamp":"2018-08-03T15:25:39Z","tags":["license","warning","xpack"],"pid":23568,"message":"License information from the X-Pack plugin could not be obtained from Elasticsearch for the [data] cluster. [security_exception] missing authentication token for REST request [/_xpack], with { header={ WWW-Authenticate="Basic realm=\"security\" charset=\"UTF-8\"" } } :: {"path":"/_xpack","statusCode":401,"response":"{\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"missing authentication token for REST request [/_xpack]\",\"header\":{\"WWW-Authenticate\":\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"}}],\"type\":\"security_exception\",\"reason\":\"missing authentication token for REST request [/_xpack]\",\"header\":{\"WWW-Authenticate\":\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"}},\"status\":401}","wwwAuthenticateDirective":"Basic realm=\"security\" charset=\"UTF-8\""}"}
Aug 3 10:25:39 ELKD01 kibana[23568]: {"type":"response","@timestamp":"2018-08-03T15:25:39Z","tags":,"pid":23568,"method":"get","statusCode":401,"req":{"url":"/app/monitoring","method":"get","headers":{"connection":"upgrade","host":"logsd.securecomwireless.com","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://logsd.securecomwireless.com/app/kibana","upgrade-insecure-requests":"1"},"remoteAddress":"127.0.0.1","userAgent":"127.0.0.1","referer":"https://logsd.securecomwireless.com/app/kibana"},"res":{"statusCode":401,"responseTime":4,"contentLength":9},"message":"GET /app/monitoring 401 4ms - 9.0B"}
Aug 3 10:25:39 ELKD01 kibana[23568]: {"type":"log","@timestamp":"2018-08-03T15:25:39Z","tags":["info","authentication"],"pid":23568,"message":"Authentication attempt failed: [security_exception] unable to authenticate user [tjvadmin] for REST request [/_xpack/security/_authenticate], with { header={ WWW-Authenticate="Basic realm=\"security\" charset=\"UTF-8\"" } }"}
Aug 3 10:25:39 ELKD01 kibana[23568]: {"type":"log","@timestamp":"2018-08-03T15:25:39Z","tags":["license","warning","xpack"],"pid":23568,"message":"License information from the X-Pack plugin could not be obtained from Elasticsearch for the [data] cluster. [security_exception] missing authentication token for REST request [/_xpack], with { header={ WWW-Authenticate="Basic realm=\"security\" charset=\"UTF-8\"" } } :: {"path":"/_xpack","statusCode":401,"response":"{\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"missing authentication token for REST request [/_xpack]\",\"header\":{\"WWW-Authenticate\":\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"}}],\"type\":\"security_exception\",\"reason\":\"missing authentication token for REST request [/_xpack]\",\"header\":{\"WWW-Authenticate\":\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"}},\"status\":401}","wwwAuthenticateDirective":"Basic realm=\"security\" charset=\"UTF-8\""}"}
Aug 3 10:25:39 ELKD01 kibana[23568]: {"type":"response","@timestamp":"2018-08-03T15:25:39Z","tags":,"pid":23568,"method":"get","statusCode":401,"req":{"url":"/app/monitoring","method":"get","headers":{"connection":"upgrade","host":"logsd.securecomwireless.com","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://logsd.securecomwireless.com/app/kibana","upgrade-insecure-requests":"1"},"remoteAddress":"127.0.0.1","userAgent":"127.0.0.1","referer":"https://logsd.securecomwireless.com/app/kibana"},"res":{"statusCode":401,"responseTime":3,"contentLength":9},"message":"GET /app/monitoring 401 3ms - 9.0B"}

ikakavas · August 3, 2018, 4:08pm

You don't need nginx with basic auth in front of kibana now that you are using X-Pack.

The issue here is that Kibana can't communicate with Elasticsearch as Elasticsearch now needs authenticated requests ( security is enabled ) and you probably haven't configured Kibana for this.

Please read through our documentation on how to start with security. You can probably start here. Most of these initial required steps are well covered in there.

tvoll · August 3, 2018, 8:48pm

Thank you!
Those documents did help out a lot.

system · August 31, 2018, 8:48pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.