Hi,
I'm in the process of setting up TLS for my ESCluster by following the steps mentioned here: https://www.elastic.co/guide/en/elasticsearch/reference/6.3/configuring-tls.html
ES master and slaves are ok as evidence that I can successfully curl our escluster:
{
"name" : "esmaster0",
"cluster_name" : "es_cluster",
"cluster_uuid" : "1234567asdfghjm",
"version" : {
"number" : "6.3.0",
"build_flavor" : "default",
"build_type" : "rpm",
"build_hash" : "424e937",
"build_date" : "2018-06-11T23:38:03.357887Z",
"build_snapshot" : false,
"lucene_version" : "7.3.1",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}
However, Kibana won't start and keeps on crashing.
Here's the error message:
FATAL { ValidationError: child "xpack" fails because [child "security" fails because ["transport" is not allowed, "http" is not allowed]]
at Object.exports.process (/usr/share/kibana/node_modules/joi/lib/errors.js:181:19)
at internals.Object._validateWithOptions (/usr/share/kibana/node_modules/joi/lib/any.js:651:31)
at module.exports.internals.Any.root.validate (/usr/share/kibana/node_modules/joi/lib/index.js:121:23)
at Config._commit (/usr/share/kibana/src/server/config/config.js:119:35)
at Config.set (/usr/share/kibana/src/server/config/config.js:89:10)
at Config.extendSchema (/usr/share/kibana/src/server/config/config.js:62:10)
at extendConfigService (/usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:26:10)
at <anonymous>
isJoi: true,
name: 'ValidationError',
details:
[ { message: '"transport" is not allowed',
path: 'xpack.security.transport',
type: 'object.allowUnknown',
context: [Object] },
{ message: '"http" is not allowed',
path: 'xpack.security.http',
type: 'object.allowUnknown',
context: [Object] } ],
_object:
{ pkg:
{ version: '6.3.0',
branch: '6.3',
buildNum: 17230,
buildSha: 'c360fcacca5594000a2f7c80fe2dcaad5c7ee52c' },
dev: { basePathProxyTarget: 5603 },
pid: { exclusive: false },
cpu: undefined,
cpuacct: undefined,
server:
{ port: 5601,
host: '0.0.0.0',
name: 'kibana0',
ssl: [Object],
maxPayloadBytes: 1048576,
autoListen: true,
defaultRoute: '/app/kibana',
basePath: '',
rewriteBasePath: false,
customResponseHeaders: {},
cors: false,
xsrf: [Object] },
logging:
{ dest: '/var/log/kibana.log',
verbose: true,
silent: false,
quiet: false,
events: {},
filter: {},
json: true,
useUTC: true },
ops: { interval: 5000 },
plugins: { scanDirs: [Array], paths: [Array], initialize: true },
path: { data: '/var/lib/kibana' },
optimize:
{ enabled: true,
bundleFilter: '!tests',
bundleDir: '/usr/share/kibana/optimize/bundles',
viewCaching: true,
watch: false,
watchPort: 5602,
watchHost: 'localhost',
watchPrebuild: false,
watchProxyTimeout: 300000,
useBundleCache: true,
profile: false },
status: { allowAnonymous: false },
map:
{ manifestServiceUrl: 'https://catalogue.maps.elastic.co/v2/manifest',
includeElasticMapsService: true },
tilemap: { options: [Object] },
regionmap: { includeElasticMapsService: true },
i18n: { defaultLocale: 'en' },
xpack:
{ searchprofiler: [Object],
ml: [Object],
tilemap: [Object],
watcher: [Object],
xpack_main: [Object],
graph: [Object],
monitoring: [Object],
security: [Object] },
license_management: { enabled: true },
index_management: { enabled: true },
input_control_vis: { enabled: true },
kbn_doc_views: { enabled: true },
kbn_vislib_vis_types: { enabled: true },
markdown_vis: { enabled: true },
spy_modes: { enabled: true },
state_session_storage_redirect: { enabled: true },
status_page: { enabled: true },
table_vis: { enabled: true },
tagcloud: { enabled: true },
tile_map: { enabled: true },
timelion: { enabled: true },
metric_vis: { enabled: true },
region_map: { enabled: true } },
annotate: [Function] }
Here's my kibana.yml:
server.port: 5601
server.host: "0.0.0.0"
server.name: "kibana0"
elasticsearch.url: "https://esmaster0:9200"
elasticsearch.username: "******"
elasticsearch.password: "*****"
server.ssl.enabled: true
server.ssl.certificate: /etc/kibana/cert/kibana0/kibana0.crt
server.ssl.key: /etc/kibana/cert/kibana0/kibana0.key
elasticsearch.ssl.certificateAuthorities: [ "/etc/kibana/cert/ca/ca.crt" ]
logging.dest: /var/log/kibana.log
logging.verbose: true
xpack.graph.enabled: true
xpack.ml.enabled: true
xpack.monitoring.enabled: true
# xpack.reporting.enabled: true
xpack.security.enabled: true
xpack.watcher.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /etc/kibana/cert/kibana0/kibana0.key
xpack.security.transport.ssl.certificate: /etc/kibana/cert/kibana0/kibana0.crt
xpack.security.transport.ssl.certificate_authorities: [ "/etc/kibana/cert/ca/ca.crt" ]
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /etc/kibana/cert/kibana0/kibana0.key
xpack.security.http.ssl.certificate: /etc/kibana/cert/kibana0/kibana0.crt
xpack.security.http.ssl.certificate_authorities: [ "/etc/kibana/cert/ca/ca.crt" ]
Am I missing a configuration or have setup an attribute wrong? I'm lost on why it says I'm using http when I've set everything to use https.
Any of you guys have an idea what's wrong?