Kibana 7.10.0. licensing error

ans_x · November 19, 2020, 4:48pm

After upgrading the stack from version 7.8.0 to 7.10.0, a license error appeared in Kibana.

xpack settings were included. After the update, the config did not change, only deleted the Kibana system indexes.
parameter: xpack.security.enabled: true
however, an error pops up in Kibana:

GET _license

       {
      "license" : {
        "status" : "active",
        "uid" : "520gdz41-489d-4353-a347-c3152f6af699",
        "type" : "basic",
        "issue_date" : "2019-07-22T12:29:06.971Z",
        "issue_date_in_millis" : 1563798546971,
        "max_nodes" : 1000,
        "issued_to" : "preprodlogs",
        "issuer" : "elasticsearch",
        "start_date_in_millis" : -1
      }
    }

Please tell me what could be the problem.

Larry_Gregory · November 19, 2020, 8:36pm

Hi @ans_x,

Looking at your logs, I'm seeing the following:

{"type":"log","@timestamp":"2020-11-19T16:20:40Z","tags":["warning","plugins","licensing"],"pid":7,"message":"License information could not be obtained from Elasticsearch due to [security_exception] missing authentication credentials for REST request [/_xpack], with { header={ WWW-Authenticate="Basic realm=\"security\" charset=\"UTF-8\"" } } :: {"path":"/_xpack","statusCode":401,"response":"{\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/_xpack]\",\"header\":{\"WWW-Authenticate\":\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"}}],\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/_xpack]\",\"header\":{\"WWW-Authenticate\":\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"}},\"status\":401}","wwwAuthenticateDirective":"Basic realm=\"security\" charset=\"UTF-8\""} error"}

This tells me that you might not have Kibana's credentials configured properly, so Kibana can't talk to Elasticsearch. Have you set both elasticsearch.username and elasticsearch.password within your kibana.yml?

ans_x · November 19, 2020, 8:44pm

Yes, these two parameters are written in the config. It is strange that when the kibana restarts, it works for a while without errors and sees ES, but later the connection disappears.

kibana.yaml

server.port: 5601
server.host: "0"
server.maxPayloadBytes: 1048576
elasticsearch.requestTimeout: 60000
elasticsearch.shardTimeout: 60000
#elasticsearch.startupTimeout: 20000
#elasticsearch.sniffOnStart: true
#elasticsearch.sniffInterval: 60000
elasticsearch.sniffOnConnectionFault: true
elasticsearch.hosts:
  - http://XXX:9200
  - http://XXX:9200
  - http://XXX:9200
elasticsearch.username: "elastic"
elasticsearch.password: "XXX"
xpack.reporting.encryptionKey: "something_32_least_at_characters"
xpack.security.enabled: true
xpack.security.encryptionKey: "something_at_least_32_characters"
kibana.index: ".kibana"
logging.dest: /usr/share/kibana/kibana.log

Could this be a kibana bug in 7.10.0?

Larry_Gregory · November 19, 2020, 8:54pm

This is pretty strange. Can you try to reduce elasticsearch.hosts to a single entry, and see if the problem still persists? I want to try to eliminate possibilities.

Also, to confirm: are you running a single Kibana instance, or multiple Kibana instances?

Based on the logs, it looks like Kibana ran fine for ~6 minutes before it lost the connection. Does that sound about right to you? Is it consistently lasting about that long, or is the timing sporadic?

Once you lose the connection, does it ever come back on its own, or do you have to restart to reconnect?

ans_x · November 19, 2020, 9:03pm

A kibana instance is one. The error time is floating, usually a couple of hours can work normally.

No recovery was observed. This is a test environment and it is rare.

Larry_Gregory · November 19, 2020, 9:12pm

If we can't isolate the problem to any one Elasticsearch node, then we'll probably need debug logs to triage this further, so that we can observe what's happening before and after these errors start appearing.

# kibana.yml
logging.verbose: true

ans_x · November 23, 2020, 6:53am

I will attach a complete log from the start of the service with debug enabled with a link to Google Drive.
Presumably the problem started on 2020-11-20T18: 00

Full log by link in Google Drive

system · December 21, 2020, 6:53am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
License is not available Elasticsearch	6	7739	June 5, 2022
{"statusCode":503,"error":"Service Unavailable","message":"License is not available."} Kibana	7	7798	December 19, 2022
Security exception Kibana	3	367	August 15, 2018
License information from the X-Pack plugin could not be obtained from Elasticsearch for the [data] cluster. [security_exception] missing authentication credentials for REST request [/_xpack] Elasticsearch elastic-stack-security	5	12881	July 4, 2019
License information could not be obtained from Elasticsearch due to [illegal_argument_exception] request [/_xpack] contains unrecognized parameter: [accept_enterprise] Kibana license	4	2411	June 1, 2021

Kibana 7.10.0. licensing error

Related topics