Kibana balancing via VIP

Alessio_Creo · April 17, 2019, 10:02am

Hi there,

I'm trying to balance two kibana instances running in different machine listening on https://10.0.0.250:5601 and https://10.0.0.251:5601. The network admin set a cirtix load balancer to redirect the network traffic via virtual IP kibanamain. When I conncect to https://kibanamain I'm redirected to the login page; but when I submit the credentials I'm redirected infinite time to the empty login page. What I am doing wrong? Follows the config taht I provide to the network admin and kibana.yml. Thank you.

kibana.yml

server.host: "0.0.0.0"

elasticsearch.username: "kibana"

elasticsearch.password: "kibana"

elasticsearch.hosts: ["http://10.0.0.250:9200"]

elasticsearch.requestTimeout: 60000

server.ssl.enabled: true

server.ssl.certificate: /Elastic/kibana-6.7.1-linux-x86_64/config/certs/cert.pem

server.ssl.key: /Elastic/kibana-6.7.1-linux-x86_64/config/certs/private_key.key


pid.file: /Elastic/kibana-6.7.1-linux-x86_64/logs/kibana.pid

citrix specs

kibanamain :

1. Protocol: HTTPS

2. Balancing: ROUND ROBIN

3. Persistence: DISABLED

4. Client Idle Time-out: 180''

5. Server Idle Time-out: 180''

6. http compression: ENABLED

7. Web Socket Connection: DISABLED

8. Check service:

Interval between checks: 5''

Response time-out: 2''

Retries: 3

Type: GET   

Link: https://10.0.0.250:5601, https://10.0.0.251:5601

sebastien · April 17, 2019, 11:08am

Hi @Alessio_Creo

Do the 2 instances share the same xpack.security.encryptionKey?

Cheers

Alessio_Creo · April 17, 2019, 11:22am

Thank you for the answer. I've left the default settings, without specifying any config.

sebastien · April 17, 2019, 1:04pm

You will need to set the same encryption key on both instances.

Please refer to the docs for more information: https://www.elastic.co/guide/en/kibana/current/using-kibana-with-security.html

Cheers

Alessio_Creo · April 17, 2019, 1:52pm

Issue solved. The problem was in the Load Balancer config. I set the Persistance to disabled so the session wasn't saved and the blancer didn't "remember" that the user was logged in, so it was asking for credentials forever.

Thank you very much for the support.

sebastien · April 17, 2019, 1:53pm

Glad you got it solved. Happy to help

system · May 15, 2019, 1:53pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.