Kibana does not connect to elasticsearch with security enabled

Hello,

I have enabled security on elasticsearch 7.1.0. I have configured everything as shown in the blog but when I start kibana I get the following in the logs: https://pastebin.com/7DwrKuYh

My kibana.yml looks like this:

server.port: 5601
server.host: "0.0.0.0"
server.maxPayloadBytes: 1048576
server.name: "z0z0"
elasticsearch.hosts: ["http://127.0.0.1:9200"]
elasticsearch.preserveHost: true
kibana.index: ".kibana"
kibana.defaultAppId: "home"
elasticsearch.username: "kibana"
elasticsearch.password: "X70dOp4q9JZRXR5zzQ71"
elasticsearch.pingTimeout: 1500
elasticsearch.requestTimeout: 30000
elasticsearch.shardTimeout: 30000
elasticsearch.startupTimeout: 5000
elasticsearch.logQueries: false
pid.file: /var/run/kibana/kibana.pid
logging.dest: stdout
logging.silent: false
logging.quiet: true
logging.verbose: false
ops.interval: 5000
i18n.locale: "en"

while I can successfully run curl request with that user on elasticsearch:

 curl -u kibana:X70dOp4q9JZRXR5zzQ71 localhost:9200/_cluster/health?pretty
{
  "cluster_name" : "z0z0",
  "status" : "yellow",
  "timed_out" : false,
  "number_of_nodes" : 1,
  "number_of_data_nodes" : 1,
  "active_primary_shards" : 69,
  "active_shards" : 69,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 31,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 69.0
}

Any idea how to fix it?

All your logs say:

[security_exception] failed to authenticate user [elastic]

But your Kibana config has:

elasticsearch.username: "kibana"

That doesn't make sense. Your logs should be reporting errors for the user you have configured (kibana, not elastic).

Are you sure that you're showing us the current logs and the correct config file?

Did you have elastic in that config file at some point, and if so have you restarted Kibana since you changed it?

I have only one file and looking into the syslog. I do not understand where is the elastic user coming from either.

Uninstalled kibana, manually removed all the references to kibana from the OS then reinstalled it and reconfigured it, Solved the problem. Honestly I have no idea why it was trying to authenticate as elastic user at all. But the problem now is solved.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.