Kibana login page with 6.5.1 version

Sou · July 10, 2019, 10:26am

Hi,

I want to use Logstash, ElasticSearch and Kibana. To do so I installed Logstash, ElasticSearch and Kibana in my linux environment with 6.5.1 version.
In elasticsearch 6.5.1 version xpack comes along with the installer. So xpack separate installation for elasticsearch was not needed for me. By default xpack license comes as basic. Although I did the xpack security configuration in elasticsearch.yml file as follows -

xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /elasticsearch-6.5.1/config/ssl/server.key
xpack.security.http.ssl.certificate: /elasticsearch-6.5.1/config/ssl/server.pem
xpack.security.http.ssl.certificate_authorities: [ "/elasticsearch-6.5.1/config/ssl/ca.pem" ]
xpack.security.transport.ssl.supported_protocols: TLSv1.2

After making the changes I restarted elasticsearch server.
Also when ran this curl command I get this -

curl -u elastic -XGET -k "https://198.08.2.5:9200/_xpack/license"
Enter host password for user 'elastic':
{
"license" : {
"status" : "active",
"uid" : "54fc2337-5ce0-49e3-8ddc-383d78d02de2",
"type" : "basic",
"issue_date" : "2019-07-09T08:04:48.782Z",
"issue_date_in_millis" : 1562659488782,
"max_nodes" : 1000,
"issued_to" : "elasticsearch",
"issuer" : "elasticsearch",
"start_date_in_millis" : -1
}
}

So this mush is my elasticsearch configuration.
For kibana I have enabled the elasticsearch build in user details in kibana.yml and restarted kibana.
elasticserach.username : "user"
elasticserach.password: "pass"

As I want to have a login page only for Kibana but not for Elasticsearch.
I restarted Kibana server, the Kibana doesn't prompt for any username or password, directly the home page loaded.

Am I missing any other setting in configuration files?

Can clarify what's wrong in the steps I did? Is it the license got to do anything to do with this ?

Thanks

dadoonet · July 10, 2019, 10:40am

Welcome!

The security feature is available in the basic license from elastic 6.8.
Before that version you need to activate a trial or buy a license.

I'd upgrade.

Sou · July 10, 2019, 10:55am

Thank you David for your quick reply.. !! Really appreciate.

Sou · July 18, 2019, 10:07am

Hi ..

I have upgraded Logstash, Elastic Search and Kibana from 6.5.1 to 6.8 in order to have login functionality on kibana.
Now connection between Kibana and Elastic search is working as expected.
But now the issue appeared with Logstash and Elastic search connection.

This the error I could see in logstash-plain.log

[2019-07-18T03:49:32,140][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"6.8.0"}
[2019-07-18T03:49:35,957][ERROR][logstash.licensechecker.licensereader] Unable to retrieve license information from license server {:message=>"Got response code '401' contacting Elasticsearch at URL 'https://lxddv112.test.intranet:9200/_xpack'"}
[2019-07-18T03:49:36,022][ERROR][logstash.monitoring.internalpipelinesource] Failed to fetch X-Pack information from Elasticsearch. This is likely due to failure to reach a live Elasticsearch cluster.

Here is my logstash configuration below -

# X-Pack Monitoring
# https://www.elastic.co/guide/en/logstash/current/monitoring-logstash.html
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: password
xpack.monitoring.elasticsearch.hosts: ["https://lxddv112.test.intranet:9200"]
xpack.monitoring.elasticsearch.ssl.certificate_authority: /ci/ssl/server.pem
#xpack.monitoring.elasticsearch.ssl.truststore.path: /ci/logstash/logstash-6.8.0/config/ssl/server.key
#xpack.monitoring.elasticsearch.ssl.truststore.password: changeit
#xpack.monitoring.elasticsearch.ssl.keystore.path: /ci/ssl/cacerts
#xpack.monitoring.elasticsearch.ssl.keystore.password: "123456"
#xpack.monitoring.elasticsearch.ssl.verification_mode: certificate
#xpack.monitoring.elasticsearch.sniffing: false
#xpack.monitoring.collection.interval: 10s
#xpack.monitoring.collection.pipeline.details.enabled: true
#
# X-Pack Management
# https://www.elastic.co/guide/en/logstash/current/logstash-centralized-pipeline-management.html
#xpack.management.enabled: false
#xpack.management.pipeline.id: ["main", "apache_logs"]
#xpack.management.elasticsearch.username: logstash_admin_user
#xpack.management.elasticsearch.password: password
#xpack.management.elasticsearch.hosts: ["https://es1:9200", "https://es2:9200"]
#xpack.management.elasticsearch.ssl.certificate_authority: [ "/path/to/ca.crt" ]
#xpack.management.elasticsearch.ssl.truststore.path: /path/to/file
#xpack.management.elasticsearch.ssl.truststore.password: password
#xpack.management.elasticsearch.ssl.keystore.path: /path/to/file
#xpack.management.elasticsearch.ssl.keystore.password: password
#xpack.management.elasticsearch.ssl.verification_mode: certificate
#xpack.management.elasticsearch.sniffing: false
#xpack.management.logstash.poll_interval: 5s

To corss check my certificate viewed the certificate server.pem. It looks like below -

#8: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: lxddv112.test.intranet
  DNSName: lxddv113.test.intranet
]

One more point I would like to mention my logstash, elastic search and kibana are sharing the same jvm.
Am I missing any other setting in configuration files?

Can clarify what's wrong in the steps I did?

Thanks in advance

Sou · July 21, 2019, 7:21pm

Hi I am able to solve the issue .. here are the steps below -

How to fix logstash and elastic search issue

Stop logstash
Keep running elastic search
Run curl command to change the build in user credentials as like Kibana, elastic search and logstash

Change password for kibana
curl -u elastic:changeme -XPUT -k "https://151.119.239.57:9200/_xpack/security/user/kibana/_password?pretty" -H 'Content-Type: application/json' -d '{"password": "password"}'

Change password for elasticseach -- **Note for elasticsearch you can keep the password unchanged
curl -u elastic:changeme -XPUT -k "https://151.119.239.57:9200/_xpack/security/user/elasticsearch/_password?pretty" -H 'Content-Type: application/json' -d '{"password": "changeme"}'

You likely need to add user and roles to authenticate in elasticsearch license -

Create logstash role-
curl -uelastic:changeme -v -XPOST -k -H "Content-type: application/json" -d '{
"cluster": ["manage_index_templates", "monitor", "manage_ilm"],
"indices": [
{
"names": [ "logstash-*" ],
"privileges": ["write","delete","create_index","manage","manage_ilm"]
}
]
}' 'https://lxddv002.test.intranet:9200/_xpack/security/role/logstash_system'

Create logstash user -

curl -uelastic:changeme -v -XPOST -k -H "Content-type: application/json" -d '{
"password" : "password",
"roles" : [ "superuser","logstash_writer","admin"],
"full_name" : "Internal Logstash User"
}' "https://lxddv002.test.intranet:9200/_xpack/security/user/logstash_internal"

It is recommended that the new user must have the required permission to write on the indices in elastic search.

Use this username / password in logstash.yml file
Change the default elastic search username and password with the new one.
Update logstash-es.conf file as below -

output {
elasticsearch {
hosts => ["https://localhost:9200"]
ssl => true
#if true provide cacert for certificate verification
ssl_certificate_verification => false
keystore => "/opt/hcde/logcentral/ssl/cacerts"
keystore_password => "123456"
}
stdout { codec => rubydebug }
}

Restart logstash.yml and logstash-es.conf file and check the logs for elasticseach connectivity.
You shoud see the the license monitoring is ok.

Sou · July 21, 2019, 7:22pm

Incase you are facing the similar issue and looking for solution please post on this topic here. I would love to reply and help to resolve your issue.

system · August 18, 2019, 7:22pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.