Kibana login page


(Preethi) #1

Hi,
Referred the video in this URL to set up the login account for Kibana UI(Version 6.3.0).
https://www.elastic.co/webinars/getting-started-kibana

I installed Kibana 6.3.0, but not X-pack separately. Since its not required for this version of Kibana.

In the above video, he installed the x-pack plugin using this command, bin/kibana-plugin install x-pack . If I run the command in terminal, It gave me this message
"Kibana now contains X-Pack by default, there is no longer any need to install it as it is already present.".
Does it mean that no need to install x-pack for Kibana 6.3.0? or Still need to install separately something like this in this guide?
https://www.elastic.co/guide/en/kibana/5.6/installing-xpack-kb.html

As mentioned in the demo,
enabled the elasticserach.username : "user"
elasticserach.password: "pass"

This was the one, when I saw the kibana.yml file.

After I start the cabin service using this command, bin/kibana the Kibana doesn't prompt for any username or password, directly teh home page loaded.

Am I missing any other setting in configuration files?

Can clarify what's wrong in the steps I did?

Thanks


(kulkarni) #2

Can you clarify what License type are you on ? IF you have installed 6.3.0, it starts with Basic License first. You would have to go to management UI to start the trial license which gives you the login page.

whats the response of GET /_xpack/license if on Basic - you will not get a login screen.

Cheers
Rashmi


(Preethi) #3

HI,
I updated the trial license yesterday. Bellow is the response that I got, while running GET /_xpack/license

{
"license": {
"status": "active",
"uid": "323b9023-5ade-4477-8a91-2fa5969f7be0",
"type": "trial",
"issue_date": "2018-07-03T06:11:23.130Z",
"issue_date_in_millis": 1530598283130,
"expiry_date": "2018-08-02T06:11:23.130Z",
"expiry_date_in_millis": 1533190283130,
"max_nodes": 1000,
"issued_to": "elasticsearch",
"issuer": "elasticsearch",
"start_date_in_millis": -1
}
}

Under the Management/License Management, can see this

"Your Trial license is active"
Your license will expire on August 2, 2018 2:11 PM +08

Only thing is I enabled these two setting in kibana.yml file, as mentioned in that getting started video link
https://www.elastic.co/webinars/getting-started-kibana

elasticsearch.username: "user"
elasticsearch.password: "pass"

FYI, I downloaded the MAC version of Kibana from this URL and installed.
https://www.elastic.co/downloads/kibana

Noticed that there no folder under the installed location of Kibana. Is there anything wrong in my installation?

Thanks


(kulkarni) #4

There seems nothing wrong in your installation. You are on Trial License which is valid for 30 days from the date of issue. Can you plz clarify what exactly are you looking for ?Everything seems fine.

Thanks
Rashmi


(Preethi) #5

Hi Rashmi,

I want to have a login page only for Kibana but not for Elasticsearch.

Thanks


(kulkarni) #6

Elasticsearch is an open-source, broadly-distributable, readily-scalable, enterprise-grade search engine. Accessible through an extensive and elaborate API, Elasticsearch can power extremely fast searches that support your data discovery applications.

Kibana is an open source data visualization plugin for Elasticsearch. It provides visualization capabilities on top of the content indexed on an Elasticsearch. So to answer your question , ES does not have an UI . Kibana is the UI visualization tool for the data indexed into ES and hence provides the login page with the correct license type.

Hope this makes sense.

Cheers
Rashmi


(Preethi) #7

Yes Rashmi, I understood.
The thing is I need to have a login page for Kibana.
But I am getting that login page, if I add pack.security.enabled: true in both elasticsearch.yml and kibana.yml

So whats happening, when I ping localhost:9200, the elastic search prompts username and pawssword. So my question is without adding the xpack.security.enabled: true in elasticsearch.yml, Can't get the login page in Kibana?

Thanks


(kulkarni) #8

I think there is a misunderstanding how security works. kibana authentication and credentials are managed by Elasticsearch and Kibana is just passing that info on. I don't believe starting a trial has security enabled by default. Otherwise when you click the start trial button you would be locked out of Kibana and wouldn't be able to login. So to answer your question, you do need the settings in both kibana.yml and elasticsearch.yml

Cheers
Rashmi


(Preethi) #9

Ok. When I enabled the xpack security setting in both elasticsearch.yml and kibana.yml, the elasticsearch prompts for username and password.
If I don't login, Kiabana fails to start the service.

What would be the username and password to login elasticsearch?

Thanks


(kulkarni) #10

If you have configured Kibana to use the appropriate built-in user in kibana.yml , those would be the credentials for you to login to Elasticsearch .

elasticsearch.username: "kibana"
elasticsearch.password: "kibanapassword"

The password for the built-in kibana user is typically set as part of the X-Pack security configuration process on Elasticsearch. Ref: https://www.elastic.co/guide/en/elastic-stack-overview/6.3/built-in-users.html

Cheers
Rashmi


(kulkarni) #11

Here are some useful documentation which might help you understand better :

https://www.elastic.co/guide/en/elasticsearch/reference/6.3/configuring-security.html
there are a number of steps that you must take to get security enabled on Elasticsearch, and then you need to setup all the usernames and passwords before moving on https://www.elastic.co/guide/en/kibana/current/using-kibana-with-security.html.

Also , You must set the passwords for all built-in users. Am thinking you likely missed this part bin/elasticsearch-setup-passwords interactive

you can run the command in an "interactive" mode, which prompts you to enter new passwords for the elastic, kibana, logstash_system, and beats_system users.

Cheers
Rashmi


(Preethi) #12

Yes, I also tried to set password for teh default users for elasticsearch. But Throws me newly error. I don't think I changed the password for elastic search or bootstrap before.

I ran this:
bin/elasticsearch-setup-passwords interactive

Error:
Failed to authenticate user 'elastic' against http://127.0.0.1:9200/_xpack/security/_authenticate?pretty
Possible causes include:

  • The password for the 'elastic' user has already been changed on this cluster
  • Your elasticsearch node is running against a different keystore
    This tool used the keystore at /Path to elasticsearch-6.3.0/config/elasticsearch.keystore

So I referred this thread....

Then created another user and tried to reset the password for elastic user as shown below:

curl -u my_admin -XPUT 'http://localhost:9200/_xpack/security/user/elastic/_password?pretty' -H 'Content-Type: application/json' -d'
{
"password" : "my_password"
}'
Enter host password for user 'my_admin':
{
"error" : {
"root_cause" : [
{
"type" : "cluster_block_exception",
"reason" : "blocked by: [FORBIDDEN/12/index read-only / allow delete (api)];"
}
],
"type" : "cluster_block_exception",
"reason" : "blocked by: [FORBIDDEN/12/index read-only / allow delete (api)];"
},
"status" : 403
}

How to fix it?

Thanks


(Tim Vernum) #13

Your cluster is in a read only state.
You are probably low on disk space, but you should check your elasticsearch logs for more details.


(Preethi) #14

Yes resolved it.
I changed the password for built-in users such as elastic, kibana and logstash_system successfully.
Now I am able to login kibana. but the problem is I can connect to localhost:9200 in browser but not using curl command. When I run below command,

curl -XGET 'http://localhost:9200/_cat/indices'

getting this error:

{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication token for REST request [/_cat/indices]","header":{"WWW-Authenticate":"Basic realm="security" charset="UTF-8""}}],"type":"security_exception","reason":"missing authentication token for REST request [/_cat/indices]","header":{"WWW-Authenticate":"Basic realm="security" charset="UTF-8""}},"status":401}

What would be the reason?
Also I could get response from http://localhost:9200/_cat/indices in browser. But I am not able to view the created Elasticsearch index in Kibana. So couldn't create index-pattern.

Could you clarify?

Thanks


(Tim Vernum) #15

You are not providing any credentials to that curl request. Use the --user option.


(Preethi) #16

Thanks for your reply. When I run below command, Its successfully lists down all the indices created in Elasticsearch.

curl --user <user_name> -XGET 'http://localhost:9200/_cat/indices'

But when I try create the index-pattern in Kibana, the indices are not listed down in selection of teh index. Why?

Thanks


(system) #17

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.