I'm configuring Elastic Security with for Elastic Stack 7.16.3. When I visit Stack Management->Rules and Connectors in Kibana, I see the following:
...and this is the specific error that shows up when I hover over the Error status:
When I look at the actual logs, it's littered with log entries like this:
{
"type": "log",
"@timestamp": "2022-02-14T17:19:43+00:00",
"tags": [
"error",
"plugins",
"alerting"
],
"pid": 8,
"message": "Executing Alert default:monitoring_alert_cpu_usage:b32b3780-22bd-11ec-9456-c3f758019dc7 has resulted in Error: security_exception: [security_exception] Reason: missing authentication credentials for REST request [/_security/user/_has_privileges], caused by: \"\""
}
Here's the relevant portion of my kibana.yml:
# Configure connection to Elasticsearch
elasticsearch:
username: '${KIBANA_SYSTEM_USERNAME}'
password: '${KIBANA_SYSTEM_PASSWORD}'
ssl:
alwaysPresentCertificate: false
certificate: '/usr/share/kibana/config/certs/cert.pem'
key: '/usr/share/kibana/config/certs/key.pem'
certificateAuthorities:
- '/usr/share/kibana/config/certs/ca_bundle.pem'
verificationMode: 'none'
Other than this, Kibana appears to connect just fine with this configuration (i.e., I can perform admin functions and search Elasticsearch from Kibana).
I previously had xpack.security.disabled: false set on this stack, if it matters, and so I was wondering whether this reply to Issue #118520 might apply.
I don't currently have any credentials, etc. configured, so is there an index that I can delete/recreate at restart that will resolve this issue, or some similar solution? I have data, which I need to preserve, so simply deleting my stack and restarting from scratch isn't really an option.