Kibana server is not ready yet

smam · August 5, 2021, 9:56am

I am confronting the above error while trying to set up minimalistic security for elasticsearch. I know there are multiple forum contributions, but none of them helped me.

elasticsearch.yml:

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: cluster
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: elastic
#node.data: true 
#node.master: true

#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
#network.host: 127.0.0.1 
network.host: IP
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
discovery.seed_hosts: ["IP"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
#
# For more information, consult the discovery and cluster formation module documentation.
#
discovery.type: single-node
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
#-----------------------------------security----------------------------------
xpack.security.enabled: true

kibana.yml:

# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5601

# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "IP"

# Enables you to specify a path to mount Kibana at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
#server.basePath: ""

# Specifies whether Kibana should rewrite requests that are prefixed with
# `server.basePath` or require that they are rewritten by your reverse proxy.
# This setting was effectively always `false` before Kibana 6.3 and will
# default to `true` starting in Kibana 7.0.
#server.rewriteBasePath: false

# Specifies the public URL at which Kibana is available for end users. If
# `server.basePath` is configured this URL should end with the same basePath.
server.publicBaseUrl: "server url"

# The maximum payload size in bytes for incoming server requests.
#server.maxPayload: 1048576

# The Kibana server's name.  This is used for display purposes.
server.name: "server url"

# The URLs of the Elasticsearch instances to use for all your queries.
elasticsearch.hosts: ["http://IP:9200"]

# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
# dashboards. Kibana creates a new index if the index doesn't already exist.
#kibana.index: ".kibana"

# The default application to load.
#kibana.defaultAppId: "home"

# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
elasticsearch.username: "kibana_system"
elasticsearch.password: "password for kibana_system"

# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
#server.ssl.enabled: false
#server.ssl.certificate: /path/to/your/server.crt
#server.ssl.key: /path/to/your/server.key

# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
# These files are used to verify the identity of Kibana to Elasticsearch and are required when
# xpack.security.http.ssl.client_authentication in Elasticsearch is set to required.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key

# Optional setting that enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]

# To disregard the validity of SSL certificates, change this setting's value to 'none'.
#elasticsearch.ssl.verificationMode: full

# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
# the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500

# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
#elasticsearch.requestTimeout: 30000

# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]

# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}

# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 30000

# Logs queries sent to Elasticsearch. Requires logging.verbose set to true.
#elasticsearch.logQueries: false

# Specifies the path where Kibana creates the process ID file.
#pid.file: /run/kibana/kibana.pid

# Enables you to specify a file where Kibana stores log output.
#logging.dest: stdout

# Set the value of this setting to true to suppress all logging output.
#logging.silent: false

# Set the value of this setting to true to suppress all logging output other than error messages.
#logging.quiet: false

# Set the value of this setting to true to log all events, including system usage information
# and all requests.
logging.verbose: true

# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000.
#ops.interval: 5000

# Specifies locale to be used for all localizable strings, dates and number formats.
# Supported languages are the following: English - en , by default , Chinese - zh-CN .
#i18n.locale: "en"

I followed this Instruction: Set up minimal security for Elasticsearch | Elasticsearch Guide [7.13] | Elastic

smam · August 5, 2021, 10:01am

If i try to curl my Webserver, :5601 shows "kibana server is not ready", while :9200 requires an authentification.

smam · August 5, 2021, 11:00am

I found out, that this seems to be the error: "Authentication of [kibana] was terminated by realm [reserved] - failed to authenticate user [kibana]". I just don't know how to fix it yet.

Chris_Owens · August 5, 2021, 3:13pm

Hello! This forum is for our Elastic Security solution, not the security of the stack itself (confusing, I know!). I am moving your message to a better forum to get you an answer.

smam · August 6, 2021, 7:21am

Thank you! May you tell me which Forum?

Chris_Owens · August 6, 2021, 12:08pm

Sure! I moved it to the Elastic Stack -> Elasticsearch forum. And added the elastic-stack-security tag.

warkolm · August 8, 2021, 11:29pm

Please share your Elasticsearch and Kibana logs.

TimV · August 9, 2021, 5:40am

This error message doesn't match up with the configuration you have provided.

If you have configured Kibana to use the kibana_system user, then you shouldn't see error messages relative to the kibana user.

smam · August 10, 2021, 8:40am

That is right. I just tested it with kibana and kibana_system, yet not one of them worked. My first attempt was with the "kibana_system" user, my last one with the kibana uer. Therefore i got this error message.

smam · August 10, 2021, 8:41am

Elasticsearch:

[2021-08-06T14:31:45,337][ERROR][o.e.b.Bootstrap          ] [elastic4] Exception
java.lang.RuntimeException: can not run elasticsearch as root
	at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:103) ~[elasticsearch-7.14.0.jar:7.14.0]
	at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:170) ~[elasticsearch-7.14.0.jar:7.14.0]
	at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:399) [elasticsearch-7.14.0.jar:7.14.0]
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) [elasticsearch-7.14.0.jar:7.14.0]
	at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) [elasticsearch-7.14.0.jar:7.14.0]
	at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:75) [elasticsearch-7.14.0.jar:7.14.0]
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:116) [elasticsearch-cli-7.14.0.jar:7.14.0]
	at org.elasticsearch.cli.Command.main(Command.java:79) [elasticsearch-cli-7.14.0.jar:7.14.0]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115) [elasticsearch-7.14.0.jar:7.14.0]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:81) [elasticsearch-7.14.0.jar:7.14.0]
[2021-08-06T14:31:45,347][ERROR][o.e.b.ElasticsearchUncaughtExceptionHandler] [elastic4] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.RuntimeException: can not run elasticsearch as root
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:163) ~[elasticsearch-7.14.0.jar:7.14.0]
	at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) ~[elasticsearch-7.14.0.jar:7.14.0]
	at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:75) ~[elasticsearch-7.14.0.jar:7.14.0]
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:116) ~[elasticsearch-cli-7.14.0.jar:7.14.0]
	at org.elasticsearch.cli.Command.main(Command.java:79) ~[elasticsearch-cli-7.14.0.jar:7.14.0]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115) ~[elasticsearch-7.14.0.jar:7.14.0]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:81) ~[elasticsearch-7.14.0.jar:7.14.0]
Caused by: java.lang.RuntimeException: can not run elasticsearch as root
	at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:103) ~[elasticsearch-7.14.0.jar:7.14.0]
	at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:170) ~[elasticsearch-7.14.0.jar:7.14.0]
	at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:399) ~[elasticsearch-7.14.0.jar:7.14.0]
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.14.0.jar:7.14.0]
	... 6 more
[2021-08-06T14:33:14,646][ERROR][o.e.b.Bootstrap          ] [elastic4] Exception
java.lang.RuntimeException: can not run elasticsearch as root
	at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:103) ~[elasticsearch-7.14.0.jar:7.14.0]
	at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:170) ~[elasticsearch-7.14.0.jar:7.14.0]
	at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:399) [elasticsearch-7.14.0.jar:7.14.0]
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) [elasticsearch-7.14.0.jar:7.14.0]
	at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) [elasticsearch-7.14.0.jar:7.14.0]
	at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:75) [elasticsearch-7.14.0.jar:7.14.0]
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:116) [elasticsearch-cli-7.14.0.jar:7.14.0]
	at org.elasticsearch.cli.Command.main(Command.java:79) [elasticsearch-cli-7.14.0.jar:7.14.0]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115) [elasticsearch-7.14.0.jar:7.14.0]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:81) [elasticsearch-7.14.0.jar:7.14.0]
[2021-08-06T14:33:14,653][ERROR][o.e.b.ElasticsearchUncaughtExceptionHandler] [elastic4] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.RuntimeException: can not run elasticsearch as root
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:163) ~[elasticsearch-7.14.0.jar:7.14.0]
	at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) ~[elasticsearch-7.14.0.jar:7.14.0]
	at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:75) ~[elasticsearch-7.14.0.jar:7.14.0]
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:116) ~[elasticsearch-cli-7.14.0.jar:7.14.0]
	at org.elasticsearch.cli.Command.main(Command.java:79) ~[elasticsearch-cli-7.14.0.jar:7.14.0]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115) ~[elasticsearch-7.14.0.jar:7.14.0]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:81) ~[elasticsearch-7.14.0.jar:7.14.0]
Caused by: java.lang.RuntimeException: can not run elasticsearch as root
	at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:103) ~[elasticsearch-7.14.0.jar:7.14.0]
	at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:170) ~[elasticsearch-7.14.0.jar:7.14.0]
	at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:399) ~[elasticsearch-7.14.0.jar:7.14.0]
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.14.0.jar:7.14.0]
	... 6 more

kibana:

{"type":"log","@timestamp":"2021-08-05T13:37:47+02:00","tags":["debug","elasticsearch","query","data"],"pid":61278,"message":"401\nGET /.kibana_task_manager%2C.kibana_task_manager_7.13.2?ignore_unavailable=true [security_exception]: unable to authenticate user [kibana] for REST request [/.kibana_task_manager%2C.kibana_task_manager_7.13.2?ignore_unavailable=true]"}
{"type":"log","@timestamp":"2021-08-05T13:37:47+02:00","tags":["debug","savedobjects-service"],"pid":61278,"_tag":"Left","left":{"type":"retryable_es_client_error","message":"security_exception","error":{"name":"ResponseError","meta":{"body":{"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [kibana] for REST request [/.kibana_task_manager%2C.kibana_task_manager_7.13.2?ignore_unavailable=true]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"unable to authenticate user [kibana] for REST request [/.kibana_task_manager%2C.kibana_task_manager_7.13.2?ignore_unavailable=true]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401},"statusCode":401,"headers":{"www-authenticate":"Basic realm=\"security\" charset=\"UTF-8\"","content-type":"application/json; charset=UTF-8","content-length":"533"},"meta":{"context":null,"request":{"params":{"method":"GET","path":"/.kibana_task_manager%2C.kibana_task_manager_7.13.2","body":null,"querystring":"ignore_unavailable=true","headers":{"user-agent":"elasticsearch-js/7.13.0-canary.1 (linux 4.18.0-305.7.1.el8_4.x86_64-x64; Node.js v14.16.1)","x-elastic-product-origin":"kibana","x-elastic-client-meta":"es=7.13.0p,js=14.16.1,t=7.13.0p,hc=14.16.1"},"timeout":30000},"options":{"ignore":[404],"maxRetries":0},"id":861},"name":"elasticsearch-js","connection":{"url":"http://172.23.64.131:9200/","id":"http://172.23.64.131:9200/","headers":{},"deadCount":0,"resurrectTimeout":0,"_openRequests":1,"status":"alive","roles":{"master":true,"data":true,"ingest":true,"ml":false}},"attempts":0,"aborted":false}}}},"message":"[.kibana_task_manager] INIT RESPONSE"}
{"type":"log","@timestamp":"2021-08-05T13:37:47+02:00","tags":["error","savedobjects-service"],"pid":61278,"message":"[.kibana_task_manager] Action failed with 'security_exception'. Retrying attempt 1 in 2 seconds."}
{"type":"log","@timestamp":"2021-08-05T13:37:47+02:00","tags":["info","savedobjects-service"],"pid":61278,"message":"[.kibana_task_manager] INIT -> INIT. took: 133ms."}
{"type":"log","@timestamp":"2021-08-05T13:37:47+02:00","tags":["debug","elasticsearch","query","data"],"pid":61278,"message":"401\nGET /.kibana%2C.kibana_7.13.2?ignore_unavailable=true [security_exception]: unable to authenticate user [kibana] for REST request [/.kibana%2C.kibana_7.13.2?ignore_unavailable=true]"}
{"type":"log","@timestamp":"2021-08-05T13:37:47+02:00","tags":["debug","savedobjects-service"],"pid":61278,"_tag":"Left","left":{"type":"retryable_es_client_error","message":"security_exception","error":{"name":"ResponseError","meta":{"body":{"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [kibana] for REST request [/.kibana%2C.kibana_7.13.2?ignore_unavailable=true]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"unable to authenticate user [kibana] for REST request [/.kibana%2C.kibana_7.13.2?ignore_unavailable=true]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401},"statusCode":401,"headers":{"www-authenticate":"Basic realm=\"security\" charset=\"UTF-8\"","content-type":"application/json; charset=UTF-8","content-length":"481"},"meta":{"context":null,"request":{"params":{"method":"GET","path":"/.kibana%2C.kibana_7.13.2","body":null,"querystring":"ignore_unavailable=true","headers":{"user-agent":"elasticsearch-js/7.13.0-canary.1 (linux 4.18.0-305.7.1.el8_4.x86_64-x64; Node.js v14.16.1)","x-elastic-product-origin":"kibana","x-elastic-client-meta":"es=7.13.0p,js=14.16.1,t=7.13.0p,hc=14.16.1"},"timeout":30000},"options":{"ignore":[404],"maxRetries":0},"id":860},"name":"elasticsearch-js","connection":{"url":"http://172.23.64.131:9200/","id":"http://172.23.64.131:9200/","headers":{},"deadCount":0,"resurrectTimeout":0,"_openRequests":0,"status":"alive","roles":{"master":true,"data":true,"ingest":true,"ml":false}},"attempts":0,"aborted":false}}}},"message":"[.kibana] INIT RESPONSE"}
{"type":"log","@timestamp":"2021-08-05T13:37:47+02:00","tags":["error","savedobjects-service"],"pid":61278,"message":"[.kibana] Action failed with 'security_exception'. Retrying attempt 1 in 2 seconds."}
{"type":"log","@timestamp":"2021-08-05T13:37:47+02:00","tags":["info","savedobjects-service"],"pid":61278,"message":"[.kibana] INIT -> INIT. took: 141ms."}

warkolm · August 10, 2021, 10:47pm

I'd definitely start there, otherwise Elasticsearch won't even start up.

smam · August 12, 2021, 7:17am

Elasticsearch is running. The logs are just super weird since I tried testing around.

warkolm · August 12, 2021, 9:47am

Ok well please share the logs from startup to where you see Elasticsearch running.

smam · August 12, 2021, 11:17am

New VM, same Problem:
But my Logs should be clean this time.

kibana:

{"type":"log","@timestamp":"2021-08-12T13:13:38+02:00","tags":["info","plugins","taskManager"],"pid":73473,"message":"TaskManager is identified by the Kibana UUID: xx"}
{"type":"log","@timestamp":"2021-08-12T13:13:40+02:00","tags":["warning","plugins","security","config"],"pid":73473,"message":"Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
{"type":"log","@timestamp":"2021-08-12T13:13:40+02:00","tags":["warning","plugins","security","config"],"pid":73473,"message":"Session cookies will be transmitted over insecure connections. This is not recommended."}
{"type":"log","@timestamp":"2021-08-12T13:13:40+02:00","tags":["warning","plugins","reporting","config"],"pid":73473,"message":"Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.reporting.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
{"type":"log","@timestamp":"2021-08-12T13:13:40+02:00","tags":["warning","plugins","reporting","config"],"pid":73473,"message":"Chromium sandbox provides an additional layer of protection, but is not supported for Linux CentOS 8.4.2105\n OS. Automatically setting 'xpack.reporting.capture.browser.chromium.disableSandbox: true'."}
{"type":"log","@timestamp":"2021-08-12T13:13:40+02:00","tags":["warning","plugins","encryptedSavedObjects"],"pid":73473,"message":"Saved objects encryption key is not set. This will severely limit Kibana functionality. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
{"type":"log","@timestamp":"2021-08-12T13:13:40+02:00","tags":["warning","plugins","actions","actions"],"pid":73473,"message":"APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
{"type":"log","@timestamp":"2021-08-12T13:13:40+02:00","tags":["warning","plugins","alerting","plugins","alerting"],"pid":73473,"message":"APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
{"type":"log","@timestamp":"2021-08-12T13:13:44+02:00","tags":["info","plugins","ruleRegistry"],"pid":73473,"message":"Write is disabled, not installing assets"}
{"type":"log","@timestamp":"2021-08-12T13:13:44+02:00","tags":["info","savedobjects-service"],"pid":73473,"message":"Waiting until all Elasticsearch nodes are compatible with Kibana before starting saved objects migrations..."}
{"type":"log","@timestamp":"2021-08-12T13:13:45+02:00","tags":["error","savedobjects-service"],"pid":73473,"message":"Unable to retrieve version information from Elasticsearch nodes. security_exception: [security_exception] Reason: unable to authenticate user [kibana_system] for REST request [/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip]"}

elasticsearch:

[2021-08-12T13:07:08,454][INFO ][o.e.x.s.s.SecurityIndexManager] [elastic4] security index does not exist, creating [.security-7] with alias [.security]
[2021-08-12T13:07:08,510][INFO ][o.e.c.m.MetadataCreateIndexService] [elastic4] [.security-7] creating index, cause [api], templates [], shards [1]/[0]
[2021-08-12T13:13:03,747][INFO ][o.e.x.s.a.AuthenticationService] [elastic4] Authentication of [kibana_system] was terminated by realm [reserved] - failed to authenticate user [kibana_system]
[2021-08-12T13:13:06,229][INFO ][o.e.x.s.a.AuthenticationService] [elastic4] Authentication of [kibana_system] was terminated by realm [reserved] - failed to authenticate user [kibana_system]
[2021-08-12T13:13:08,732][INFO ][o.e.x.s.a.AuthenticationService] [elastic4] Authentication of [kibana_system] was terminated by realm [reserved] - failed to authenticate user [kibana_system]
[2021-08-12T13:13:11,222][INFO ][o.e.x.s.a.AuthenticationService] [elastic4] Authentication of [kibana_system] was terminated by realm [reserved] - failed to authenticate user [kibana_system]
[2021-08-12T13:13:13,728][INFO ][o.e.x.s.a.AuthenticationService] [elastic4] Authentication of [kibana_system] was terminated by realm [reserved] - failed to authenticate user [kibana_system]
[2021-08-12T13:13:16,225][INFO ][o.e.x.s.a.AuthenticationService] [elastic4] Authentication of [kibana_system] was terminated by realm [reserved] - failed to authenticate user [kibana_system]

Followed by even more: "Authentication of [kibana_system] was terminated by realm [reserved] - failed to authenticate user [kibana_system]
"

warkolm · August 13, 2021, 8:22am

We really need to see the Elasticsearch log from when the process starts to when you are seeing these errors, not part of it, all of it.

You can use gist/pastebin/etc if you need somewhere to put it.

smam · August 17, 2021, 11:53am

Yes, sorry. Here you go: elasticsearch.log - Pastebin.com

You can ignore the "master not discovered yet, this worked fine"

I accessed the kibana-webserver to make sure everything is working fine and then enabled the security features. But, once again: no success.

smam · August 17, 2021, 1:15pm

I realized that the Keystore System does not work at all.
Kibana is not able to read the corresponding key from the kibana keystore and the ES keystore cant be read in order to activate TLS Communication. (I tried that because the Log File said, that i have to set: xpack.security.transport.ssl.enabled: true)

Still no success. I am GUESSING that I cannot access my server because the minimal security does not work properly.

system · September 14, 2021, 1:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.