I'm trying to setup minimal security for Elasticsearch and kibana on an existing test instance running 6.8.23 on a single server running both Elasticsearch and kibana, deployed on windows.
I've gotten Elasticsearch to start following the above instructions plus my Elasticsearch logs showed it failed to start until I also added xpack.security.transport.ssl.enabled: true to Elasticsearch.yml
I auto created the built-in user passwords: bin/Elasticsearch-setup-passwords auto
And confirmed that without the elastic user and password called out, the curl get fails:
curl -XGET "http://localhost:9200/_cluster/health?pretty"
but succeeds with them:
curl -XGET -u elastic:password "http://localhost:9200/_cluster/health?pretty"
Adding the kibana username and password from the buit-in user setup to the kibana.yml:
Elasticsearch.username: "kibana"
Elasticsearch.password: "password"
AND in the keystore:
bin/kibana-keystore create
bin/kibana-keystore add Elasticsearch.username
bin/kibana-keystore add Elasticsearch.password
Restarting Kibana, the service seems to start but the kibana page http://localhost:5601 is stuck on the "Kibana is not yet ready" page.
I've tried using "kibana_system" as the username, and trying the elastic username and password which some other deployment instructions mentioned.
I've also tried to set some additional x-pack configurations in the kibana.yml:
xpack.security.encryptionKey: "something_at_least_32_characters"
xpack.security.enabled: true
That I found in these documentations:
If I revert all of the configs, kibana opens again as it did previously without the security login for intial setup with the elastic username and password.
I feel like I'm very close based on the other forum topics similar to this issue, but those issues all seem to be resolved by setting the built-in passwords and configuring kibana.
My kibana.yml doesn't have specific configuration calling out any logging but I'm guessing it's erroring and I just don't know where to find the logs. Or I've missed a very simple step.
My hope was to get the minimal setup configured and so I can begin looking into the TSL/SSL configuration for a Production cluster.