Hi Experts,
We have a 3 node ELK cluster and the version details are below:-
elasticsearch-6.1.0
kibana-6.1.0
We have kibana installed on another host.
Recently we integrated X-Pack with ElasticSearch and Kibana.Before the trial license expired,we changed it to basic license and the cluster was working fine and Kibana too.
We implemented SSL/TLS on the Elastic cluster by folliwng the link below.The certificates were self signed.
Master link being followed for security:-
https://www.elastic.co/guide/en/x-pack/6.x/ssl-tls.html
Link for enabling TLS for Elastic search:-
https://www.elastic.co/guide/en/elasticsearch/reference/6.x/configuring-tls.html#node-certificates
https://www.elastic.co/guide/en/elasticsearch/reference/6.x/configuring-tls.html#enable-ssl
The certificates are self signed and without password and the same certificate is being used on all the three nodes as the cert is a generic one and not tied to the hostname or DN name.
After this, we noticed that Kibana could not connect to the elastic nodes and so we enabled "elasticsearch.url" in kibana.yml to use the https protocol(Step -7 in the link below):-
https://www.elastic.co/guide/en/kibana/6.1/using-kibana-with-security.html
NOTE:- we have not followed any of the other steps in the link above.We have nt enabled SSL between the browser to kibana.
Errors seen in Kibana that keep on coming continously:-
{"type":"log","@timestamp":"2018-02-06T15:56:00Z","tags":["warning","elasticsearch","admin"],"pid":6512,"message":"No living connections"}
{"type":"log","@timestamp":"2018-02-06T15:56:02Z","tags":["warning","elasticsearch","admin"],"pid":6512,"message":"Unable to revive connection: https://hostname:9200/"}
{"type":"log","@timestamp":"2018-02-06T15:56:02Z","tags":["warning","elasticsearch","admin"],"pid":6512,"message":"No living connections"}
{"type":"log","@timestamp":"2018-02-06T15:56:05Z","tags":["warning","elasticsearch","admin"],"pid":6512,"message":"Unable to revive connection: https://hostname:9200/"}
{"type":"log","@timestamp":"2018-02-06T15:56:05Z","tags":["warning","elasticsearch","admin"],"pid":6512,"message":"No living connections"}
{"type":"log","@timestamp":"2018-02-06T15:56:08Z","tags":["warning","elasticsearch","admin"],"pid":6512,"message":"Unable to revive connection: https://hostname:9200/"}
{"type":"log","@timestamp":"2018-02-06T15:56:08Z","tags":["warning","elasticsearch","admin"],"pid":6512,"message":"No living connections"}
{"type":"log","@timestamp":"2018-02-06T15:56:10Z","tags":["warning","elasticsearch","admin"],"pid":6512,"message":"Unable to revive connection: https://hostname:9200/"}
{"type":"log","@timestamp":"2018-02-06T15:56:10Z","tags":["warning","elasticsearch","admin"],"pid":6512,"message":"No living connections"}
--
Troubleshooting steps tried:-
1)Tried accessing each of the three hadoop nodes over httos from the browser and it works fine after accepting the cert and it works fine.
2)Tried accessing over http and it results into failure thereby confirming that the elastic nodes are accessible over https only and not through http.
3)Tried accessing the elastic nodes from the kibana host using curl command "curl -k -s https://hoatname:9200" and it returns successful.
So essentially, I see that the issue is only with kibana to connect to elastic nodes.
Tried checking the logs for any other errors and the only other warning I see is :-
{"type":"log","@timestamp":"2018-02-06T15:56:00Z","tags":["license","warning","xpack"],"pid":6512,"message":"License information from the X-Pack plugin could not be obtained from Elasticsearch for the [data] cluster. Error: No Living connections"}
What we are trying to achieve here is that any client accessing elastic nodes should be over https/TLS.
Clarifications:-
1)DO we need to follow any more steps other than enabling TLS/SSL for elastic search nodes and the change in kibana to get https working?
2)Is it mandatory to follow the section "Configure X-Pack monitoring to use encrypted connections" in the link below to get our objective of enabling https for elastic nodes?
Any help would be highly appreciated!