Hello,
When starting Kibana, the log shows, amongst other info's, this Error:
Unable to retrieve version information from Elasticsearch nodes. error:0909006C:PEM
I'm able to browse to https://172.1.1.50:5601, and the initial Elasticsearch logo appears loading, but then it goes to a "Kibana server is not ready yet message"
Versions:
Elasticsearch: 8(current)
Kibana: 8(current)
Kibana.log:
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-03-02T08:48:05.501-08:00","message":"Plugin "metricsEntities" is disabled.","log":{"level":"INFO","logger":"plugins-service"},"process":{"pid":6905}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-03-02T08:48:05.589-08:00","message":"http server running at http://172.1.1.50:5601","log":{"level":"INFO","logger":"http.server.Preboot"},"process":{"pid":6905}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-03-02T08:48:05.630-08:00","message":"Setting up [1] plugins: [interactiveSetup]","log":{"level":"INFO","logger":"plugins-system.preboot"},"process":{"pid":6905}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-03-02T08:48:05.694-08:00","message":"The default mechanism for Reporting privileges will work differently in future versions, which will affect the behavior of this cluster. Set "xpack.reporting.roles.enabled" to "false" to adopt the future behavior before upgrading.","log":{"level":"WARN","logger":"config.deprecation"},"process":{"pid":6905}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-03-02T08:48:05.897-08:00","message":"Setting up [107] plugins: [translations,licensing,globalSearch,globalSearchProviders,features,licenseApiGuard,usageCollection,taskManager,telemetryCollectionManager,telemetryCollectionXpack,kibanaUsageCollection,share,embeddable,uiActionsEnhanced,screenshotMode,screenshotting,banners,telemetry,newsfeed,mapsEms,fieldFormats,expressions,dataViews,charts,esUiShared,bfetch,data,savedObjects,presentationUtil,expressionShape,expressionRevealImage,expressionRepeatImage,expressionMetric,expressionImage,customIntegrations,home,searchprofiler,painlessLab,grokdebugger,management,watcher,licenseManagement,advancedSettings,spaces,security,savedObjectsTagging,reporting,lists,ingestPipelines,fileUpload,encryptedSavedObjects,dataEnhanced,cloud,snapshotRestore,eventLog,actions,alerting,triggersActionsUi,transform,stackAlerts,ruleRegistry,visualizations,canvas,visTypeXy,visTypeVislib,visTypeVega,visTypeTimelion,visTypeTagcloud,visTypeTable,visTypePie,visTypeMetric,visTypeMarkdown,expressionTagcloud,expressionMetricVis,savedObjectsManagement,console,graph,fleet,indexManagement,remoteClusters,crossClusterReplication,indexLifecycleManagement,dashboard,maps,dashboardEnhanced,visualize,visTypeTimeseries,rollup,indexPatternFieldEditor,lens,cases,timelines,discover,osquery,observability,discoverEnhanced,dataVisualizer,ml,uptime,securitySolution,infra,upgradeAssistant,monitoring,logstash,enterpriseSearch,apm,indexPatternManagement]","log":{"level":"INFO","logger":"plugins-system.standard"},"process":{"pid":6905}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-03-02T08:48:05.921-08:00","message":"TaskManager is identified by the Kibana UUID: 46419608-6902-4ef7-82af-37686d5bd848","log":{"level":"INFO","logger":"plugins.taskManager"},"process":{"pid":6905}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-03-02T08:48:06.058-08:00","message":"Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.","log":{"level":"WARN","logger":"plugins.security.config"},"process":{"pid":6905}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-03-02T08:48:06.059-08:00","message":"Session cookies will be transmitted over insecure connections. This is not recommended.","log":{"level":"WARN","logger":"plugins.security.config"},"process":{"pid":6905}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-03-02T08:48:06.081-08:00","message":"Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.","log":{"level":"WARN","logger":"plugins.security.config"},"process":{"pid":6905}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-03-02T08:48:06.082-08:00","message":"Session cookies will be transmitted over insecure connections. This is not recommended.","log":{"level":"WARN","logger":"plugins.security.config"},"process":{"pid":6905}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-03-02T08:48:06.106-08:00","message":"Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.reporting.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.","log":{"level":"WARN","logger":"plugins.reporting.config"},"process":{"pid":6905}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-03-02T08:48:06.116-08:00","message":"Saved objects encryption key is not set. This will severely limit Kibana functionality. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.","log":{"level":"WARN","logger":"plugins.encryptedSavedObjects"},"process":{"pid":6905}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-03-02T08:48:06.132-08:00","message":"APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.","log":{"level":"WARN","logger":"plugins.actions"},"process":{"pid":6905}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-03-02T08:48:06.145-08:00","message":"APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.","log":{"level":"WARN","logger":"plugins.alerting"},"process":{"pid":6905}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-03-02T08:48:06.163-08:00","message":"Installing common resources shared between all indices","log":{"level":"INFO","logger":"plugins.ruleRegistry"},"process":{"pid":6905}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-03-02T08:48:06.780-08:00","message":"Chromium sandbox provides an additional layer of protection, but is not supported for Linux Debian 11 OS. Automatically setting 'xpack.screenshotting.capture.browser.chromium.disableSandbox: true'.","log":{"level":"WARN","logger":"plugins.screenshotting.config"},"process":{"pid":6905}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-03-02T08:48:06.827-08:00","message":"Unable to retrieve version information from Elasticsearch nodes. error:0909006C:PEM routines:get_name:no start line","log":{"level":"ERROR","logger":"elasticsearch-service"},"process":{"pid":6905}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-03-02T08:48:09.045-08:00","message":"Browser executable: /usr/share/kibana/x-pack/plugins/screenshotting/chromium/headless_shell-linux_x64/headless_shell","log":{"level":"INFO","logger":"plugins.screenshotting.chromium"},"process":{"pid":6905}}
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-03-02T08:48:09.046-08:00","message":"Enabling the Chromium sandbox provides an additional layer of protection.","log":{"level":"WARN","logger":"plugins.screenshotting.chromium"},"process":{"pid":6905}}
Kibana.yml:
server.port: 5601
server.host: "172.1.1.50"
server.publicBaseUrl: "https://elk-stack:5601"
elasticsearch.hosts: ["https://172.1.1.50:9200"]
elasticsearch.serviceAccountToken: "*****************"
elasticsearch.ssl.certificate: /etc/kibana/certs/http_ca.crt
elasticsearch.ssl.key: /etc/kibana/certs/http.p12
logging:
appenders:
file:
type: file
fileName: /var/log/kibana/kibana.log
layout:
type: json
root:
appenders:
- default
- file
I'm not sure if I setup the cert and key paths correctly? I'm using the ones Elasticsearch auto generated during the installation. I then copied the http_ca.crt, http.p12 and transport.p12 into the kibana/certs/ folder.
Elasticsearch.yml:
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 172.1.1.50
http.port: 9200
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
cluster.initial_master_nodes: ["elk-stack"]
http.host: [_local_, _site_]
Thanks for any help!