Kibana v7.4.0 issues with xpack security roles

I have basic license and I added this in elasticsearch.yml as

xpack.security.enabled: true
discovery.type: single-node

But when I restart the three services- Elastic, logstash, kibana I have these as last looping logs. So what am I doing wrong?

[2020-01-23T19:38:47,264][INFO ][o.e.c.r.a.AllocationService] [mehak-VirtualBox] Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[mehak][0]]]).
[2020-01-23T19:41:14,547][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://localhost:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :error=>"Got response code '401' contacting Elasticsearch at URL 'http://localhost:9200/'"}
log   [03:41:18.861] [warning][license][xpack] License information from the X-Pack plugin could not be obtained from Elasticsearch for the [data] cluster. [security_exception] missing authentication credentials for REST request [/_xpack], with { header={ WWW-Authenticate="Basic realm=\"security\" charset=\"UTF-8\"" } } :: {"path":"/_xpack","statusCode":401,"response":"{\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/_xpack]\",\"header\":{\"WWW-Authenticate\":\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"}}],\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/_xpack]\",\"header\":{\"WWW-Authenticate\":\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"}},\"status\":401}","wwwAuthenticateDirective":"Basic realm=\"security\" charset=\"UTF-8\""}

The first message is simply because you have a single ES node and your index mehak is most likely setup with a replica and there are no other nodes to host them.

The 401 status indicates that the connections from Logstash and Kibana are unauthorized. Since you have enabled security, you will need to passwords for the different usernames with the elasticsearch-setup-passwords command. You can specify your own passwords using interactive option or let it choose for you via the auto option (please take note of them if you use the auto option). Once this is done, you can configure Logstash and Kibana with the appropriate auth information and they should be able to connect.

@angelo, Thanks for responding.

Do I have to fix this replica index node to go through with setting roles in Kibana?

So while elastic, logstash, kibana are closed, I change the elasticsearch.yml file, and then I should just do the password setups and then start Elasticsearch, logstash, kibana? Or should I keep it running in background?
Basically to I keep the three running during setting password users or stop them until I set them?

Do I have to fix this replica index node to go through with setting roles in Kibana?

If you only plan on using a single node, you could simply set the number of replicas to 0 to avoid ES continuing to log message like that and allow the cluster to report a 'GREEN' status.

So while elastic, logstash, kibana are closed, I change the elasticsearch.yml file, and then I should just do the password setups and then start Elasticsearch, logstash, kibana? Or should I keep it running in background?
Basically to I keep the three running during setting password users or stop them until I set them?

You will need to have ES running when you run the elasticsearch-setup-passwords command so that it can store the passwords. You will then need to set the username/password in Logstash for the elasticsearch output configuration in your pipeline and for Kibana in the kibana.yml file. These 2 will have to be (re)started to pick up the new auth information.

Where would I do that? in elasticsearch.yml? or in kibana dev tools. And is below the correct comand

PUT /_settings
{
"index" : {
"number_of_replicas":0
}
}

This command doesnt have to be ran inside elasticsearch, right?

Where should the username/pwd be set in this file? This is the file content right now of kibana.yml

server.port: 5601
server.host: "0.0.0.0" 
elasticsearch.hosts: [http://localhost:9200"]

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.