Hi everyone!
I try to add to my Elastic stack 6 x-pack, on my CenOS7 VM.
Everything worked fine before x-pack was installed.
I followed closely this manual: Installing X-Pack | X-Pack for the Elastic Stack [6.2] | Elastic.
I installed x-pack and created a folder using certgen with nodeName.crt and nodeName.key.
Things I added to elasticsearch.yml after installing x-pack:
xpack.ssl.key: /etc/elasticsearch/${node.name}/${node.name}.key
xpack.ssl.certificate: /etc/elasticsearch/${node.name}/${node.name}.crt
xpack.ssl.certificate_authorities: /etc/elasticsearch/ca/ca.crt
xpack.security.transport.ssl.enabled: true
xpack.license.self_generated.type: "trial"
action.auto_create_index: .security,.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*,*
The path is fine.
I ran the password setup using the elasticsearch/bin/x-pack/setup-passwords interactive, and set my pass word for each product as its own user name and password. For example:
elasticsearch:
username: elasticsearch
password: elasticsearch
kibana:
username: kibana
password: kibana
and the same for logstash.
When I start elasticsearch using bin/elasticsearch - everything work fine.
I installed x-pack in kibana.
I added the following to kibana.yml:
elasticsearch.username: "kibana"
elasticsearch.password: "kibana"
I started kibana via /bin/kibana - everything works fine. I can enter the login info into kibana and I can see that elasticsearch is up and running.
I installed x-pack in logstash.
I added these line to logstash.yml:
xpack.monitoring.elasticsearch.url: "http://localhost:9200"
xpack.monitoring.elasticsearch.username: "logstash"
xpack.monitoring.elasticsearch.password: "logstash"
xpack.management.enabled: true
xpack.management.elasticsearch.url: "http://localhost:9200"
This is what I added to the .conf file:
output {
elasticsearch {
hosts => "localhost:9200"
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
user => "elasticsearch"
password => "elasticsearch"
}
}
when I try to run bin/logstash -f myConfigFile.conf I get these errors:
[ERROR] 2017-12-21 15:13:21.199 [[.monitoring-logstash]-pipeline-manager] licensemanager - Unable to retrieve license information from license server {:message=>"Got response code '401' contacting Elasticsearch at URL 'http://localhost:9200/_xpack'", :class=>"LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError"}
[ERROR] 2017-12-21 15:10:45.244 [Ruby-0-Thread-1: /usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/stud-0.0.23/lib/stud/task.rb:22] metrics - Monitoring is not available: License information is currently unavailable. Please make sure you have added your production elasticsearch connection info in the xpack.monitoring.elasticsearch settings.
[ERROR] 2017-12-21 15:13:51.233 [monitoring-license-manager] licensemanager - Unable to retrieve license information from license server {:message=>"Got response code '401' contacting Elasticsearch at URL 'http://localhost:9200/_xpack'", :class=>"LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError"}
When I try to run logstash as a service using systemctl (doing the same with elasticsearch and kibana works fine) and I tail the log I get this error:
[2017-12-21T13:31:17,457][ERROR][logstash.configmanagement.bootstrapcheck] There are config files (1) in the '/etc/logstash/conf.d/*.conf' folder. Elasticsearch is configured as the config store so configs cannot be sourced via the command line with -f or via logstash.yml with path.config
My questions are:
- What are these error and how to fix them?
- In elasticsearch.yml I have this configuration:
xpack.ssl.certificate_authorities: /etc/elasticsearch/ca/ca.crt
and according to this page the value should be something like: certs/ca/ca.crt. I generated .crt and .key files using certgen, but I used them as the previous configuration:
xpack.ssl.key: /etc/elasticsearch/${node.name}/${node.name}.key
xpack.ssl.certificate: /etc/elasticsearch/${node.name}/${node.name}.crt
What is the differance between the ssl .crt and .key and the authorities one? What I did is to artificially generate "ca" folder and "ca.crt" in it as the example shown in the elasticsearch docs. Did I did the right thing? how to handle this? I want to remind the everything worked ok with elastic, and no errors were presented due to this configuration.
-
When I tried to run again the x-pack setup passwrods interactive, it alrets me:
Failed to authenticate user 'elastic' against http://127.0.0.1:9200/_xpack/security/_authenticate?pretty Possible causes include: * The password for the 'elastic' user has already been changed on this cluster * Your elasticsearch node is running against a different keystore This tool used the keystore at /etc/elasticsearch/elasticsearch.keystore
It's sound reasonable because I did changed the password, but if I want to change it again or to inspect the usr/pass for each elastic stack product, how can I do it?
That's it. Can anyone help me get logstash working with x-pack and the rest of my elsatic stack?