Logstash Management user with default logstash_admin rol prevents logstash from starting

searchtool · May 8, 2019, 1:35pm

Hi,

i noticed when using the out of the box role logstash admin for a user as described in the docs

xpack.management.elasticsearch.username and xpack.management.elasticsearch.password
If your Elasticsearch cluster is protected with basic authentication, these settings provide the username and password that the Logstash instance uses to authenticate for accessing the configuration data. The username you specify here should have the logstash_admin role, which provides access to .logstash-* indices for managing configurations.

Logstash will not start due to an failing bootstrapcheck.

May 08 15:25:03 host1 logstash[12370]: Sending Logstash logs to /var/log/logstash/ which is now configured via log4j2.properties
May 08 15:25:03 host1 logstash[12370]: [2019-05-08T15:25:03,277][INFO ][logstash.configmanagement.bootstrapcheck] Using Elasticsearch as config store {:pipeline_id=>["Beats"], :poll_interval=>"5000000000ns"}`
May 08 15:25:04 host1 logstash[12370]: [2019-05-08T15:25:04,687][ERROR][logstash.licensechecker.licensereader] Unable to retrieve license information from license server {:message=>"Got responsecode '403' contacting Elasticsearch at URL 'https://host1:9200/_xpack'"}
May 08 15:25:04 host1 logstash[12370]: [2019-05-08T15:25:04,731][ERROR][logstash.configmanagement.elasticsearchsource] Failed to fetch X-Pack information from Elasticsearch. This is likely due to failure to reach a live Elasticsearch cluster.
May 08 15:25:04 host1 logstash[12370]: [2019-05-08T15:25:04,738][FATAL][logstash.runner          ] An unexpected error occurred! {:error=>#<LogStash::LicenseChecker::LicenseError: Failed to fetch X-Pack information from Elasticsearch. This is likely due to failure to reach a live Elasticsearch cluster
May 08 15:25:04 host1 logstash[12370]: [2019-05-08T15:25:04,748][ERROR][org.logstash.Logstash    ] java.lang.IllegalStateException: Logstash stopped processing because of an error: (SystemExit) exit
 May 08 15:26:42 host1 systemd[1]: logstash.service: main process exited, code=exited, status=1/FAILURE

I found out that when i use a superuser account for management the xpack license check completes ok.

is there more to it ? or did i fail somewhere

elastic, logstash 7.0.1

system · June 5, 2019, 1:36pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.