Hi,
I have a debian 11 install on a server, i am using the ELK satck with the 7.17 version and Elasticsearch, Logstash, Filebeat and kibana are installa and configure and works perfectly when it's about monitoring log files. Kibana is secured in https and now i would like to add metric to monitor my server healt. But when i exec "sudo metricbeat setup -e" i have 1 error :
< Loading dashboards (Kibana must be running and reachable)
2024-02-22T14:17:12.949+0100 INFO kibana/client.go:180 Kibana url: https://localhost:8492
2024-02-22T14:17:12.977+0100 ERROR instance/beat.go:1027 Exiting: error connecting to Kibana: fail to get the Kibana version: HTTP GET request to https://localhost:8492/api/status fails: fail to execute the HTTP GET request: Get "https://localhost:8492/api/status": x509: certificate signed by unknown authority. Response: .
Exiting: error connecting to Kibana: fail to get the Kibana version: HTTP GET request to https://localhost:8492/api/status fails: fail to execute the HTTP GET request: Get "https://localhost:8492/api/status": x509: certificate signed by unknown authority. Response: .
elasticsearch, filebeat and logstash are not secured in TLS beacause they all are in local but kibana is accesible remotly so i use openssl to secure it.
In the certificate_authorities configuration you need to put the certificate for the CA that you used to create the Kibana certificate, it seems that you put the kibana certificate instead.
I created the certificates with openssl but i really don't remember any CA, maybe they are store in a default dir. Do you know, by any chance, where it can be ?
I did this like 2 months ago so i really don't remember but i will search, is there a chance i can maybe just generate again the certificates ? If not i will just look for it.
setup.kibana:
# Kibana Host
# Scheme and port can be left out and will be set to the default (http and 5601)
# In case you specify and additional path, the scheme is required: http://localhost:5601/path
# IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
host: "https://localhost:8492"
ssl.enabled: true
ssl.certificate: /etc/kibana/kibana.crt
ssl.key: /etc/kibana/kibana.key
ssl.certificate_authorities: /etc/kibana/kibana.crt
ssl.supportedProtocols: ["TLSv1.2"]
# setup.kibana.ssl.verification_mode: none
And this is the new error :
Loading dashboards (Kibana must be running and reachable)
2024-02-23T09:32:29.458+0100 WARN [cfgwarn] tlscommon/config.go:100 DEPRECATED: Treating the CommonName field on X.509 certificates as a host name when no Subject Alternative Names are present is going to be removed. Please update your certificates if needed. Will be removed in version: 8.0.0
2024-02-23T09:32:29.460+0100 INFO kibana/client.go:180 Kibana url: https://localhost:8492
2024-02-23T09:32:29.464+0100 ERROR instance/beat.go:1027 Exiting: error connecting to Kibana: fail to get the Kibana version: HTTP GET request to https://localhost:8492/api/status fails: fail to execute the HTTP GET request: Get "https://localhost:8492/api/status": x509: certificate is not valid for any names, but wanted to match localhost. Response: .
Exiting: error connecting to Kibana: fail to get the Kibana version: HTTP GET request to https://localhost:8492/api/status fails: fail to execute the HTTP GET request: Get "https://localhost:8492/api/status": x509: certificate is not valid for any names, but wanted to match localhost. Response: .
I checked a little and it seems like my CA wasnt store, i just generated it with openssl to be able to generate the keys.
and if just remove the "https://" in the metric conf file for kibana and i just use "localhost:8492" i have an other error message :
Loading dashboards (Kibana must be running and reachable)
2024-02-23T09:36:29.512+0100 WARN [cfgwarn] tlscommon/config.go:100 DEPRECATED: Treating the CommonName field on X.509 certificates as a host name when no Subject Alternative Names are present is going to be removed. Please update your certificates if needed. Will be removed in version: 8.0.0
2024-02-23T09:36:29.514+0100 INFO kibana/client.go:180 Kibana url: http://localhost:8492
2024-02-23T09:36:29.519+0100 ERROR instance/beat.go:1027 Exiting: error connecting to Kibana: fail to get the Kibana version: HTTP GET request to http://localhost:8492/api/status fails: fail to execute the HTTP GET request: Get "http://localhost:8492/api/status": EOF. Response: .
Exiting: error connecting to Kibana: fail to get the Kibana version: HTTP GET request to http://localhost:8492/api/status fails: fail to execute the HTTP GET request: Get "http://localhost:8492/api/status": EOF. Response: .
Ok that's amazing it worked, thank you a lot man really but i have 2 questions ahah.
First, is it normal that my metric beat isnt giving info like i have some info just when i type metricbeat setup and i would like info all the time not type it and then watch on kibana.
And ths second one, disable the tls verification mode is going to be a security problem ? Like does it create some issues with the security of my server ?
Can you give more context on this? It is not clear wht you want, what kind of info? metricbeat setup will just setup the dashboards and ingest pipelines in Kibana.
This disable the verification on metricbeat side, it affects only the client.
But you already have a bigger security issue because as you mentioned you disabled TLS in Elasticsearch as well, also, from what you shared is not clear if you are using authentication or not.
I have every modules as elasticsearch logstash beats and kibana on the same server so i just enanled the authentification and enabled tls encryption for kibana because it can be acces remotly.
For metricbeat i just want my server's health in the kibana interface but it seems like i can't unless i just type the command and i would like to have my server health accessible automatically.
I am sorry if this is not clear but english isn't my native langage.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.