Missing authentication credential for REST request

Elastic Stack Kibana
,
1

I'm trying to finish my single node setup with elasticsearch(ES) and kibana. I'm using docker-compose and ES version 7.17. I wanted to go without security however it is my understanding that adding adapters like Mongo DB, grey log requires securirty to be setup. So I followed the minimal security setup instruction (guide/en/elasticsearch/reference/7.17/security-minimal-setup.html). ES part seems to run but the kibana log complains:

{"type":"log","@timestamp":"2023-06-30T18:21:31+00:00","tags":["error","elasticsearch-service"],"pid":7,"message":"Unable to retrieve version information from Elasticsearch nodes. security_exception: [security_exception] Reason: missing authentication credentials for REST request [/_nodes?filter_path=nodes..version%2Cnodes..http.publish_address%2Cnodes.*.ip]"}`

These

I was able to use this url in my browser myserver:9200/_nodes?filter_path=nodes..version%2Cnodes..http.publish_address%2Cnodes.*.ip
I was asked for credentials and used kibana_system, as configured in ES. So I conclude that ES security is setup correctly. Here's my docker-compose setup:

elasticsearch:
    #image: elasticsearch:7.17.10
    image: docker.elastic.co/elasticsearch/elasticsearch:7.17.10-arm64
    container_name: elasticsearch
    volumes:
      - ./volumes/elasticsearch/data:/usr/share/elasticsearch/data
      #- ./volumes/elasticsearch/config:/usr/share/elasticsearch/config
    ports:
      - 9200:9200
    restart: always
    environment:
      - xpack.security.enabled=true
      - xpack.ml.enabled=false
      #- xpack.security.enabled=false
      #- xpack.security.enrollment.enabled=false
      - discovery.type=single-node
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1

  kibana:
    depends_on:
      - elasticsearch
    #image: kibana:7.17.10
    image: docker.elastic.co/kibana/kibana:7.17.10-arm64
    container_name: kibana
    volumes:
      - ./volumes/kibana/data:/usr/share/kibana/data
    ports:
      - 5601:5601
    restart: always
    environment:
      - elasticsearch.username="kibana_system"
      - elasticsearch.password="password"
      - elasticsearch.ssl.verificationMode="None"
      #- ELASTICSEARCH_HOSTS=http://elasticsearch:9200
      - ELASTICSEARCH_HOSTS=http://opi5.lan:9200
      - "XPACK_APM_SERVICEMAPENABLED=true"
      #XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY: d1a66dfd-c4d3-4a0a-8290-xxxxx83ab3aa
      - "LOGGING_ROOT_LEVEL=error"

The kibana part of the minimal setup confuses me as it stores the password in the keystore. But I'm also providing it via docker-compose. What will be leading? I did both anyway. What am I doing wrong?

2

Hi @kbfifi

I think your kibana environment variables are misconfigured. They should be all in caps and the . should be replaced by _. For more info see the relevant documentation.

3

Hi Nick,

Thank you very much! This exactly what's wrong.It's finally working now.

1 Like
4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.