Problem shield - kibana

security

(Massimo Carro) #1

Hi guys,
I've configured elasticsearch to use shields and I'v create correctly a role and user for kibana4 to access to es.

Next I've installed shield on Kibana but without ssl enabled, I received a fatal like this:

{"type":"log","@timestamp":"2016-02-04T11:57:34+00:00","tags":["fatal"],"pid":8149,"level":"fatal","message":"shield.encryptionKey is required in kibana.yml.","error":{"message":"shield.encryptionKey is required in kibana.yml.","name":"Error","stack":"Error: shield.encryptionKey is required in kibana.yml.\n at ScopedPlugin.init [as externalInit] (/opt/kibana-4.4.0-linux-x64/installedPlugins/shield/index.js:36:59)\n at ScopedPlugin.tryCatcher (/opt/kibana-4.4.0-linux-x64/node_modules/bluebird/js/main/util.js:26:23)\n at Promise.attempt.Promise.try (/opt/kibana-4.4.0-linux-x64/node_modules/bluebird/js/main/method.js:30:24)\n at Object.register (/opt/kibana-4.4.0-linux-x64/src/server/plugins/Plugin.js:143:15)\n at /opt/kibana-4.4.0-linux-x64/node_modules/hapi/lib/plugin.js:254:14\n at iterate (/opt/kibana-4.4.0-linux-x64/node_modules/hapi/node_modules/items/lib/index.js:35:13)\n at Object.exports.serial (/opt/kibana-4.4.0-linux-x64/node_modules/hapi/node_modules/items/lib/index.js:38:9)\n at [object Object].internals.Plugin.register (/opt/kibana-4.4.0-linux-x64/node_modules/hapi/lib/plugin.js:236:11)\n at /opt/kibana-4.4.0-linux-x64/src/server/plugins/Plugin.js:150:32\n at tryCatcher (/opt/kibana-4.4.0-linux-x64/node_modules/bluebird/js/main/util.js:26:23)\n at Promise.fromNode (/opt/kibana-4.4.0-linux-x64/node_modules/bluebird/js/main/promise.js:164:30)\n at ScopedPlugin.init$ (/opt/kibana-4.4.0-linux-x64/src/server/plugins/Plugin.js:149:46)\n at tryCatch (/opt/kibana-4.4.0-linux-x64/node_modules/babel-runtime/regenerator/runtime.js:67:40)\n at GeneratorFunctionPrototype.invoke [as _invoke] (/opt/kibana-4.4.0-linux-x64/node_modules/babel-runtime/regenerator/runtime.js:315:22)\n at GeneratorFunctionPrototype.prototype.(anonymous function) [as next] (/opt/kibana-4.4.0-linux-x64/node_modules/babel-runtime/regenerator/runtime.js:100:21)\n at invoke (/opt/kibana-4.4.0-linux-x64/node_modules/babel-runtime/regenerator/runtime.js:136:37)"}}

How can I solve?
Thanks a lot.

Massimo


(Terje Sannum) #2

Set shield.encryptionKey in kibana.yml. See section 6b here: https://www.elastic.co/guide/en/shield/current/kibana.html


(Massimo Carro) #3

I've not configured to use ssl.
If I insert shield.encryptionKey kibana ask me to insert info for ssl authentication, but I've not said kibana to use ssl and neither to elasticsearch.

How can I check really that kibana doesn't use ssl? because seems that is use it...I'm just a bit confused


Shield 2.3.3 & Kibana
(Jay Modi) #4

It looks like our documentation is missing an important piece; The shield Kibana plugin requires SSL to be enabled, otherwise it will not work.

I will open an issue so that we can get this clarified in the documentation.

Edit: Please see step 5 on the page linked above for how to enable it.


Shield-LDAP for Kibana
(Massimo Carro) #5

Hi Jay,
I'm working on create an ssl connection, I was arrived at this solution.

Thanks a lot for your confirm.


(Hilal) #6

I have same problem. Can you write your solution please? I couldn't do ssl connection.

Thank you.


(Bob) #7

Buggers. Now I have to set up SSL in my lab...


(Stefan) #8

Amazing that it took me 2 and a half hours in June 2016 to figure out the shortcoming of your documentation you discovered in Feb.


(system) #9