Unable to login in Kibana after enable x-pack

Hello,
I was using elasticsearch and kibana without problem, but I need to enable some features related with users (to create some accounts and give some permissions to some users), so I need to enable x-pack option to do that.
Unfortunatly when I enabled x-pack I lost access to kibana. I logged in but I lose the access and the follow message appears in the browser:

{"statusCode":401,
"error":"Unauthorized",
"message":"security_exception"}

To enable the x-pack I had to:
in /etc/elasticsearch/elasticsearch.yml
add:
xpack.security.enabled: true

in /etc/kibana/kibana.yml
add:

elasticsearch.username: "kibana"
elasticsearch.password: "***"

I introduced some passwords using:
/usr/share/elasticsearch/bin/./elasticsearch-setup-passwords interactive
(the password I create here for kibana is the same I wrote in the file kibana.yml)

I restart the services:

systemctl restart kibana
systemctl restart elasticsearch

I verify with:
curl -XGET -u elastic:*** http://localhost:9200/_cluster/health?pretty
I get:

{
  "cluster_name" : "elasticsearch",
  "status" : "yellow",
  "timed_out" : false,
  "number_of_nodes" : 1,
  "number_of_data_nodes" : 1,
  "active_primary_shards" : 23,
  "active_shards" : 23,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 11,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 67.64705882352942
}

I send logs in the end (kibana/kibana.log and elasticsearch/elasticsearch.log)

Elastic and kibana version: 7.12.1

Thank you for your help.
Best regards,
Fabio

Kibana.log


{"type":"log","@timestamp":"2021-06-14T14:07:23+00:00","tags":["debug","metrics","ops"],"pid":57954,"ecs":{"version":"1.7.0"},"event":{"kind":"metric","category":["process>{"type":"log","@timestamp":"2021-06-14T14:07:23+00:00","tags":["debug","plugins","taskManager"],"pid":57954,"message":"Latest Monitored Stats: {\"id\":\"7ac66161-4c87-4091>
{"type":"log","@timestamp":"2021-06-14T14:07:23+00:00","tags":["debug","elasticsearch","query","taskManager"],"pid":57954,"message":"200\nPOST /.kibana_task_manager/_updat>
{"type":"log","@timestamp":"2021-06-14T14:07:24+00:00","tags":["debug","elasticsearch","query","data"],"pid":57954,"message":"200\nPOST /.reporting-*/_search\n{\"seq_no_pr>
{"type":"log","@timestamp":"2021-06-14T14:07:24+00:00","tags":["debug","elasticsearch","query","data"],"pid":57954,"message":"200\nGET /_nodes?filter_path=nodes.*.version%>
{"type":"log","@timestamp":"2021-06-14T14:07:25+00:00","tags":["debug","http","server","Kibana","cookie-session-storage"],"pid":57954,"message":"Error: Unauthorized"}
{"type":"log","@timestamp":"2021-06-14T14:07:25+00:00","tags":["debug","plugins","security","basic","basic"],"pid":57954,"message":"Trying to authenticate user request to >
{"type":"log","@timestamp":"2021-06-14T14:07:25+00:00","tags":["debug","plugins","security","basic","basic"],"pid":57954,"message":"Cannot authenticate requests with `Auth>
{"type":"log","@timestamp":"2021-06-14T14:07:25+00:00","tags":["debug","plugins","security","http"],"pid":57954,"message":"Trying to authenticate user request to /."}
{"type":"log","@timestamp":"2021-06-14T14:07:25+00:00","tags":["debug","elasticsearch","query","data"],"pid":57954,"message":"401\nGET /_security/_authenticate [security_e>
{"type":"log","@timestamp":"2021-06-14T14:07:25+00:00","tags":["debug","plugins","security","http"],"pid":57954,"message":"Failed to authenticate request to / via authoriz>
{"type":"log","@timestamp":"2021-06-14T14:07:25+00:00","tags":["info","plugins","security","authentication"],"pid":57954,"message":"Authentication attempt failed: security>
{"type":"log","@timestamp":"2021-06-14T14:07:25+00:00","tags":["debug","plugins","licensing"],"pid":57954,"message":"Requesting Elasticsearch licensing API"}
{"type":"log","@timestamp":"2021-06-14T14:07:25+00:00","tags":["debug","elasticsearch","query","data"],"pid":57954,"message":"200\nGET /_xpack?accept_enterprise=true\n"}
{"type":"log","@timestamp":"2021-06-14T14:07:25+00:00","tags":["debug","http","server","response"],"pid":57954,"ecs":{"version":"1.7.0"},"client":{"ip":"127.0.0.1"},"http">{"type":"log","@timestamp":"2021-06-14T14:07:26+00:00","tags":["debug","elasticsearch","query","data"],"pid":57954,"message":"200\nGET /_xpack?accept_enterprise=true\n"}
{"type":"log","@timestamp":"2021-06-14T14:07:26+00:00","tags":["debug","elasticsearch","query","monitoring"],"pid":57954,"message":"200\nGET /_xpack?accept_enterprise=true>
{"type":"log","@timestamp":"2021-06-14T14:07:26+00:00","tags":["debug","elasticsearch","query","taskManager"],"pid":57954,"message":"200\nPOST /.kibana_task_manager/_updat>
{"type":"log","@timestamp":"2021-06-14T14:07:26+00:00","tags":["debug","elasticsearch","query","data"],"pid":57954,"message":"200\nGET /.kibana_7.12.1/_doc/config%3A7.12.1>
{"type":"log","@timestamp":"2021-06-14T14:07:26+00:00","tags":["debug","plugins","monitoring","monitoring","kibana-monitoring"],"pid":57954,"message":"not sending [kibana_>
{"type":"log","@timestamp":"2021-06-14T14:07:26+00:00","tags":["debug","plugins","monitoring","monitoring","kibana-monitoring"],"pid":57954,"message":"Uploading bulk stats>
{"type":"log","@timestamp":"2021-06-14T14:07:26+00:00","tags":["debug","elasticsearch","query","data"],"pid":57954,"message":"200\nPOST /_monitoring/bulk?system_id=kibana&>
{"type":"log","@timestamp":"2021-06-14T14:07:26+00:00","tags":["debug","plugins","monitoring","monitoring","kibana-monitoring"],"pid":57954,"message":"Uploaded bulk stats >
{"type":"log","@timestamp":"2021-06-14T14:07:27+00:00","tags":["debug","elasticsearch","query","data"],"pid":57954,"message":"200\nGET /_nodes?filter_path=nodes.*.version%>
{"type":"log","@timestamp":"2021-06-14T14:07:27+00:00","tags":["debug","elasticsearch","query","data"],"pid":57954,"message":"200\nPOST /.reporting-*/_search\n{\"seq_no_pr>
{"type":"log","@timestamp":"2021-06-14T14:07:28+00:00","tags":["debug","metrics","ops"],"pid":57954,"ecs":{"version":"1.7.0"},"event":{"kind":"metric","category":["process>

Elasticsearch.log


[2021-06-14T14:16:20,984][ERROR][o.e.x.i.IndexLifecycleRunner] [elk] policy [filebeat] for index [filebeat-7.12.1-2021.06.14] failed on step [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}]. Moving to ERROR step
[2021-06-14T14:26:20,904][INFO ][o.e.x.i.IndexLifecycleRunner] [elk] policy [filebeat] for index [filebeat-7.12.1-2021.05.09] on an error step due to a transient error, moving back to the failed step [check-rollover-ready] for execution. retry attempt [182]
[2021-06-14T14:26:20,906][INFO ][o.e.x.i.IndexLifecycleRunner] [elk] policy [filebeat] for index [filebeat-7.12.1-2021.05.11] on an error step due to a transient error, moving back to the failed step [check-rollover-ready] for execution. retry attempt [38]
[2021-06-14T14:26:20,908][INFO ][o.e.x.i.IndexLifecycleRunner] [elk] policy [filebeat] for index [filebeat-7.12.1-2021.05.07] on an error step due to a transient error, moving back to the failed step [check-rollover-ready] for execution. retry attempt [326]
[2021-06-14T14:26:20,912][INFO ][o.e.x.i.IndexLifecycleRunner] [elk] policy [filebeat] for index [filebeat-7.12.1-2021.05.08] on an error step due to a transient error, moving back to the failed step [check-rollover-ready] for execution. retry attempt [254]
[2021-06-14T14:26:20,913][INFO ][o.e.x.i.IndexLifecycleRunner] [elk] policy [filebeat] for index [filebeat-7.12.1-2021.05.05] on an error step due to a transient error, moving back to the failed step [check-rollover-ready] for execution. retry attempt [470]
[2021-06-14T14:26:20,917][INFO ][o.e.x.i.IndexLifecycleRunner] [elk] policy [filebeat] for index [filebeat-7.12.1-2021.05.10] on an error step due to a transient error, moving back to the failed step [check-rollover-ready] for execution. retry attempt [110]
[2021-06-14T14:26:20,921][ERROR][o.e.x.i.IndexLifecycleRunner] [elk] policy [filebeat] for index [filebeat-7.12.1-2021.05.04] failed on step [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}]. Moving to ERROR step
[2021-06-14T14:26:20,924][INFO ][o.e.x.i.IndexLifecycleRunner] [elk] policy [filebeat] for index [filebeat-7.12.1-2021.05.06] on an error step due to a transient error, moving back to the failed step [check-rollover-ready] for execution. retry attempt [398]
[2021-06-14T14:26:20,926][INFO ][o.e.x.i.IndexLifecycleRunner] [elk] policy [filebeat] for index [filebeat-7.12.1-2021.06.14] on an error step due to a transient error, moving back to the failed step [check-rollover-ready] for execution. retry attempt [6]
"elasticsearchLog.log" 31L, 7641C

Welcome!

Please format your code, logs or configuration files using </> icon as explained in this guide and not the citation button. It will make your post more readable.

Or use markdown style like:

```
CODE
```

This is the icon to use if you are not using markdown format:

There's a live preview panel for exactly this reasons.

Lots of people read these forums, and many of them will simply skip over a post that is difficult to read, because it's just too large an investment of their time to try and follow a wall of badly formatted text.
If your goal is to get an answer to your questions, it's in your interest to make it as easy to read and understand as possible.

Also please don't post images of text as they are hard to read, may not display correctly for everyone, and are not searchable.

Instead, paste the text and format it with </> icon or pairs of triple backticks (```), and check the preview window to make sure it's properly formatted before posting it. This makes it more likely that your question will receive a useful answer.

It would be great if you could update your post to solve this.

I'm moving your post to #elastic-stack:kibana as Elasticsearch seems to be working well here.

Thank you David.

Regards.

What user do you use to login kibana?

Also, the kibana instance is configured to use the kibana user to connect to elasticsearch. Could you please check it via the curl command as well and see whether it works, e.g.:

curl -XGET -u kibana:*** http://localhost:9200/_cluster/health?pretty

Good morning Yang,

The user I use to login kibana is kibanaadmin.
When I run this script curl -XGET -u kibana:*** http://localhost:9200/_cluster/health?pretty
i get this

{
  "cluster_name" : "elasticsearch",
  "status" : "yellow",
  "timed_out" : false,
  "number_of_nodes" : 1,
  "number_of_data_nodes" : 1,
  "active_primary_shards" : 37,
  "active_shards" : 37,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 28,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 56.92307692307692
}

Thank you for your help.

It seems the kibana user works fine which means Kibana itself should be able to communicate to the elasticsearch instance.

Could you please try authenticate with curl using your login user as well? e.g.

curl -u kibanaadmin:*** http://localhost:9200/_security/_authenticate

Since the original error you posted was a 401, the above command should help figure out whether it is a password issue.

Hello Yang,

I try authenticate with the curl:

curl -u kibanaadmin:*** http://localhost:9200/_security/_authenticate

and the output was:

{"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [kibanaadmin] for REST request [/_security/_authenticate]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"unable to authenticate user [kibanaadmin] for REST request [/_security/_authenticate]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}

And I can't authenticate...

Thank you for your help.

Hello everyone,

Anyone already enabled x-pack option in elasticsearch? Works well? Can you send me the link with all I need to do to make this happen?
I already tried a lot of options but since I enable my x-pack config in elasticsearch.yml, my kibana stop working (through the browser).

Thank you.
Regards.

This means the kibanaadmin user cannot authenticate to Elasticsearch. So this is not a Kibana issue. The errors you see in Kibana logs are just propogated from elasticsearch.

The reason for 401 is either (1) user does not exist or (2) password is incorrect. Since you have a working elastic user, you can try the followings:

Check whether the user kibanaadmin exists with:

curl -u elastic:*** http://localhost:9200/_security/user/kibanaadmin

If it does exist, it is a password problem. Try reset its password with the change password API.

If it does not exist, you need to create the user with the create user API.

Afterwards, you should be able to authenticate to elasticsearch directly with the kibanaadmin user. Please re-try:

curl -u kibanaadmin:*** http://localhost:9200/_security/_authenticate

If it works, try login with Kibana using the browser again.

Thank you Yang.
In the reality I installed again ELK now the current version.
The x-pack functionality is working now.

Thank you for your help.

Regards.