Since the release of Elastic Stack 5.6.0, we’ve discovered an issue during the upgrade process to this version.
Who is affected
Anyone upgrading a cluster that has indexes created with Elasticsearch 2.x or prior. This does not affect users installing a fresh 5.6 cluster nor those who started their Elastic journey with the 5.x releases.
Symptom
The problem is most visible through Kibana. After attempting to login to Kibana post-upgrade, the following error appears:
It may also manifests as the following error:
Or if X-Pack is in use:
In any case, the Elasticsearch cluster itself (including all of your data in Elasticsearch) is not affected and correctly reports itself as in Green status.
Mitigation
We have created a hotfix script you can use to fix the issues in your cluster. The script must be run on a Linux system with network access to an instance in the impacted Elasticsearch cluster. Alternatively, waiting for 5.6.1 is also an option.
Using the hotfix script:
1 - Stop Kibana
Stop the existing Kibana process using the appropriate command for your system. For example on a systemd-based Linux distribution installed via our RPM/DEB packages:
sudo systemctl stop kibana
2 - Download the hotfix script
The patch is available to download here. You can download directly to your workstation or server with curl, for example:
curl -L -O https://download.elastic.co/downloads/kibana/8134-patch.sh
3 - Run the hotfix
Without X-Pack Installed
If you are not using X-Pack then you need only specify a URL to a node in your cluster, for example:
./8134-patch.sh http://mycluster:9200
If you do not specify a URL, it defaults to http://localhost:9200
With X-Pack Installed
If you are using X-Pack and have the Security enabled, you'll need to pass credentials for a cluster user (assigned to the superuser built-in role), for example:
./8134-patch.sh https://mycluster:9200 elastic:mypassword
4 - Start Kibana
Start the existing Kibana process using the appropriate command for your system. For example on a systemd-based Linux distribution installed via our RPM/DEB packages:
sudo systemctl start kibana
Cause
The root cause is a bug in Elasticsearch we are targeting to fix in 5.6.1, and that release will be imminent. Waiting for 5.6.1 is a viable option if you have not already upgraded.