I used systemd to restart elasticsearch and here is the next step to configure user passwords:
root@oc-elk:/usr/share/elasticsearch# bin/x-pack/setup-passwords interactive
Connection failure to: http://10.7.1.61:9200/_xpack/security/_authenticate?pretty failed: Connection refused (Connection refused)
ERROR: Failed to connect to elasticsearch at http://10.7.1.61:9200/_xpack/security/_authenticate?pretty. Is the URL correct and elasticsearch running?
You should not run Elasticsearch as root. We have an explicit bootstrap check for this reason as you already found out.
This is the suggested way to start Elasticsearch.
You first try to access it on localhost and then on 10.7.1.61, is this really where Elasticsearch is listening?
This either means that something is blocking access to port 9200 or that Elasticsearch is not running. You should check to see if Elasticsearch started correctly by looking at the logs. You can either check journal entries for errors
sudo journalctl --unit elasticsearch
and/or check your logs at /var/log/Elasticsearch.log for indications of what might have gone wrong.
Also, when you run
sudo netstat -nlp | grep 9200
or
ps aux | grep elasticsearch
what do you get ?
Finally, you can show us your elasticsearch.yml file so that we can see how you have configured Elasticsearch.
root@oc-elk:/usr/share/elasticsearch# curl -X GET "10.7.1.61:9200/"
{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication token for REST request [/]","header":{"WWW-Authenticate":"Basic realm="security" charset="UTF-8""}}],"type":"security_exception","reason":"missing authentication token for REST request [/]","header":{"WWW-Authenticate":"Basic realm="security" charset="UTF-8""}},"status":401}
elk_user@oc-elk:~$ sudo journalctl --unit elasticsearch
-- Logs begin at Wed 2018-05-02 13:16:07 EDT, end at Thu 2018-05-03 09:32:31 EDT. --
May 02 13:16:09 oc-elk systemd[1]: Started Elasticsearch.
May 03 08:58:04 oc-elk systemd[1]: Stopping Elasticsearch...
May 03 08:58:12 oc-elk systemd[1]: Stopped Elasticsearch.
May 03 08:58:12 oc-elk systemd[1]: Started Elasticsearch.
elk_user@oc-elk:~$ sudo netstat -nlp | grep 9200
tcp6 0 0 10.7.1.61:9200 :::* LISTEN 43514/java
elk_user@oc-elk:~$ ps aux | grep elasticsearch
elastic+ 43514 63.6 74.9 101618332 6122332 ? Ssl 08:58 22:31 /usr/bin/java -Xms4g -Xmx4g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.io.tmpdir=/tmp/elasticsearch.uNTeC9yy -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/lib/elasticsearch -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintTenuringDistribution -XX:+PrintGCApplicationStoppedTime -Xloggc:/var/log/elasticsearch/gc.log -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=32 -XX:GCLogFileSize=64m -Des.path.home=/usr/share/elasticsearch -Des.path.conf=/etc/elasticsearch -cp /usr/share/elasticsearch/lib/* org.elasticsearch.bootstrap.Elasticsearch -p /var/run/elasticsearch/elasticsearch.pid --quiet
elastic+ 43597 0.0 0.0 135640 7156 ? Sl 08:58 0:00 /usr/share/elasticsearch/plugins/x-pack/x-pack-ml/platform/linux-x86_64/bin/controller
elk_user 43902 0.0 0.0 14220 960 pts/0 R+ 09:33 0:00 grep --color=auto elasticsearch
elk_user@oc-elk:~$ sudo cat /etc/elasticsearch/elasticsearch.yml
cluster.name: ocs-elk-cluster
node.name: oc-elk
#node.attr.rack: r1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
#bootstrap.memory_lock: true
network.host: 10.7.1.61
#http.port: 9200
#discovery.zen.ping.unicast.hosts: ["host1", "host2"]
#discovery.zen.minimum_master_nodes:
#gateway.recover_after_nodes: 3
#action.destructive_requires_name: true
thanks again for all the help.
This
and this
cannot be both happening at the same time...
Can you please run
bin/x-pack/setup-passwords interactive -v
and share the output ?
root@oc-elk:/usr/share/elasticsearch# bin/x-pack/setup-passwords interactive -v
Running with configuration path: /etc/elasticsearch
Testing if bootstrap password is valid for http://10.7.1.61:9200/_xpack/security/_authenticate?pretty
{
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "failed to authenticate user [elastic]",
"header" : {
"WWW-Authenticate" : "Basic realm="security" charset="UTF-8""
}
}
],
"type" : "security_exception",
"reason" : "failed to authenticate user [elastic]",
"header" : {
"WWW-Authenticate" : "Basic realm="security" charset="UTF-8""
}
},
"status" : 401
}
Failed to authenticate user 'elastic' against http://10.7.1.61:9200/_xpack/security/_authenticate?pretty
Possible causes include:
ERROR: Failed to verify bootstrap password
This would indicate that you have already run the setup-passwords command once successfully and set the password for the elastic user, can this be the case ?
If you have set the password but don't remember what it is, you can do a "password reset" reading through the instructions and information in the seminal post from @TimV
Yes I believe this is the case - that i have already run the setup-passwords command. I have set the password and do have it.
Ok , then you don't need to run setup-passwords again. You have successfully installed X-Pack, you have set the passwords for your internal users, then you're good to go. To make authenticated requests to Elasticsearch you need to pass the -u parameter in curl , i.e.
curl -X GET -u elastic "http://10.7.1.61:9200/"
and enter the password you had set once you are prompted
elk_user@oc-elk:~$ curl -X GET -u elastic "http://10.7.1.61:9200/"
Enter host password for user 'elastic':
{
"name" : "oc-elk",
"cluster_name" : "ocs-elk-cluster",
"cluster_uuid" : "He1zkCcOSnK5UlyqVr01LA",
"version" : {
"number" : "6.2.4",
"build_hash" : "ccec39f",
"build_date" : "2018-04-12T20:37:28.497551Z",
"build_snapshot" : false,
"lucene_version" : "7.2.1",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}
elk_user@oc-elk:~$
Awesome. Then I take it, that your issues have been resolved and your questions regarding the installation of X-pack have been answered !
Thank you very much for all your time and assistance...This is a great resource.
I have successfully installed x-pack on elasticsearch, kibana, and logstash. I did not complete the TLS installation section. Is the TLS section necessary on a single node deployment?
I have a trial license until June 2. The kibana console shows this trial license to be active. I cannot get the status from the command line:
root@oc-elk:~# GET _xpack/license/trial_status
Can't connect to _xpack:80
Temporary failure in name resolution at /usr/share/perl5/LWP/Protocol/http.pm line 47.
No, not while you're on a trial license or if you choose to continue with a license that doesn't enable X-Pack security.
The example from which you copy pasted that is meant as an instruction to be run via Kibana's dev console and not in your linux shell. In many linux distributions GET ( as in /usr/bin/GET ) is a symbolic link to lwp-request and this is what throws this error.
You either need to copy paste this command in your kibana dev console or click on the "Copy as curl" which will put
curl -X GET "localhost:9200/_xpack/license/trial_status"
(adjust localhost to your IP Address)
good morning - thanks for the update...here is the result:
{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication token for REST request [/_xpack/license/trial_status]","header":{"WWW-Authenticate":"Basic realm="security" charset="UTF-8""}}],"type":"security_exception","reason":"missing authentication token for REST request [/_xpack/license/trial_status]","header":{"WWW-Authenticate":"Basic realm="security" charset="UTF-8""}},"status":401}
As we discussed above, now that you have X-Pack security enabled you need to make authenticated calls with CURL so you need to pass the -u elastic parameter.
To be clear: There is nothing wrong with your installation, and there is no need to report here that the command will succeed. As you have already seen via Kibana the trial license is valid until June 2, you just want to access the same information directly from the Elasticsearch API. The response will be the same.
thank you for the clarification - here is the corrected result - i only want to ensure the licensing is correct - we will most likely purchase a license for this product very soon once i can get the PoC up
root@oc-elk:/usr/share/elasticsearch# curl -X GET -u elastic "10.7.1.61:9200/_xpack/license/trial_status"
Enter host password for user 'elastic':
{"eligible_to_start_trial":false}
You get only this result because _xpack/license/trial_status is the trial status API. If you want to get more details you should query the Get license API at x_pack/license that will return the expiration date and other information.
yes it looks like the installation is set.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.