I have recently installed opendistro elasticsearch on a dedicated host and also setting up APM server on another host.
I have the following Error response when starting up apm-server via systemctl
apm apm-server[3220]: 2021-05-14T13:42:24.221Z#011ERROR#011[publisher_pipeline_output]#011pipeline/output.go:154#011Failed to connect to backoff(elasticsearch(http://192.168.56.XXX:9200)): 401 Unauthorized: Unauthorized
I have the following 2 essential configuration in my apm-server configuration
apm-server:
# Defines the host and port the server is listening on. Use "unix:/path/to.sock" to listen on a unix domain socket.
host: "0.0.0.0:8200"
output.elasticsearch:
hosts: ["elasticserver:9200"]
I have checked:
I have the following section which is set to true by default, others such as LDAP, kerberos etc are set to false.
basic_internal_auth_domain:
description: "Authenticate via HTTP Basic against internal users database"
http_enabled: true
transport_enabled: true
order: 4
http_authenticator:
type: basic
challenge: true
authentication_backend:
type: intern
curl -U admin:admin http://elasticserver:9200
Unauthorizedroot@apm
This does sound like I need to create an internal user with a few backend roles (with rights to apm indices) assigned to it. I'm eager to see what y'all folks think.
I look forward to your responses, much obliged.
For basic authentication you do need to create an internal user, hash the password using the script on the master node and then map it to the "all_access" role