authenticationelasticsearchkibana

Kibana use "kibana" user instead "kibana_system"

enter image description here

I installed Elastic + Kibana, both 8.15 version. When i trying to login as "elastic" user, im not able to do any in UI Kibana.

Elastic logs shows this:

[INFO ][o.e.x.s.a.RealmsAuthenticator] [elasticsearch-01] Authentication of [kibana] was terminated by realm [reserved] - failed to authenticate user [kibana]
[INFO ][o.e.x.s.a.RealmsAuthenticator] [elasticsearch-01] Authentication of [kibana] was terminated by realm [reserved] - failed to authenticate user [kibana]
[INFO ][o.e.x.s.a.RealmsAuthenticator] [elasticsearch-01] Authentication of [kibana] was terminated by realm [reserved] - failed to authenticate user [kibana]

1 time when open UI, and 2 times when login as elastic.

That show me kibana logs:

{"service":{"node":{"roles":["background_tasks","ui"]}},"ecs":{"version":"8.11.0"},"@timestamp":"2024-09-06T19:33:45.418+03:00","message":"Authentication attempt failed: {\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"unable to authenticate user [kibana] for REST request [/_security/_authenticate]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\", charset=\\\"UTF-8\\\"\",\"Bearer realm=\\\"security\\\"\",\"ApiKey\"]}}],\"type\":\"security_exception\",\"reason\":\"unable to authenticate user [kibana] for REST request [/_security/_authenticate]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\", charset=\\\"UTF-8\\\"\",\"Bearer realm=\\\"security\\\"\",\"ApiKey\"]}},\"status\":401}","log":{"level":"ERROR","logger":"plugins.security.authentication"},"process":{"pid":13961,"uptime":97.666693813},"trace":{"id":"cdc268f732c41d11315652b5882ac158"},"transaction":{"id":"bba4ea098195a6fe"}}

Elsatic have status: Green.

my elastic config:

cluster.name: test-elastic
node.name: elasticsearch-01
network.host: 0.0.0.0
discovery.seed_hosts: [10.10.5.25, 10.10.5.26, 10.10.5.27]
http.port: 9200
cluster.initial_master_nodes: ["10.10.5.25"]
path.data: "/data/elasticsearch"
path.logs: "/var/log/elasticsearch"
xpack.security.enabled: true
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  client_authentication: required
  keystore.path: certs/elastic-certificates.p12

my kibana config:

server.port: 5601
server.host: "0.0.0.0"
server.name: "kibana-01"
#xpack.security.enabled: false
elasticsearch.hosts: ["https://10.10.5.25:9200", "https://10.10.5.26:9200", "https://10.10.5.27:9200",]
#elasticsearch.username: "kibana_system"
#elasticsearch.password: "some_password"
elasticsearch.serviceAccountToken: "some_token"
elasticsearch.ssl.verificationMode: certificate
elasticsearch.ssl.certificateAuthorities: [ "/etc/kibana/elasticsearch-ca.pem" ]
server.ssl.enabled: true
server.ssl.certificate: /etc/kibana/kibana-server.crt
server.ssl.key: /etc/kibana/kibana-server.key

logging:
  appenders:
    file:
      type: file
      fileName: /var/log/kibana/kibana.log
      layout:
        type: json
  root:
    appenders:
      - default
      - file

i was trying user/pass and token variants, both times same errors.

Solution

  • I can't say what exactly the problem was, but adding nodes and kibana to the cluster using tokens rather than manually editing the configuration helped me.