Kibana 服务器尚未准备好 - [security_exception] 无法验证用户 [elastic]

问题描述 投票:0回答:2

发生的情况是我尝试为 ElasticSearch 和 Kibana 添加用户。对于 ElasticSearch,我在 elasticsearch.yml 中添加了 

xpack.security.enabled: true
,在 kibana.yml 中添加了 
elasticsearch.username: "elastic"
elasticsearch.password: "ipF2vorNqvRgXTjuptqS"

当我启动 ElasticSearch 时,系统提示我输入用户名和密码。我这样做并成功登录。

但是当我启动 Kibana 时,在日志中出现此错误:

 [warning][licensing][plugins] License information could not be obtained from Elasticsearch due to [security_exception] unable to authenticate user [elastic] for REST request [/_xpack]

在http://localhost:5601,我收到此错误

Kibana server is not ready yet

为了排除故障,我运行 http://localhost:9200/_security/user/ 并得到

{
   "elastic":{
      "username":"elastic",
      "roles":[
         "superuser"
      ],
      "full_name":null,
      "email":null,
      "metadata":{
         "_reserved":true
      },
      "enabled":true
   },
   "kibana":{
      "username":"kibana",
      "roles":[
         "kibana_system"
      ],
      "full_name":null,
      "email":null,
      "metadata":{
         "_deprecated":true,
         "_deprecated_reason":"Please use the [kibana_system] user instead.",
         "_reserved":true
      },
      "enabled":true
   },
   "kibana_system":{
      "username":"kibana_system",
      "roles":[
         "kibana_system"
      ],
      "full_name":null,
      "email":null,
      "metadata":{
         "_reserved":true
      },
      "enabled":true
   },
   "logstash_system":{
      "username":"logstash_system",
      "roles":[
         "logstash_system"
      ],
      "full_name":null,
      "email":null,
      "metadata":{
         "_reserved":true
      },
      "enabled":true
   },
   "beats_system":{
      "username":"beats_system",
      "roles":[
         "beats_system"
      ],
      "full_name":null,
      "email":null,
      "metadata":{
         "_reserved":true
      },
      "enabled":true
   },
   "apm_system":{
      "username":"apm_system",
      "roles":[
         "apm_system"
      ],
      "full_name":null,
      "email":null,
      "metadata":{
         "_reserved":true
      },
      "enabled":true
   },
   "remote_monitoring_user":{
      "username":"remote_monitoring_user",
      "roles":[
         "remote_monitoring_collector",
         "remote_monitoring_agent"
      ],
      "full_name":null,
      "email":null,
      "metadata":{
         "_reserved":true
      },
      "enabled":true
   }
}

我按照步骤在elasticsearch 设置密码。

D:\elasticsearch\bin>elasticsearch-setup-passwords auto
future versions of Elasticsearch will require Java 11; your Java version from [C:\Program Files\Java\jdk1.8.0_251\jre] does not meet this requirement
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
The passwords will be randomly generated and printed to the console.
Please confirm that you would like to continue [y/N]y


Changed password for user apm_system
PASSWORD apm_system = TCxggBZ1O8u7pCYMQZx3

Changed password for user kibana_system
PASSWORD kibana_system = G48r4h6M6WjLnjzPqjAG

Changed password for user kibana
PASSWORD kibana = G48r4h6M6WjLnjzPqjAG

Changed password for user logstash_system
PASSWORD logstash_system = UQZTsQrN84jQuzCKnOSc

Changed password for user beats_system
PASSWORD beats_system = wC5h5tShmOuouJ072owM

Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = VHqOCfKuxbCCjbEMTWQZ

Changed password for user elastic
PASSWORD elastic = ipF2vorNqvRgXTjuptqS

如何进一步排除或解决此问题?我应该在 kibana.yml 中使用“elastic”或“kibana_system”作为用户名吗?

这是kibana.yml

# Kibana is served by a back end server. This setting specifies the port to use.
#server.port: 5601

# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
#server.host: "localhost"

# Enables you to specify a path to mount Kibana at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
#server.basePath: ""

# Specifies whether Kibana should rewrite requests that are prefixed with
# `server.basePath` or require that they are rewritten by your reverse proxy.
# This setting was effectively always `false` before Kibana 6.3 and will
# default to `true` starting in Kibana 7.0.
#server.rewriteBasePath: false

# The maximum payload size in bytes for incoming server requests.
#server.maxPayloadBytes: 1048576

# The Kibana server's name.  This is used for display purposes.
#server.name: "your-hostname"

# The URLs of the Elasticsearch instances to use for all your queries.
#elasticsearch.hosts: ["http://localhost:9200"]

# When this setting's value is true Kibana uses the hostname specified in the server.host
# setting. When the value of this setting is false, Kibana uses the hostname of the host
# that connects to this Kibana instance.
#elasticsearch.preserveHost: true

# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
# dashboards. Kibana creates a new index if the index doesn't already exist.
#kibana.index: ".kibana"

# The default application to load.
#kibana.defaultAppId: "home"

# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
elasticsearch.username: "elastic"
elasticsearch.password: "ipF2vorNqvRgXTjuptqS"

# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
#server.ssl.enabled: false
#server.ssl.certificate: /path/to/your/server.crt
#server.ssl.key: /path/to/your/server.key

# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
# These files are used to verify the identity of Kibana to Elasticsearch and are required when
# xpack.security.http.ssl.client_authentication in Elasticsearch is set to required.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key

# Optional setting that enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]

# To disregard the validity of SSL certificates, change this setting's value to 'none'.
#elasticsearch.ssl.verificationMode: full

# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
# the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500

# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
#elasticsearch.requestTimeout: 30000

# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]

# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}

# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 30000

# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying.
#elasticsearch.startupTimeout: 5000

# Logs queries sent to Elasticsearch. Requires logging.verbose set to true.
#elasticsearch.logQueries: false

# Specifies the path where Kibana creates the process ID file.
#pid.file: /var/run/kibana.pid

# Enables you to specify a file where Kibana stores log output.
#logging.dest: stdout

# Set the value of this setting to true to suppress all logging output.
#logging.silent: false

# Set the value of this setting to true to suppress all logging output other than error messages.
#logging.quiet: false

# Set the value of this setting to true to log all events, including system usage information
# and all requests.
#logging.verbose: false

# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000.
#ops.interval: 5000

# Specifies locale to be used for all localizable strings, dates and number formats.
# Supported languages are the following: English - en , by default , Chinese - zh-CN .
#i18n.locale: "en"

#elasticsearch.username: "elastic"
#elasticsearch.password: "ipF2vorNqvRgXTjuptqS"

#elasticsearch.username: "kibana_system"
#elasticsearch.password: "kibanapassword"
elasticsearch kibana
2个回答
2
投票

您还需要在 kibana.yml 文件中配置密码:

elasticsearch.password:$password

在此处查看文档:https://www.elastic.co/guide/en/kibana/current/using-kibana-with-security.html

0
投票

转到 kibana 文件夹中的 config > kibana.yml

改变这个

elasticsearch.hosts: ["https://172.35.92.97:9200"] 


elasticsearch.hosts: ["http://172.35.92.97:9200"].

发表评论如下:

elasticsearch.ssl.certificateAuthorities: [/Users/ozgurhanpolat/Downloads/kibana-8.11.1/data/ca_1704372255930.crt]


xpack.fleet.outputs: [{id: fleet-default-output, name: default, is_default: true, is_default_monitoring: true, type: elasticsearch, hosts: ['https://172.35.92.97:9200'], ca_trusted_fingerprint: b2aed3603d21e57e369af8e9960f94b20a7d93f6b91aac219c908fdd189d737f}] .

保存并关闭 kibana 并再次运行。

不要忘记,在执行上述操作之前,您必须配置 kibana 并运行至少一次。

请注意,这适用于 kibana 8.11.1elasticsearch 8.11.1 版本。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.