We set up a elasticsearch cluster, installed Kibana and x-pack. Now the Kibana login screen display error message:
Login is disabled because your license has expired. Please extend your license or disable Security in Elasticsearch.
On line document suggested to put
xpack.security.enabled: false
in both es and kibana configuration files. Made the change, restarted both services and still get the error message.
Tried to remove x-pack but got this error message:
# bin/elasticsearch-plugin remove x-pack
/etc/sysconfig/elasticsearch: line 67: xpack.security.enabled:: command not found
Unable to source environment file: /etc/sysconfig/elasticsearch
Have to change the ':' to '=' to complete the remove process. Seems no way to use x-pack without license.
Related
I am running Elasticsearch and kibana, I am not sure of the status of my elasticsearsh cluster (if its red, yellow, or green) but it seems I need to get a token generated by elasticsearch as in the screenshot when I ran bin/elasticsearch-create-enrollment-token --scope kibana from the right directory it errors out ERROR: Failed to determine the health of the cluster..
According Ioannis Kakavas in discuss.elastic, "CLI tools extending BaseRunAsSuperuserCommand should only connect to the local node". When I run in a local node, it works. But when I run in the elasticsearch container in a cluster, it doesn't work. The solution was execute the elastic-search-reset-password and elasticsearch-create-enrollment-token scripts, respectively, like this (inside the elasticsearch container):
/usr/share/elasticsearch/bin/elasticsearch-reset-password -i -u elastic --url https://localhost:9200
/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana --url https://localhost:9200
I encountered the same problem, and I just redid the process - unzipped the ES and kibana zip files again, and ran bin/elasticsearch in the newly created directory. Look for a message that is encapsulated in a formatted box that contains both the password for the elastic user, and the enrollment token for Kibana (the token is only valid for 30 minutes). This message will only appear once, the first time you run elasticsearch.
I proceeded to run bin/kibana for Kibana and configured it in the browser, and everything worked out from there. Hope this helps!
I have the exact issue:
$ sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic
ERROR: Failed to determine the health of the cluster.
But after I restart the elasticsearch service:
$ sudo systemctl restart elasticsearch.service
then it works:
This tool will reset the password of the [elastic] user to an autogenerated value.
The password will be printed in the console.
Please confirm that you would like to continue [y/N]y
Password for the [elastic] user successfully reset.
New value: xxxxxx
Two possible solutions:
Make sure that you have enough disk space.
Your VPN might be causing the issue.
The enrollment Token will be present in the terminal itself. You just need to scroll up till you find it when you are installing.
The reason for the error - ERROR: Failed to determine the health of the cluster is due to the fact that Elastic has not been installed yet and running that command is like calling a function without defining it.
I have installed Elasticsearch 7, on Ubuntu. I believe X-Pack is installed by default, but I need to enable it.
In which file should I set this setting?
My cluster settings are in: /etc/elasticsearch/elasticsearch.yml and /etc/default/elasticsearch, but I cannot see xpack.security.enabled in either of files...
write the following line in /etc/elasticsearch/elasticsearch.yml :
xpack.security.enabled: true
when you enable xpack.security, you need to create user and password unless you cannot use elasticsearch or kibana. follow this guide:
https://www.elastic.co/guide/en/elastic-stack-overview/current/get-started-enable-security.html
New to Elasticsearch and Kibana, ive one to the website and downloaded both,
elasticsearch 6.7.0 and kibana 6.7.0
Followed the instructions, elasticsearch starts up, the console output is a bit messy but i can get to the default localhost:9200/ and it shows the json data fine.
In Kibana i edited the kibana.yml file in config and uncommented the default line elasticsearch.hosts: ["http://localhost:9200"]
Then ran bin/kibana
it seems to start up but then am flooded with a info message of
[info][task_manager] Installing .kibana_task_manager index template version: 6070099
and a warning of
[task_manager] PollError ActionRequestValidationException[Validation Failed: 1: template is missing;]
There were no other instructions besides those to start it up, did i miss something?, looks like a template is missing?
I had installed x-pack earlier and used it, but The elasticsearch.stdout log says :
java.lang.IllegalArgumentException: unknown secure setting
[bootstrap.password] please check that any required plugins are
installed, or check the breaking changes documentation for removed
settings
Thanks.
When you install X-Pack, bootstrap password is added to the keystore. If the elastic user does not have a password, the bootstrap is used by default. So, when it is set but don't run elasticsearch with X-Pack, elasticsearch fails!
Considering you uninstalled the X-Pack, I can recommend you remove it from the keystore by running the following command after navigating your [elacticsearch]/bin directory:
elasticsearch-keystore remove bootstrap.password
I'm trying to setup Shield for Elasticsearch, but had some trouble
When I try to start Elasticsearch like:
/usr/share/elasticsearch/bin/elasticsearch
all work as expected, but when I'm trying to start/restart Elasticsearch like:
/etc/init.d/elasticsearch srart
I've got error described below
[2015-02-17 21:44:09,662][ERROR][shield.audit.logfile ] [Tusk] [rest] [authentication_failed] origin_address=[/192.168.88.17:58291], principal=[es_admin], uri=[/_aliases?pretty=true]
OS: Ubuntu 12.04
Elasticsearch: 1.4.3
Shield: 1.0.1
Elasticsearch and Shield were running with default settings
If your elasticsearch configs are not in /usr/share/elasticsearch but lets say at /etc/elasticsearch
Then just move the usr/share/elasticsearch/config/shield to /etc/elasticseach
Take care that if you start elasticsearch with the user elasticsearch that the new /etc/elasticsearch/shield folder belongs to the user elasticsearch.
If that doesn't make it, then also see this
http://www.elasticsearch.org/guide/en/shield/current/getting-started.html#_configuring_your_environment
Same thing happened with me when i tried to add shield to our elasticsearch cluster to add auth based access to elasticsearch data.
I was on ubuntu 14.04 machine and elasticsearch was installed using a .deb package from elastic-download-link.
Elasticsearch was using a service startup script from
/etc/init.d/elasticsearch
in which the configuration was mentioned as:
# Elasticsearch configuration directory
CONF_DIR=/etc/$NAME
But when i tried to install shield plugin on elasticsearch from this-link
and tried to add user on shield by following es-docs using this command.
sudo bin/shield/esusers useradd es_admin -r admin
shield configuration was being updated in
/usr/share/elasticsearch/config/shield/
but elasticsearch server was expecting configuration files to be in
/etc/elasticsearch/shield/
due to this mismatch in read configuration file for shield and new updated file with newly added users on shield causing this authentication failure.
This can be solved either by moving
/usr/share/elasticsearch/config/shield/
to
/etc/elasticsearch/shield/
or by changing conf file location in
/etc/init.d/elasticsearch
as
# Elasticsearch configuration directory
CONF_DIR=/usr/share/elasticsearch/config/