Kibana, Searchguard & X-Pack Mointoring

When asking questions, please provide the following information:

Hi there I would like to ask if anyone has seen the following error.

  • Search Guard and Elasticsearch version

6.2.2

  • Installed and used enterprise modules, if any

None

  • JVM version and operating system version

The one that ships with the offical docker containers

  • Search Guard configuration files

Default for now testing TLS setup and deployment

  • Elasticsearch log messages on debug level

{“type”:“error”,"@timestamp":“2018-04-20T17:41:45Z”,“tags”:[“fatal”],“pid”:1,“level”:“fatal”,“error”:{“message”:“child “searchguard” fails because [“ssl” is not allowed]”,“name”:“ValidationError”,“stack”:“ValidationError: child “searchguard” fails because [“ssl” is not allowed]\n at Object.exports.process (/usr/share/kibana/node_modules/joi/lib/errors.js:181:19)\n at _validateWithOptions (/usr/share/kibana/node_modules/joi/lib/any.js:651:31)\n at root.validate (/usr/share/kibana/node_modules/joi/lib/index.js:121:23)\n at Config._commit (/usr/share/kibana/src/server/config/config.js:119:35)\n at Config.set (/usr/share/kibana/src/server/config/config.js:89:10)\n at Config.extendSchema (/usr/share/kibana/src/server/config/config.js:62:10)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:22:12\n at next (native)\n at step (/usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:191)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:361”},“message”:“child “searchguard” fails because [“ssl” is not allowed]”}
{“type”:“error”,"@timestamp":“2018-04-20T17:41:50Z”,“tags”:[“fatal”],“pid”:1,“level”:“fatal”,“error”:{“message”:“child “searchguard” fails because [“ssl” is not allowed]”,“name”:“ValidationError”,“stack”:“ValidationError: child “searchguard” fails because [“ssl” is not allowed]\n at Object.exports.process (/usr/share/kibana/node_modules/joi/lib/errors.js:181:19)\n at _validateWithOptions (/usr/share/kibana/node_modules/joi/lib/any.js:651:31)\n at root.validate (/usr/share/kibana/node_modules/joi/lib/index.js:121:23)\n at Config._commit (/usr/share/kibana/src/server/config/config.js:119:35)\n at Config.set (/usr/share/kibana/src/server/config/config.js:89:10)\n at Config.extendSchema (/usr/share/kibana/src/server/config/config.js:62:10)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:22:12\n at next (native)\n at step (/usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:191)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:361”},“message”:“child “searchguard” fails because [“ssl” is not allowed]”}

``

  • Other installed Elasticsearch or Kibana plugins, if any

X-Pack for monitoring only

Based on the error logs , I can understand that ssl is not allowed. So I guess we need to make some changes in elasticsearch.yml post that ssl may be resolved.

···

On Fri 20 Apr, 2018, 23:17 , richardlaing00@gmail.com wrote:

When asking questions, please provide the following information:

Hi there I would like to ask if anyone has seen the following error.

  • Search Guard and Elasticsearch version

6.2.2

  • Installed and used enterprise modules, if any

None

  • JVM version and operating system version

The one that ships with the offical docker containers

  • Search Guard configuration files

Default for now testing TLS setup and deployment

  • Elasticsearch log messages on debug level

{“type”:“error”,"@timestamp":“2018-04-20T17:41:45Z”,“tags”:[“fatal”],“pid”:1,“level”:“fatal”,“error”:{“message”:“child “searchguard” fails because [“ssl” is not allowed]”,“name”:“ValidationError”,“stack”:“ValidationError: child “searchguard” fails because [“ssl” is not allowed]\n at Object.exports.process (/usr/share/kibana/node_modules/joi/lib/errors.js:181:19)\n at _validateWithOptions (/usr/share/kibana/node_modules/joi/lib/any.js:651:31)\n at root.validate (/usr/share/kibana/node_modules/joi/lib/index.js:121:23)\n at Config._commit (/usr/share/kibana/src/server/config/config.js:119:35)\n at Config.set (/usr/share/kibana/src/server/config/config.js:89:10)\n at Config.extendSchema (/usr/share/kibana/src/server/config/config.js:62:10)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:22:12\n at next (native)\n at step (/usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:191)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:361”},“message”:“child “searchguard” fails because [“ssl” is not allowed]”}
{“type”:“error”,"@timestamp":“2018-04-20T17:41:50Z”,“tags”:[“fatal”],“pid”:1,“level”:“fatal”,“error”:{“message”:“child “searchguard” fails because [“ssl” is not allowed]”,“name”:“ValidationError”,“stack”:“ValidationError: child “searchguard” fails because [“ssl” is not allowed]\n at Object.exports.process (/usr/share/kibana/node_modules/joi/lib/errors.js:181:19)\n at _validateWithOptions (/usr/share/kibana/node_modules/joi/lib/any.js:651:31)\n at root.validate (/usr/share/kibana/node_modules/joi/lib/index.js:121:23)\n at Config._commit (/usr/share/kibana/src/server/config/config.js:119:35)\n at Config.set (/usr/share/kibana/src/server/config/config.js:89:10)\n at Config.extendSchema (/usr/share/kibana/src/server/config/config.js:62:10)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:22:12\n at next (native)\n at step (/usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:191)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:361”},“message”:“child “searchguard” fails because [“ssl” is not allowed]”}

``

  • Other installed Elasticsearch or Kibana plugins, if any

X-Pack for monitoring only

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/b7bba6bd-36b5-4570-8244-0f7d7682ec2e%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Make sure you have disabled X-Pack security in kibana.yml

...
xpack.security.enabled: false
xpack.monitoring.enabled: true
...

···

Am 21.04.2018 um 17:38 schrieb Bishwajit Samanta <bishwajitsamanta1689@gmail.com>:

Based on the error logs , I can understand that ssl is not allowed. So I guess we need to make some changes in elasticsearch.yml post that ssl may be resolved.

On Fri 20 Apr, 2018, 23:17 , <richardlaing00@gmail.com> wrote:
When asking questions, please provide the following information:

Hi there I would like to ask if anyone has seen the following error.

* Search Guard and Elasticsearch version
6.2.2

* Installed and used enterprise modules, if any
None
* JVM version and operating system version
The one that ships with the offical docker containers

* Search Guard configuration files
Default for now testing TLS setup and deployment

* Elasticsearch log messages on debug level
{"type":"error","@timestamp":"2018-04-20T17:41:45Z","tags":["fatal"],"pid":1,"level":"fatal","error":{"message":"child \"searchguard\" fails because [\"ssl\" is not allowed]","name":"ValidationError","stack":"ValidationError: child \"searchguard\" fails because [\"ssl\" is not allowed]\n at Object.exports.process (/usr/share/kibana/node_modules/joi/lib/errors.js:181:19)\n at _validateWithOptions (/usr/share/kibana/node_modules/joi/lib/any.js:651:31)\n at root.validate (/usr/share/kibana/node_modules/joi/lib/index.js:121:23)\n at Config._commit (/usr/share/kibana/src/server/config/config.js:119:35)\n at Config.set (/usr/share/kibana/src/server/config/config.js:89:10)\n at Config.extendSchema (/usr/share/kibana/src/server/config/config.js:62:10)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:22:12\n at next (native)\n at step (/usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:191)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:361"},"message":"child \"searchguard\" fails because [\"ssl\" is not allowed]"}
{"type":"error","@timestamp":"2018-04-20T17:41:50Z","tags":["fatal"],"pid":1,"level":"fatal","error":{"message":"child \"searchguard\" fails because [\"ssl\" is not allowed]","name":"ValidationError","stack":"ValidationError: child \"searchguard\" fails because [\"ssl\" is not allowed]\n at Object.exports.process (/usr/share/kibana/node_modules/joi/lib/errors.js:181:19)\n at _validateWithOptions (/usr/share/kibana/node_modules/joi/lib/any.js:651:31)\n at root.validate (/usr/share/kibana/node_modules/joi/lib/index.js:121:23)\n at Config._commit (/usr/share/kibana/src/server/config/config.js:119:35)\n at Config.set (/usr/share/kibana/src/server/config/config.js:89:10)\n at Config.extendSchema (/usr/share/kibana/src/server/config/config.js:62:10)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:22:12\n at next (native)\n at step (/usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:191)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:361"},"message":"child \"searchguard\" fails because [\"ssl\" is not allowed]"}

* Other installed Elasticsearch or Kibana plugins, if any
X-Pack for monitoring only

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/b7bba6bd-36b5-4570-8244-0f7d7682ec2e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAPkwwd0OHDGX7J2EYULZWM0hpAqs8tGAigWejwVR8jPHrc5B%2BA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Can you please post the contents of your kibana.yml. According to the error message:

“message”:“child “searchguard” fails because [“ssl” is not allowed]”}

It seems you have a configuration entry like:

searchguard.ssl…

in kibana.yml which is not valid. Make sure you do not confuse the settings in elasticsearch.yml with settings in kibana.yml. The error is thrown when Kibana is validating the kibana.yml configuration settings.

···

On Friday, April 20, 2018 at 10:47:43 AM UTC-7, richardlaing00@gmail.com wrote:

When asking questions, please provide the following information:

Hi there I would like to ask if anyone has seen the following error.

  • Search Guard and Elasticsearch version

6.2.2

  • Installed and used enterprise modules, if any

None

  • JVM version and operating system version

The one that ships with the offical docker containers

  • Search Guard configuration files

Default for now testing TLS setup and deployment

  • Elasticsearch log messages on debug level

{“type”:“error”,"@timestamp":“2018-04-20T17:41:45Z”,“tags”:[“fatal”],“pid”:1,“level”:“fatal”,“error”:{“message”:“child “searchguard” fails because [“ssl” is not allowed]”,“name”:“ValidationError”,“stack”:“ValidationError: child “searchguard” fails because [“ssl” is not allowed]\n at Object.exports.process (/usr/share/kibana/node_modules/joi/lib/errors.js:181:19)\n at _validateWithOptions (/usr/share/kibana/node_modules/joi/lib/any.js:651:31)\n at root.validate (/usr/share/kibana/node_modules/joi/lib/index.js:121:23)\n at Config._commit (/usr/share/kibana/src/server/config/config.js:119:35)\n at Config.set (/usr/share/kibana/src/server/config/config.js:89:10)\n at Config.extendSchema (/usr/share/kibana/src/server/config/config.js:62:10)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:22:12\n at next (native)\n at step (/usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:191)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:361”},“message”:“child “searchguard” fails because [“ssl” is not allowed]”}
{“type”:“error”,"@timestamp":“2018-04-20T17:41:50Z”,“tags”:[“fatal”],“pid”:1,“level”:“fatal”,“error”:{“message”:“child “searchguard” fails because [“ssl” is not allowed]”,“name”:“ValidationError”,“stack”:“ValidationError: child “searchguard” fails because [“ssl” is not allowed]\n at Object.exports.process (/usr/share/kibana/node_modules/joi/lib/errors.js:181:19)\n at _validateWithOptions (/usr/share/kibana/node_modules/joi/lib/any.js:651:31)\n at root.validate (/usr/share/kibana/node_modules/joi/lib/index.js:121:23)\n at Config._commit (/usr/share/kibana/src/server/config/config.js:119:35)\n at Config.set (/usr/share/kibana/src/server/config/config.js:89:10)\n at Config.extendSchema (/usr/share/kibana/src/server/config/config.js:62:10)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:22:12\n at next (native)\n at step (/usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:191)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:361”},“message”:“child “searchguard” fails because [“ssl” is not allowed]”}

``

  • Other installed Elasticsearch or Kibana plugins, if any

X-Pack for monitoring only

The following is my Kibana configuration

···

On 22 April 2018 at 21:26, Jochen Kressin jkressin@floragunn.com wrote:

Can you please post the contents of your kibana.yml. According to the error message:

“message”:“child “searchguard” fails because [“ssl” is not allowed]”}

It seems you have a configuration entry like:

searchguard.ssl…

in kibana.yml which is not valid. Make sure you do not confuse the settings in elasticsearch.yml with settings in kibana.yml. The error is thrown when Kibana is validating the kibana.yml configuration settings.

On Friday, April 20, 2018 at 10:47:43 AM UTC-7, richardlaing00@gmail.com wrote:

When asking questions, please provide the following information:

Hi there I would like to ask if anyone has seen the following error.

  • Search Guard and Elasticsearch version

6.2.2

  • Installed and used enterprise modules, if any

None

  • JVM version and operating system version

The one that ships with the offical docker containers

  • Search Guard configuration files

Default for now testing TLS setup and deployment

  • Elasticsearch log messages on debug level

{“type”:“error”,"@timestamp":“2018-04-20T17:41:45Z”,“tags”:[“fatal”],“pid”:1,“level”:“fatal”,“error”:{“message”:“child “searchguard” fails because [“ssl” is not allowed]”,“name”:“ValidationError”,“stack”:“ValidationError: child “searchguard” fails because [“ssl” is not allowed]\n at Object.exports.process (/usr/share/kibana/node_modules/joi/lib/errors.js:181:19)\n at _validateWithOptions (/usr/share/kibana/node_modules/joi/lib/any.js:651:31)\n at root.validate (/usr/share/kibana/node_modules/joi/lib/index.js:121:23)\n at Config._commit (/usr/share/kibana/src/server/config/config.js:119:35)\n at Config.set (/usr/share/kibana/src/server/config/config.js:89:10)\n at Config.extendSchema (/usr/share/kibana/src/server/config/config.js:62:10)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:22:12\n at next (native)\n at step (/usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:191)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:361”},“message”:“child “searchguard” fails because [“ssl” is not allowed]”}
{“type”:“error”,"@timestamp":“2018-04-20T17:41:50Z”,“tags”:[“fatal”],“pid”:1,“level”:“fatal”,“error”:{“message”:“child “searchguard” fails because [“ssl” is not allowed]”,“name”:“ValidationError”,“stack”:“ValidationError: child “searchguard” fails because [“ssl” is not allowed]\n at Object.exports.process (/usr/share/kibana/node_modules/joi/lib/errors.js:181:19)\n at _validateWithOptions (/usr/share/kibana/node_modules/joi/lib/any.js:651:31)\n at root.validate (/usr/share/kibana/node_modules/joi/lib/index.js:121:23)\n at Config._commit (/usr/share/kibana/src/server/config/config.js:119:35)\n at Config.set (/usr/share/kibana/src/server/config/config.js:89:10)\n at Config.extendSchema (/usr/share/kibana/src/server/config/config.js:62:10)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:22:12\n at next (native)\n at step (/usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:191)\n at /usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:361”},“message”:“child “searchguard” fails because [“ssl” is not allowed]”}

``

  • Other installed Elasticsearch or Kibana plugins, if any

X-Pack for monitoring only

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d5b7c414-2b55-4f27-be16-dc22f80521d2%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Yours R.Laing BSC Hons

seems you mixed up elasticsearch.yml and kibana.yml

There is no “searchguard.ssl.http.enabled” configuration in kibana.yml

You need to define this in elasticsearch.yml

Pls refer to the SG docs: https://docs.search-guard.com/latest/index and the kibana docs: https://www.elastic.co/guide/en/kibana/6.2/index.html

···

On Monday, 23 April 2018 10:50:14 UTC+2, …ard Lai… wrote:

The following is my Kibana configuration

xpack.security.enabled: false
xpack.monitoring.enabled: true
server.name: kibana
server.host: “0”
elasticsearch.url: https://XXX:9200
elasticsearch.username: “XXXXXX”
elasticsearch.password: “XXXXXX”
searchguard.ssl.http.enabled: true
elasticsearch.ssl.verificationMode: certificate

Yeah i noticed that I have been reading up on your website and I have fixed my configuration as exampled by the configuration below, also I read a couple of posts around the user group so thanks for the help.

#xpack settings
xpack.security.enabled: false
xpack.monitoring.enabled: true

#elasticsearch settings
elasticsearch.ssl.verificationMode: certificate
elasticsearch.ssl.certificateAuthorities: /usr/share/kibana/config/certs/XXXXX
elasticsearch.ssl.certificate: /usr/share/kibana/config/certs/XXXXX
elasticsearch.ssl.key: /usr/share/kibana/config/certs/XXXXX
elasticsearch.url: “https://XXX:9200
elasticsearch.username: “XXXXX”
elasticsearch.password: “XXXXX”
elasticsearch.requestHeadersWhitelist: [ “Authorization”, “x-forwarded-for”, “x-forwarded-by”, “x-proxy-user”, “x-proxy-roles” ]

#server settings
server.name: kibana
server.host: “0”
server.ssl.supportedProtocols:

  • “TLSv1.2”

``

···

On Monday, 23 April 2018 15:05:24 UTC+1, Search Guard wrote:

seems you mixed up elasticsearch.yml and kibana.yml

There is no “searchguard.ssl.http.enabled” configuration in kibana.yml

You need to define this in elasticsearch.yml

Pls refer to the SG docs: https://docs.search-guard.com/latest/index and the kibana docs: https://www.elastic.co/guide/en/kibana/6.2/index.html

On Monday, 23 April 2018 10:50:14 UTC+2, …ard Lai… wrote:

The following is my Kibana configuration

xpack.security.enabled: false
xpack.monitoring.enabled: true
server.name: kibana
server.host: “0”
elasticsearch.url: https://XXX:9200
elasticsearch.username: “XXXXXX”
elasticsearch.password: “XXXXXX”
searchguard.ssl.http.enabled: true
elasticsearch.ssl.verificationMode: certificate