Hi Searchguard folks,
I build a customised version of Kibana (the ‘-oss’ variety) to include our own plugins and perform some customisations to the CSS. No mods are made to the main Kibana code.
Since upgrading to v6.4.2 (from v6.2.4), I’ve been having a devil of a time getting Kibana to start properly. I’m getting the following error at start time:
{“type”:“log”,“@timestamp”:“2018-10-21T01:16:32Z”,“tags”:[“status”,“plugin:elasticsearch@6.4.2”,“error”],“pid”:4973,“state”:“red”,“message”:“Status changed from yellow to red - Authentication Exception”,“prevState”:“yellow”,“prevMsg”:“Waiting for Elasticsearch”}
{“type”:“log”,“@timestamp”:“2018-10-21T01:16:32Z”,“tags”:[“warning”],“pid”:4973,“message”:“Detected an unhandled Promise rejection.\nAuthentication Exception :: {"path":"/myindex/_search","query":{"q":"type=acl","size":100},"statusCode":401,"response":"Unauthorized","wwwAuthenticateDirective":"Basic realm=\"Search Guard\""}”}
I assumed that it would be a deny happening on the Elasticsearch side (from Searchguard), but I’m not seeing any of the usual Searchguard deny logs in the elasticsearch.log file. From my reading of it, it looks like the “kibanaserver” user doesn’t have access to log in, does that sound correct to you? The funny thing is that I can perform that exact query on the commandline using the kibanaserver user’s credentials. I have disabled x-pack in the elasticsearch.yml. There’s no need to disable x-pack on the kibana side because I’m using the ‘oss’ build (plus if I leave the line in to disable x-pack, it bombs out).
Have you seen errors like these being spat out by Kibana before?
Many thanks for your time.
Cheers,
Nick