When asking questions, please provide the following information:
- Search Guard and Elasticsearch version
6.1.2-20.1
6.12
search-guard-kibana-plugin-6.1.2-8.zip
-
Installed and used enterprise modules, if any
-
JVM version and operating system version
Linux development-VirtualBox 4.13.0-32-generic #35-Ubuntu SMP Thu Jan 25 09:13:46 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
openjdk version “1.8.0_151”
OpenJDK Runtime Environment (build 1.8.0_151-8u151-b12-0ubuntu0.17.10.2-b12)
OpenJDK 64-Bit Server VM (build 25.151-b12, mixed mode)
- Search Guard configuration files
Ran exact instructions on Demo Guide:
Install demo certificates? [y/N] y
Initialize Search Guard? [y/N] y
Enable cluster mode? [y/N] n
-
Elasticsearch log messages on debug level
-
Other installed Elasticsearch or Kibana plugins, if any
None, Vanilla install on Lubuntu 17.10 VM in Virtual Box.
Tests work for communicating with https://localhost:9200
However when I go to http://localhost:5601,
I get to the log-in page and enter admin/adminSystem responds with redirect to: http://localhost:5601/app/kibana, but I get a 401, I read the troubleshoot page and am sending the cookie:
REQUEST HEADERS:
Host: localhost:5601
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost:5601/
Cookie: searchguard_authentication=Fe26.2aa9488421b79d3f0b04fe4330e6ad9391411a8bab5a26867d854e8cb453cb71bnNW0ZFlE5BCTfIsjeIU1sQp1bmg242MboHdx3OwdhoD2-YLofiBYFG-zn35CNE4DWgv0Aw4Y3yO_SwRUc_pbN27OzBvFqwFawU8WX_OxNo2sJVxspm0chboytJgDdukW6FwdXvZU9A93qBJIYA17HcSxLOW9NOvj9ohEBVbBdmuXROgdIysRzi7okjlwaa-A4qAE0uOEqZI3p1MkS6285fK6zc2SoCSNFBlo94oXDgpJNEYwPBS4JiFUP5oO_aaCga8a8f38f7b1d1174daa1df236cda36d8bab5884c74db6a06dc0a705f5a4438a4*0YY0-TkzZnobUzRScQtntng94BJk7DpKi-ZTwL5C9Xs
Connection: keep-alive
Upgrade-Insecure-Requests: 1
RESPONSE HEADERS:
WWW-Authenticate: Basic realm=“Authorization Required”
kbn-name: kibana
kbn-version: 6.1.2
content-type: application/json; charset=utf-8
set-cookie: searchguard_authentication=Fe26.2ff928f84f097c79f43ece27f465e101279e071f4a5b1b17b024a535b7cae58f2*_BSX7RF9gHZOqzw5WTGl-w*xO-tzgWCMldaQlWRYcWnPxgGlRwiDScL3c9LvkvDpysBfMO5qYPe1XbPQLNgYqwfhSNkOBwoDicvsVhKmpFglory9qH_31bXQ7Qt1jrMm5IELpl1DGzo0t0mR41OZoba26vXFALowSQww9VQGCHhUuFhCeX2J0OEirQWlv4CpG_p9Ft_k2KyH1VRWYX2mO2_tdBNfABADCAJ7ps678lpSMyhhqWbCtF7muwgUlidoqwba504038b189f322d62d66719fe2cfa130b639cfb9555decf9c89c86f5fe1e2a*Ie2n-c8Bpe51dnSNvhJV009TYyeQ2FguKSmymLc7bOI; Max-Age=3600; Expires=Thu, 01 Feb 2018 22:15:39 GMT; HttpOnly; Path=/
cache-control: no-cache
vary: accept-encoding
content-encoding: gzip
Date: Thu, 01 Feb 2018 21:15:39 GMT
Connection: keep-alive
Transfer-Encoding: chunked
RESPONSE PAYLOAD:
{“statusCode”:401,“error”:“Unauthorized”,“message”:“Authentication Exception”}
So it just gets stuck in a loop requesting username/password in a browser popup till I cancel.
KIBANA sout:
development@development-VirtualBox:~/software/kibana$ bin/kibana
log [21:02:03.663] [info][status][plugin:kibana@6.1.2] Status changed from uninitialized to green - Ready
log [21:02:03.828] [info][status][plugin:elasticsearch@6.1.2] Status changed from uninitialized to yellow - Waiting for Elasticsearch
log [21:02:05.794] [info][status][plugin:searchguard@6.1.2] Status changed from uninitialized to yellow - Initialising Search Guard authentication plugin.
log [21:02:05.796] [info][status][plugin:searchguard@6.1.2] Status changed from yellow to yellow - Default cookie password detected, please set a password in kibana.yml by setting ‘searchguard.cookie.password’ (min. 32 characters).
log [21:02:05.798] [info][status][plugin:searchguard@6.1.2] Status changed from yellow to yellow - ‘searchguard.cookie.secure’ is set to false, cookies are transmitted over unsecure HTTP connection. Consider using HTTPS and set this key to ‘true’
log [21:02:06.222] [info][status][plugin:searchguard@6.1.2] Status changed from yellow to yellow - Search Guard session management enabled.
log [21:02:06.224] [info][status][plugin:searchguard@6.1.2] Status changed from yellow to yellow - Search Guard multitenancy disabled
log [21:02:06.225] [info][status][plugin:searchguard@6.1.2] Status changed from yellow to yellow - Search Guard copy JWT params disabled
log [21:02:06.650] [info][status][plugin:searchguard@6.1.2] Status changed from yellow to yellow - Search Guard configuration GUI enabled
log [21:02:06.713] [info][status][plugin:searchguard@6.1.2] Status changed from yellow to yellow - Search Guard system routes registered.
log [21:02:06.714] [info][status][plugin:searchguard@6.1.2] Status changed from yellow to green - Search Guard plugin initialised.
log [21:02:06.766] [info][status][plugin:console@6.1.2] Status changed from uninitialized to green - Ready
log [21:02:06.856] [error][status][plugin:elasticsearch@6.1.2] Status changed from yellow to red - Request Timeout after 3000ms
log [21:02:06.867] [info][status][plugin:metrics@6.1.2] Status changed from uninitialized to green - Ready
log [21:02:07.421] [info][status][plugin:timelion@6.1.2] Status changed from uninitialized to green - Ready
log [21:02:07.429] [info][listening] Server running at http://localhost:5601
log [21:02:09.868] [info][status][plugin:elasticsearch@6.1.2] Status changed from red to green - Ready
ES sout:
development@development-VirtualBox:~/software/elasticsearch$ bin/elasticsearch
[2018-02-01T15:48:38,777][INFO ][o.e.n.Node ] initializing …
[2018-02-01T15:48:39,215][INFO ][o.e.e.NodeEnvironment ] [El5Q3Bo] using [1] data paths, mounts [[/ (/dev/sda1)]], net usable_space [30.3gb], net total_space [39.1gb], types [ext4]
[2018-02-01T15:48:39,216][INFO ][o.e.e.NodeEnvironment ] [El5Q3Bo] heap size [1007.3mb], compressed ordinary object pointers [true]
[2018-02-01T15:48:39,220][INFO ][o.e.n.Node ] node name [El5Q3Bo] derived from node ID [El5Q3Bo2TiCqdlfkAe2Mvg]; set [node.name] to override
[2018-02-01T15:48:39,221][INFO ][o.e.n.Node ] version[6.1.2], pid[1726], build[5b1fea5/2018-01-10T02:35:59.208Z], OS[Linux/4.13.0-32-generic/amd64], JVM[Oracle Corporation/OpenJDK 64-Bit Server VM/1.8.0_151/25.151-b12]
[2018-02-01T15:48:39,224][INFO ][o.e.n.Node ] JVM arguments [-Xms1g, -Xmx1g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -XX:+HeapDumpOnOutOfMemoryError, -Des.path.home=/home/development/software/elasticsearch, -Des.path.conf=/home/development/software/elasticsearch/config]
[2018-02-01T15:48:43,851][INFO ][c.f.s.SearchGuardPlugin ] ES Config path is /home/development/software/elasticsearch/config
[2018-02-01T15:48:43,956][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] Open SSL not available (this is not an error, we simply fallback to built-in JDK SSL) because of java.lang.ClassNotFoundException: io.netty.internal.tcnative.SSL
[2018-02-01T15:48:44,306][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] Config directory is /home/development/software/elasticsearch/config/, from there the key- and truststore files are resolved relatively
[2018-02-01T15:48:44,580][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] TLS Transport Client Provider : JDK
[2018-02-01T15:48:44,580][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] TLS Transport Server Provider : JDK
[2018-02-01T15:48:44,581][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] TLS HTTP Provider : JDK
[2018-02-01T15:48:44,581][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] Enabled TLS protocols for transport layer : [TLSv1.2, TLSv1.1]
[2018-02-01T15:48:44,582][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] Enabled TLS protocols for HTTP layer : [TLSv1.2, TLSv1.1]
[2018-02-01T15:48:45,227][INFO ][c.f.s.SearchGuardPlugin ] Clustername: searchguard_demo
[2018-02-01T15:48:45,578][WARN ][c.f.s.SearchGuardPlugin ] Directory /home/development/software/elasticsearch/config has insecure file permissions (should be 0700)
[2018-02-01T15:48:45,579][WARN ][c.f.s.SearchGuardPlugin ] File /home/development/software/elasticsearch/config/kirk.pem has insecure file permissions (should be 0600)
[2018-02-01T15:48:45,579][WARN ][c.f.s.SearchGuardPlugin ] File /home/development/software/elasticsearch/config/kirk-key.pem has insecure file permissions (should be 0600)
[2018-02-01T15:48:45,579][WARN ][c.f.s.SearchGuardPlugin ] File /home/development/software/elasticsearch/config/root-ca.pem has insecure file permissions (should be 0600)
[2018-02-01T15:48:45,580][WARN ][c.f.s.SearchGuardPlugin ] File /home/development/software/elasticsearch/config/esnode-key.pem has insecure file permissions (should be 0600)
[2018-02-01T15:48:45,580][WARN ][c.f.s.SearchGuardPlugin ] File /home/development/software/elasticsearch/config/esnode.pem has insecure file permissions (should be 0600)
[2018-02-01T15:48:45,596][INFO ][o.e.p.PluginsService ] [El5Q3Bo] loaded module [aggs-matrix-stats]
[2018-02-01T15:48:45,596][INFO ][o.e.p.PluginsService ] [El5Q3Bo] loaded module [analysis-common]
[2018-02-01T15:48:45,596][INFO ][o.e.p.PluginsService ] [El5Q3Bo] loaded module [ingest-common]
[2018-02-01T15:48:45,596][INFO ][o.e.p.PluginsService ] [El5Q3Bo] loaded module [lang-expression]
[2018-02-01T15:48:45,598][INFO ][o.e.p.PluginsService ] [El5Q3Bo] loaded module [lang-mustache]
[2018-02-01T15:48:45,599][INFO ][o.e.p.PluginsService ] [El5Q3Bo] loaded module [lang-painless]
[2018-02-01T15:48:45,599][INFO ][o.e.p.PluginsService ] [El5Q3Bo] loaded module [mapper-extras]
[2018-02-01T15:48:45,600][INFO ][o.e.p.PluginsService ] [El5Q3Bo] loaded module [parent-join]
[2018-02-01T15:48:45,600][INFO ][o.e.p.PluginsService ] [El5Q3Bo] loaded module [percolator]
[2018-02-01T15:48:45,600][INFO ][o.e.p.PluginsService ] [El5Q3Bo] loaded module [reindex]
[2018-02-01T15:48:45,600][INFO ][o.e.p.PluginsService ] [El5Q3Bo] loaded module [repository-url]
[2018-02-01T15:48:45,601][INFO ][o.e.p.PluginsService ] [El5Q3Bo] loaded module [transport-netty4]
[2018-02-01T15:48:45,601][INFO ][o.e.p.PluginsService ] [El5Q3Bo] loaded module [tribe]
[2018-02-01T15:48:45,624][INFO ][o.e.p.PluginsService ] [El5Q3Bo] loaded plugin [search-guard-6]
[2018-02-01T15:48:45,733][INFO ][c.f.s.SearchGuardPlugin ] Disabled https compression by default to mitigate BREACH attacks. You can enable it by setting ‘http.compression: true’ in elasticsearch.yml
[2018-02-01T15:48:50,669][INFO ][c.f.s.a.i.AuditLogImpl ] Configured categories on rest layer to ignore: [AUTHENTICATED, GRANTED_PRIVILEGES]
[2018-02-01T15:48:50,679][INFO ][c.f.s.a.i.AuditLogImpl ] Configured categories on transport layer to ignore: [AUTHENTICATED, GRANTED_PRIVILEGES]
[2018-02-01T15:48:50,683][INFO ][c.f.s.a.i.AuditLogImpl ] Configured Users to ignore: [kibanaserver]
[2018-02-01T15:48:50,683][INFO ][c.f.s.a.i.AuditLogImpl ] Configured Requests to ignore:
[2018-02-01T15:48:50,685][INFO ][c.f.s.a.i.AuditLogImpl ] Audit Log class: ESAuditLog
[2018-02-01T15:48:51,205][DEBUG][o.e.a.ActionModule ] Using REST wrapper from plugin com.floragunn.searchguard.SearchGuardPlugin
[2018-02-01T15:48:51,344][INFO ][o.e.d.DiscoveryModule ] [El5Q3Bo] using discovery type [zen]
[2018-02-01T15:48:52,697][INFO ][c.f.s.SearchGuardPlugin ] 4 Search Guard modules loaded so far: [Module [type=DLSFLS, implementing class=com.floragunn.searchguard.configuration.SearchGuardFlsDlsIndexSearcherWrapper], Module [type=MULTITENANCY, implementing class=com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl], Module [type=REST_MANAGEMENT_API, implementing class=com.floragunn.searchguard.dlic.rest.api.SearchGuardRestApiActions], Module [type=AUDITLOG, implementing class=com.floragunn.searchguard.auditlog.impl.AuditLogImpl]]
[2018-02-01T15:48:52,699][INFO ][o.e.n.Node ] initialized
[2018-02-01T15:48:52,700][INFO ][o.e.n.Node ] [El5Q3Bo] starting …
[2018-02-01T15:48:52,946][INFO ][o.e.t.TransportService ] [El5Q3Bo] publish_address {127.0.0.1:9300}, bound_addresses {[::1]:9300}, {127.0.0.1:9300}
[2018-02-01T15:48:52,970][WARN ][o.e.b.BootstrapChecks ] [El5Q3Bo] max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
[2018-02-01T15:48:52,997][INFO ][c.f.s.c.IndexBaseConfigurationRepository] Check if searchguard index exists …
[2018-02-01T15:48:53,019][DEBUG][o.e.a.a.i.e.i.TransportIndicesExistsAction] [El5Q3Bo] no known master node, scheduling a retry
[2018-02-01T15:48:56,127][INFO ][o.e.c.s.MasterService ] [El5Q3Bo] zen-disco-elected-as-master ([0] nodes joined), reason: new_master {El5Q3Bo}{El5Q3Bo2TiCqdlfkAe2Mvg}{QfRg6eFUQwGjmCySMfg6BQ}{127.0.0.1}{127.0.0.1:9300}
[2018-02-01T15:48:56,140][INFO ][o.e.c.s.ClusterApplierService] [El5Q3Bo] new_master {El5Q3Bo}{El5Q3Bo2TiCqdlfkAe2Mvg}{QfRg6eFUQwGjmCySMfg6BQ}{127.0.0.1}{127.0.0.1:9300}, reason: apply cluster state (from master [master {El5Q3Bo}{El5Q3Bo2TiCqdlfkAe2Mvg}{QfRg6eFUQwGjmCySMfg6BQ}{127.0.0.1}{127.0.0.1:9300} committed version [1] source [zen-disco-elected-as-master ([0] nodes joined)]])
[2018-02-01T15:48:56,239][INFO ][c.f.s.h.SearchGuardHttpServerTransport] [El5Q3Bo] publish_address {127.0.0.1:9200}, bound_addresses {[::1]:9200}, {127.0.0.1:9200}
[2018-02-01T15:48:56,240][INFO ][o.e.n.Node ] [El5Q3Bo] started
[2018-02-01T15:48:56,244][INFO ][c.f.s.c.IndexBaseConfigurationRepository] searchguard index does not exist yet, so we create a default config
[2018-02-01T15:48:56,246][INFO ][o.e.g.GatewayService ] [El5Q3Bo] recovered [0] indices into cluster_state
[2018-02-01T15:48:56,250][INFO ][c.f.s.c.IndexBaseConfigurationRepository] Will create searchguard index so we can apply default config
[2018-02-01T15:48:56,443][INFO ][o.e.c.m.MetaDataCreateIndexService] [El5Q3Bo] [searchguard] creating index, cause [api], templates , shards [1]/[1], mappings
[2018-02-01T15:48:56,707][INFO ][o.e.c.m.MetaDataUpdateSettingsService] [El5Q3Bo] updating number_of_replicas to [0] for indices [searchguard]
[2018-02-01T15:48:56,770][INFO ][o.e.c.m.MetaDataUpdateSettingsService] [El5Q3Bo] [searchguard/-Z6Tz_uRSSmP9DVt_EUO3g] auto expanded replicas to [0]
[2018-02-01T15:48:56,992][INFO ][o.e.c.r.a.AllocationService] [El5Q3Bo] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[searchguard][0]] …]).
[2018-02-01T15:48:57,005][INFO ][c.f.s.s.ConfigHelper ] Will update ‘config’ with /home/development/software/elasticsearch/plugins/search-guard-6/sgconfig/sg_config.yml
[2018-02-01T15:48:57,240][INFO ][o.e.c.m.MetaDataMappingService] [El5Q3Bo] [searchguard/-Z6Tz_uRSSmP9DVt_EUO3g] create_mapping [sg]
[2018-02-01T15:48:57,587][INFO ][c.f.s.s.ConfigHelper ] Will update ‘roles’ with /home/development/software/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles.yml
[2018-02-01T15:48:57,658][INFO ][o.e.c.m.MetaDataMappingService] [El5Q3Bo] [searchguard/-Z6Tz_uRSSmP9DVt_EUO3g] update_mapping [sg]
[2018-02-01T15:48:57,754][INFO ][c.f.s.s.ConfigHelper ] Will update ‘rolesmapping’ with /home/development/software/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles_mapping.yml
[2018-02-01T15:48:57,795][INFO ][o.e.c.m.MetaDataMappingService] [El5Q3Bo] [searchguard/-Z6Tz_uRSSmP9DVt_EUO3g] update_mapping [sg]
[2018-02-01T15:48:57,857][INFO ][c.f.s.s.ConfigHelper ] Will update ‘internalusers’ with /home/development/software/elasticsearch/plugins/search-guard-6/sgconfig/sg_internal_users.yml
[2018-02-01T15:48:57,877][INFO ][o.e.c.m.MetaDataMappingService] [El5Q3Bo] [searchguard/-Z6Tz_uRSSmP9DVt_EUO3g] update_mapping [sg]
[2018-02-01T15:48:57,960][INFO ][c.f.s.s.ConfigHelper ] Will update ‘actiongroups’ with /home/development/software/elasticsearch/plugins/search-guard-6/sgconfig/sg_action_groups.yml
[2018-02-01T15:48:58,000][INFO ][o.e.c.m.MetaDataMappingService] [El5Q3Bo] [searchguard/-Z6Tz_uRSSmP9DVt_EUO3g] update_mapping [sg]
[2018-02-01T15:48:58,072][INFO ][c.f.s.c.IndexBaseConfigurationRepository] Default config applied
[2018-02-01T15:48:58,161][INFO ][o.e.c.m.MetaDataMappingService] [El5Q3Bo] [searchguard/-Z6Tz_uRSSmP9DVt_EUO3g] update_mapping [sg]
[2018-02-01T15:48:58,227][INFO ][c.f.s.c.IndexBaseConfigurationRepository] Search Guard License Info: SearchGuardLicense [uid=00000000-0000-0000-0000-000000000000, type=TRIAL, issueDate=2018-02-01, expiryDate=2018-04-04, issuedTo=The world, issuer=floragunn GmbH, startDate=2018-02-01, majorVersion=6, clusterName=*, allowedNodeCount=2147483647, msgs=, expiresInDays=61, isExpired=false, valid=true, action=, prodUsage=Yes, one cluster with all commercial features and unlimited nodes per cluster., clusterService=org.elasticsearch.cluster.service.ClusterService@4c435aaa, getMsgs()=, getExpiresInDays()=61, isExpired()=false, isValid()=true, getAction()=, getProdUsage()=Yes, one cluster with all commercial features and unlimited nodes per cluster.]
[2018-02-01T15:48:58,227][INFO ][c.f.s.c.IndexBaseConfigurationRepository] Search Guard License Type: TRIAL, valid
[2018-02-01T15:48:58,227][INFO ][c.f.s.c.IndexBaseConfigurationRepository] Node ‘El5Q3Bo’ initialized
[2018-02-01T15:49:31,755][INFO ][o.e.c.m.MetaDataCreateIndexService] [El5Q3Bo] [sg6-auditlog-2018.02.01] creating index, cause [auto(bulk api)], templates , shards [5]/[1], mappings
[2018-02-01T15:49:32,269][INFO ][o.e.c.m.MetaDataMappingService] [El5Q3Bo] [sg6-auditlog-2018.02.01/G90Uz_tbTY2VsaCGtnyfWw] create_mapping [auditlog]
[2018-02-01T16:02:40,934][INFO ][o.e.c.m.MetaDataMappingService] [El5Q3Bo] [sg6-auditlog-2018.02.01/G90Uz_tbTY2VsaCGtnyfWw] update_mapping [auditlog]