我有一个带有 xpack 基本许可证的 elasticsearch 集群,并且启用了本机用户身份验证(当然是 ssl)。我正在尝试在 docker 容器上设置 kibana,但在浏览器中访问 kibana 时不断出现错误:
{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred."}
在 kibana 日志中我有消息:(
"missing authentication credentials for REST request"
下面的完整日志)
我的 kibana.yml 文件是:
server.name: kibana
server.host: "0.0.0.0"
elasticsearch.hosts:
- https://server:9200
server.ssl.certificate: "cert.crt"
server.ssl.key: "vert.key"
server.ssl.enabled: true
elasticsearch.ssl.certificateAuthorities: ["root-ca.crt"]
elasticsearch.username: "kibana"
elasticsearch.password: "XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
手动请求(使用浏览器或邮递员获取\发布请求)工作正常。任何以(eg )
开头的配置设置都将失败,并出现一些关于无法识别密钥的错误。
使用的容器版本:docker.elastic.co/kibana/kibana-oss:7.7.0xpack.*
xpack.security.enabled
可能是在kibana docker容器中默认没有安装xpack吗?
我做错了什么?
-------- 完整的 kibana 日志 ---------
{"type":"log","@timestamp":"2020-05-25T10:06:03Z","tags":["warning","plugins-discovery"],"pid":6,"message":"Expect plugin \"id\" in camelCase, but found: apm_oss"}
{"type":"log","@timestamp":"2020-05-25T10:06:03Z","tags":["info","plugins-system"],"pid":6,"message":"Setting up [32] plugins: [visTypeVega,usageCollection,metrics,telemetryCollectionManager,telemetry,timelion,kibanaLegacy,devTools,apm_oss,uiActions,savedObjects,share,statusPage,newsfeed,kibanaReact,inspector,embeddable,kibanaUtils,discover,esUiShared,bfetch,expressions,visualizations,data,home,console,management,advancedSettings,telemetryManagementSection,navigation,dashboard,charts]"}
{"type":"log","@timestamp":"2020-05-25T10:06:04Z","tags":["info","savedobjects-service"],"pid":6,"message":"Waiting until all Elasticsearch nodes are compatible with Kibana before starting saved objects migrations..."}
{"type":"log","@timestamp":"2020-05-25T10:06:04Z","tags":["info","savedobjects-service"],"pid":6,"message":"Starting saved objects migrations"}
{"type":"log","@timestamp":"2020-05-25T10:06:04Z","tags":["info","plugins-system"],"pid":6,"message":"Starting [15] plugins: [visTypeVega,usageCollection,metrics,telemetryCollectionManager,telemetry,timelion,kibanaLegacy,apm_oss,share,bfetch,expressions,visualizations,data,home,console]"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"yellow","message":"Status changed from uninitialized to yellow - Waiting for Elasticsearch","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from yellow to green - Ready","prevState":"yellow","prevMsg":"Waiting for Elasticsearch"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["listening","info"],"pid":6,"message":"Server running at https://0.0.0.0:5601"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["info","http","server","Kibana"],"pid":6,"message":"http server running at https://0.0.0.0:5601"}
{"type":"log","@timestamp":"2020-05-25T10:06:15Z","tags":["error","http"],"pid":6,"message":"{ [security_exception] missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0], with { header={ WWW-Authenticate={ 0=\"Bearer realm=\\\"security\\\"\" & 1=\"ApiKey\" & 2=\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\" } } } :: {\"path\":\"/.kibana/_doc/config%3A7.7.0\",\"query\":{},\"statusCode\":401,\"response\":\"{\\\"error\\\":{\\\"root_cause\\\":[{\\\"type\\\":\\\"security_exception\\\",\\\"reason\\\":\\\"missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0]\\\",\\\"header\\\":{\\\"WWW-Authenticate\\\":[\\\"Bearer realm=\\\\\\\"security\\\\\\\"\\\",\\\"ApiKey\\\",\\\"Basic realm=\\\\\\\"security\\\\\\\" charset=\\\\\\\"UTF-8\\\\\\\"\\\"]}}],\\\"type\\\":\\\"security_exception\\\",\\\"reason\\\":\\\"missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0]\\\",\\\"header\\\":{\\\"WWW-Authenticate\\\":[\\\"Bearer realm=\\\\\\\"security\\\\\\\"\\\",\\\"ApiKey\\\",\\\"Basic realm=\\\\\\\"security\\\\\\\" charset=\\\\\\\"UTF-8\\\\\\\"\\\"]}},\\\"status\\\":401}\",\"wwwAuthenticateDirective\":\"Bearer realm=\\\"security\\\", ApiKey, Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"}\n at respond (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:349:15)\n at checkRespForFailure (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:306:7)\n at HttpConnector.<anonymous> (/usr/share/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:173:7)\n at IncomingMessage.wrapper (/usr/share/kibana/node_modules/elasticsearch/node_modules/lodash/lodash.js:4929:19)\n at IncomingMessage.emit (events.js:203:15)\n at endReadableNT (_stream_readable.js:1145:12)\n at process._tickCallback (internal/process/next_tick.js:63:19)\n status: 401,\n displayName: 'AuthenticationException',\n message:\n '[security_exception] missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0], with { header={ WWW-Authenticate={ 0=\"Bearer realm=\\\\\"security\\\\\"\" & 1=\"ApiKey\" & 2=\"Basic realm=\\\\\"security\\\\\" charset=\\\\\"UTF-8\\\\\"\" } } }',\n path: '/.kibana/_doc/config%3A7.7.0',\n query: {},\n body:\n { error:\n { root_cause: [Array],\n type: 'security_exception',\n reason:\n 'missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0]',\n header: [Object] },\n status: 401 },\n statusCode: 401,\n response:\n '{\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0]\",\"header\":{\"WWW-Authenticate\":[\"Bearer realm=\\\\\"security\\\\\"\",\"ApiKey\",\"Basic realm=\\\\\"security\\\\\" charset=\\\\\"UTF-8\\\\\"\"]}}],\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0]\",\"header\":{\"WWW-Authenticate\":[\"Bearer realm=\\\\\"security\\\\\"\",\"ApiKey\",\"Basic realm=\\\\\"security\\\\\" charset=\\\\\"UTF-8\\\\\"\"]}},\"status\":401}',\n wwwAuthenticateDirective:\n 'Bearer realm=\"security\", ApiKey, Basic realm=\"security\" charset=\"UTF-8\"',\n toString: [Function],\n toJSON: [Function],\n isBoom: true,\n isServer: false,\n data: null,\n output:\n { statusCode: 401,\n payload:\n { statusCode: 401,\n error: 'Unauthorized',\n message:\n '[security_exception] missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0], with { header={ WWW-Authenticate={ 0=\"Bearer realm=\\\\\"security\\\\\"\" & 1=\"ApiKey\" & 2=\"Basic realm=\\\\\"security\\\\\" charset=\\\\\"UTF-8\\\\\"\" } } }' },\n headers: { 'WWW-Authenticate': [Array] } },\n reformat: [Function],\n [Symbol(ElasticsearchError)]: 'Elasticsearch/notAuthorized',\n [Symbol(SavedObjectsClientErrorCode)]: 'SavedObjectsClient/notAuthorized' }"}
{"type":"error","@timestamp":"2020-05-25T10:06:15Z","tags":[],"pid":6,"level":"error","error":{"message":"Internal Server Error","name":"Error","stack":"Error: Internal Server Error\n at HapiResponseAdapter.toInternalError (/usr/share/kibana/src/core/server/http/router/response_adapter.js:67:19)\n at Router.handle (/usr/share/kibana/src/core/server/http/router/router.js:165:34)\n at process._tickCallback (internal/process/next_tick.js:68:7)"},"url":{"protocol":null,"slashes":null,"auth":null,"host":null,"port":null,"hostname":null,"hash":null,"search":null,"query":{},"pathname":"/","path":"/","href":"/"},"message":"Internal Server Error"}
{"type":"response","@timestamp":"2020-05-25T10:06:15Z","tags":[],"pid":6,"method":"get","statusCode":500,"req":{"url":"/","method":"get","headers":{"host":"KIBANA-SERVER:5601","connection":"keep-alive","cache-control":"max-age=0","upgrade-insecure-requests":"1","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","sec-fetch-site":"none","sec-fetch-mode":"navigate","sec-fetch-user":"?1","sec-fetch-dest":"document","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"XXX.XXX.11.5","userAgent":"XXX.XXX.11.5"},"res":{"statusCode":500,"responseTime":44,"contentLength":9},"message":"GET / 500 44ms - 9.0B"}
======================
更新
======================
尝试使用具有相同配置的 kibana 版本 6.8(docker image docker.elastic.co/kibana/kibana-oss:6.8.0)(一切都相同 - 只是以前的图像)并且它可以工作,虽然我没有得到kibana 登录屏幕,而是由浏览器提示输入凭据。
试过:
直到那时我才意识到我需要使用不同的 docker 容器:
docker.elastic.co/kibana/kibana:7.7.0
只有这样一切才开始按预期工作