主页 / server / 问题 / 1018584
Accepted
GKman
Asked: 2020-05-26 02:10:29 +0800 CST

Kibana - “缺少 REST 请求的身份验证凭据”

  • 772

我有一个带有 xpack 基本许可证的 elasticsearch 集群,并且启用了本机用户身份验证(当然是 ssl)。我正在尝试在 docker 容器上设置 kibana,但在浏览器中访问 kibana 时不断出现错误:
{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred."}
在 kibana 日志中我有消息:(
"missing authentication credentials for REST request"下面的完整日志)

我的 kibana.yml 文件是:

server.name: kibana
server.host: "0.0.0.0"
elasticsearch.hosts:
 - https://server:9200
server.ssl.certificate: "cert.crt"
server.ssl.key: "vert.key"
server.ssl.enabled: true
elasticsearch.ssl.certificateAuthorities: ["root-ca.crt"]
elasticsearch.username: "kibana"
elasticsearch.password: "XXXXXXXXXXXXXXXXXXXXXXXXXXXX"

手动请求(使用浏览器或邮递员获取\发布请求)工作正常。任何以(eg )
开头的配置设置都将失败,并出现一些关于无法识别密钥的错误。 使用的容器版本:docker.elastic.co/kibana/kibana-oss:7.7.0xpack.*xpack.security.enabled

可能是在kibana docker容器中默认没有安装xpack吗?
我做错了什么?

-------- 完整的 kibana 日志 ---------

{"type":"log","@timestamp":"2020-05-25T10:06:03Z","tags":["warning","plugins-discovery"],"pid":6,"message":"Expect plugin \"id\" in camelCase, but found: apm_oss"}
{"type":"log","@timestamp":"2020-05-25T10:06:03Z","tags":["info","plugins-system"],"pid":6,"message":"Setting up [32] plugins: [visTypeVega,usageCollection,metrics,telemetryCollectionManager,telemetry,timelion,kibanaLegacy,devTools,apm_oss,uiActions,savedObjects,share,statusPage,newsfeed,kibanaReact,inspector,embeddable,kibanaUtils,discover,esUiShared,bfetch,expressions,visualizations,data,home,console,management,advancedSettings,telemetryManagementSection,navigation,dashboard,charts]"}
{"type":"log","@timestamp":"2020-05-25T10:06:04Z","tags":["info","savedobjects-service"],"pid":6,"message":"Waiting until all Elasticsearch nodes are compatible with Kibana before starting saved objects migrations..."}
{"type":"log","@timestamp":"2020-05-25T10:06:04Z","tags":["info","savedobjects-service"],"pid":6,"message":"Starting saved objects migrations"}
{"type":"log","@timestamp":"2020-05-25T10:06:04Z","tags":["info","plugins-system"],"pid":6,"message":"Starting [15] plugins: [visTypeVega,usageCollection,metrics,telemetryCollectionManager,telemetry,timelion,kibanaLegacy,apm_oss,share,bfetch,expressions,visualizations,data,home,console]"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"yellow","message":"Status changed from uninitialized to yellow - Waiting for Elasticsearch","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from yellow to green - Ready","prevState":"yellow","prevMsg":"Waiting for Elasticsearch"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:[email protected]","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["listening","info"],"pid":6,"message":"Server running at https://0.0.0.0:5601"}
{"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["info","http","server","Kibana"],"pid":6,"message":"http server running at https://0.0.0.0:5601"}
{"type":"log","@timestamp":"2020-05-25T10:06:15Z","tags":["error","http"],"pid":6,"message":"{ [security_exception] missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0], with { header={ WWW-Authenticate={ 0=\"Bearer realm=\\\"security\\\"\" & 1=\"ApiKey\" & 2=\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\" } } } :: {\"path\":\"/.kibana/_doc/config%3A7.7.0\",\"query\":{},\"statusCode\":401,\"response\":\"{\\\"error\\\":{\\\"root_cause\\\":[{\\\"type\\\":\\\"security_exception\\\",\\\"reason\\\":\\\"missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0]\\\",\\\"header\\\":{\\\"WWW-Authenticate\\\":[\\\"Bearer realm=\\\\\\\"security\\\\\\\"\\\",\\\"ApiKey\\\",\\\"Basic realm=\\\\\\\"security\\\\\\\" charset=\\\\\\\"UTF-8\\\\\\\"\\\"]}}],\\\"type\\\":\\\"security_exception\\\",\\\"reason\\\":\\\"missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0]\\\",\\\"header\\\":{\\\"WWW-Authenticate\\\":[\\\"Bearer realm=\\\\\\\"security\\\\\\\"\\\",\\\"ApiKey\\\",\\\"Basic realm=\\\\\\\"security\\\\\\\" charset=\\\\\\\"UTF-8\\\\\\\"\\\"]}},\\\"status\\\":401}\",\"wwwAuthenticateDirective\":\"Bearer realm=\\\"security\\\", ApiKey, Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"}\n    at respond (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:349:15)\n    at checkRespForFailure (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:306:7)\n    at HttpConnector.<anonymous> (/usr/share/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:173:7)\n    at IncomingMessage.wrapper (/usr/share/kibana/node_modules/elasticsearch/node_modules/lodash/lodash.js:4929:19)\n    at IncomingMessage.emit (events.js:203:15)\n    at endReadableNT (_stream_readable.js:1145:12)\n    at process._tickCallback (internal/process/next_tick.js:63:19)\n  status: 401,\n  displayName: 'AuthenticationException',\n  message:\n   '[security_exception] missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0], with { header={ WWW-Authenticate={ 0=\"Bearer realm=\\\\\"security\\\\\"\" & 1=\"ApiKey\" & 2=\"Basic realm=\\\\\"security\\\\\" charset=\\\\\"UTF-8\\\\\"\" } } }',\n  path: '/.kibana/_doc/config%3A7.7.0',\n  query: {},\n  body:\n   { error:\n      { root_cause: [Array],\n        type: 'security_exception',\n        reason:\n         'missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0]',\n        header: [Object] },\n     status: 401 },\n  statusCode: 401,\n  response:\n   '{\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0]\",\"header\":{\"WWW-Authenticate\":[\"Bearer realm=\\\\\"security\\\\\"\",\"ApiKey\",\"Basic realm=\\\\\"security\\\\\" charset=\\\\\"UTF-8\\\\\"\"]}}],\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0]\",\"header\":{\"WWW-Authenticate\":[\"Bearer realm=\\\\\"security\\\\\"\",\"ApiKey\",\"Basic realm=\\\\\"security\\\\\" charset=\\\\\"UTF-8\\\\\"\"]}},\"status\":401}',\n  wwwAuthenticateDirective:\n   'Bearer realm=\"security\", ApiKey, Basic realm=\"security\" charset=\"UTF-8\"',\n  toString: [Function],\n  toJSON: [Function],\n  isBoom: true,\n  isServer: false,\n  data: null,\n  output:\n   { statusCode: 401,\n     payload:\n      { statusCode: 401,\n        error: 'Unauthorized',\n        message:\n         '[security_exception] missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0], with { header={ WWW-Authenticate={ 0=\"Bearer realm=\\\\\"security\\\\\"\" & 1=\"ApiKey\" & 2=\"Basic realm=\\\\\"security\\\\\" charset=\\\\\"UTF-8\\\\\"\" } } }' },\n     headers: { 'WWW-Authenticate': [Array] } },\n  reformat: [Function],\n  [Symbol(ElasticsearchError)]: 'Elasticsearch/notAuthorized',\n  [Symbol(SavedObjectsClientErrorCode)]: 'SavedObjectsClient/notAuthorized' }"}
{"type":"error","@timestamp":"2020-05-25T10:06:15Z","tags":[],"pid":6,"level":"error","error":{"message":"Internal Server Error","name":"Error","stack":"Error: Internal Server Error\n    at HapiResponseAdapter.toInternalError (/usr/share/kibana/src/core/server/http/router/response_adapter.js:67:19)\n    at Router.handle (/usr/share/kibana/src/core/server/http/router/router.js:165:34)\n    at process._tickCallback (internal/process/next_tick.js:68:7)"},"url":{"protocol":null,"slashes":null,"auth":null,"host":null,"port":null,"hostname":null,"hash":null,"search":null,"query":{},"pathname":"/","path":"/","href":"/"},"message":"Internal Server Error"}
{"type":"response","@timestamp":"2020-05-25T10:06:15Z","tags":[],"pid":6,"method":"get","statusCode":500,"req":{"url":"/","method":"get","headers":{"host":"KIBANA-SERVER:5601","connection":"keep-alive","cache-control":"max-age=0","upgrade-insecure-requests":"1","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","sec-fetch-site":"none","sec-fetch-mode":"navigate","sec-fetch-user":"?1","sec-fetch-dest":"document","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"XXX.XXX.11.5","userAgent":"XXX.XXX.11.5"},"res":{"statusCode":500,"responseTime":44,"contentLength":9},"message":"GET / 500 44ms - 9.0B"}

======================
更新
======================

尝试使用具有相同配置的 kibana 版本 6.8(docker image docker.elastic.co/kibana/kibana-oss:6.8.0)(一切都相同 - 只是以前的图像)并且它可以工作,虽然我没有得到kibana 登录屏幕,而是由浏览器提示输入凭据。

authentication elasticsearch kibana

1 个回答

  1. Best Answer

    试过:

    #> docker exec -it kibana /bin/bash
bash-4.2$ bin/kibana-plugin install x-pack
Plugin installation was unsuccessful due to error "You are using the OSS-only distribution of Kibana.  As of version 6.3+ X-Pack is bundled in the standard distribution of this software by default; consequently it is no longer available as a plugin. Please use the standard distribution of Kibana to use X-Pack features."

    直到那时我才意识到我需要使用不同的 docker 容器: docker.elastic.co/kibana/kibana:7.7.0 只有这样一切才开始按预期工作

    • 1

相关问题