Authentication
Kibana - “缺少 REST 請求的身份驗證憑據”
我有一個帶有 xpack 基本許可證的 elasticsearch 集群,並且啟用了本機使用者身份驗證(當然是 ssl)。我正在嘗試在 docker 容器上設置 kibana,但在瀏覽器中訪問 kibana 時不斷出現錯誤:
{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred."}在 kibana 日誌中我有消息:(
"missing authentication credentials for REST request"下面的完整日誌)我的 kibana.yml 文件是:
server.name: kibana server.host: "0.0.0.0" elasticsearch.hosts: - https://server:9200 server.ssl.certificate: "cert.crt" server.ssl.key: "vert.key" server.ssl.enabled: true elasticsearch.ssl.certificateAuthorities: ["root-ca.crt"] elasticsearch.username: "kibana" elasticsearch.password: "XXXXXXXXXXXXXXXXXXXXXXXXXXXX"手動請求(使用瀏覽器或郵遞員獲取\發布請求)工作正常。任何以(eg )
開頭的配置設置都將失敗,並出現一些關於無法辨識密鑰的錯誤。 使用的容器版本:docker.elastic.co/kibana/kibana-oss:7.7.0
xpack.*``xpack.security.enabled可能是在kibana docker容器中預設沒有安裝xpack嗎?
我做錯了什麼?
——– 完整的 kibana 日誌 ———
{"type":"log","@timestamp":"2020-05-25T10:06:03Z","tags":["warning","plugins-discovery"],"pid":6,"message":"Expect plugin \"id\" in camelCase, but found: apm_oss"} {"type":"log","@timestamp":"2020-05-25T10:06:03Z","tags":["info","plugins-system"],"pid":6,"message":"Setting up [32] plugins: [visTypeVega,usageCollection,metrics,telemetryCollectionManager,telemetry,timelion,kibanaLegacy,devTools,apm_oss,uiActions,savedObjects,share,statusPage,newsfeed,kibanaReact,inspector,embeddable,kibanaUtils,discover,esUiShared,bfetch,expressions,visualizations,data,home,console,management,advancedSettings,telemetryManagementSection,navigation,dashboard,charts]"} {"type":"log","@timestamp":"2020-05-25T10:06:04Z","tags":["info","savedobjects-service"],"pid":6,"message":"Waiting until all Elasticsearch nodes are compatible with Kibana before starting saved objects migrations..."} {"type":"log","@timestamp":"2020-05-25T10:06:04Z","tags":["info","savedobjects-service"],"pid":6,"message":"Starting saved objects migrations"} {"type":"log","@timestamp":"2020-05-25T10:06:04Z","tags":["info","plugins-system"],"pid":6,"message":"Starting [15] plugins: [visTypeVega,usageCollection,metrics,telemetryCollectionManager,telemetry,timelion,kibanaLegacy,apm_oss,share,bfetch,expressions,visualizations,data,home,console]"} {"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:apm_oss@7.7.0","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"} {"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:console_legacy@7.7.0","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"} {"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:kibana@7.7.0","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"} {"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:elasticsearch@7.7.0","info"],"pid":6,"state":"yellow","message":"Status changed from uninitialized to yellow - Waiting for Elasticsearch","prevState":"uninitialized","prevMsg":"uninitialized"} {"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:elasticsearch@7.7.0","info"],"pid":6,"state":"green","message":"Status changed from yellow to green - Ready","prevState":"yellow","prevMsg":"Waiting for Elasticsearch"} {"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:interpreter@7.7.0","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"} {"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:input_control_vis@7.7.0","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"} {"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:kibana_react@7.7.0","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"} {"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:stack-management@7.7.0","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"} {"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:region_map@7.7.0","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"} {"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:ui_metric@7.7.0","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"} {"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:vis_default_editor@7.7.0","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"} {"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:markdown_vis@7.7.0","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"} {"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:metric_vis@7.7.0","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"} {"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:table_vis@7.7.0","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"} {"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:tagcloud@7.7.0","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"} {"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:timelion_vis@7.7.0","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"} {"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:vis_type_vega@7.7.0","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"} {"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["status","plugin:vis_type_vislib@7.7.0","info"],"pid":6,"state":"green","message":"Status changed from uninitialized to green - Ready","prevState":"uninitialized","prevMsg":"uninitialized"} {"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["listening","info"],"pid":6,"message":"Server running at https://0.0.0.0:5601"} {"type":"log","@timestamp":"2020-05-25T10:06:05Z","tags":["info","http","server","Kibana"],"pid":6,"message":"http server running at https://0.0.0.0:5601"} {"type":"log","@timestamp":"2020-05-25T10:06:15Z","tags":["error","http"],"pid":6,"message":"{ [security_exception] missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0], with { header={ WWW-Authenticate={ 0=\"Bearer realm=\\\"security\\\"\" & 1=\"ApiKey\" & 2=\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\" } } } :: {\"path\":\"/.kibana/_doc/config%3A7.7.0\",\"query\":{},\"statusCode\":401,\"response\":\"{\\\"error\\\":{\\\"root_cause\\\":[{\\\"type\\\":\\\"security_exception\\\",\\\"reason\\\":\\\"missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0]\\\",\\\"header\\\":{\\\"WWW-Authenticate\\\":[\\\"Bearer realm=\\\\\\\"security\\\\\\\"\\\",\\\"ApiKey\\\",\\\"Basic realm=\\\\\\\"security\\\\\\\" charset=\\\\\\\"UTF-8\\\\\\\"\\\"]}}],\\\"type\\\":\\\"security_exception\\\",\\\"reason\\\":\\\"missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0]\\\",\\\"header\\\":{\\\"WWW-Authenticate\\\":[\\\"Bearer realm=\\\\\\\"security\\\\\\\"\\\",\\\"ApiKey\\\",\\\"Basic realm=\\\\\\\"security\\\\\\\" charset=\\\\\\\"UTF-8\\\\\\\"\\\"]}},\\\"status\\\":401}\",\"wwwAuthenticateDirective\":\"Bearer realm=\\\"security\\\", ApiKey, Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"}\n at respond (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:349:15)\n at checkRespForFailure (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:306:7)\n at HttpConnector.<anonymous> (/usr/share/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:173:7)\n at IncomingMessage.wrapper (/usr/share/kibana/node_modules/elasticsearch/node_modules/lodash/lodash.js:4929:19)\n at IncomingMessage.emit (events.js:203:15)\n at endReadableNT (_stream_readable.js:1145:12)\n at process._tickCallback (internal/process/next_tick.js:63:19)\n status: 401,\n displayName: 'AuthenticationException',\n message:\n '[security_exception] missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0], with { header={ WWW-Authenticate={ 0=\"Bearer realm=\\\\\"security\\\\\"\" & 1=\"ApiKey\" & 2=\"Basic realm=\\\\\"security\\\\\" charset=\\\\\"UTF-8\\\\\"\" } } }',\n path: '/.kibana/_doc/config%3A7.7.0',\n query: {},\n body:\n { error:\n { root_cause: [Array],\n type: 'security_exception',\n reason:\n 'missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0]',\n header: [Object] },\n status: 401 },\n statusCode: 401,\n response:\n '{\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0]\",\"header\":{\"WWW-Authenticate\":[\"Bearer realm=\\\\\"security\\\\\"\",\"ApiKey\",\"Basic realm=\\\\\"security\\\\\" charset=\\\\\"UTF-8\\\\\"\"]}}],\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0]\",\"header\":{\"WWW-Authenticate\":[\"Bearer realm=\\\\\"security\\\\\"\",\"ApiKey\",\"Basic realm=\\\\\"security\\\\\" charset=\\\\\"UTF-8\\\\\"\"]}},\"status\":401}',\n wwwAuthenticateDirective:\n 'Bearer realm=\"security\", ApiKey, Basic realm=\"security\" charset=\"UTF-8\"',\n toString: [Function],\n toJSON: [Function],\n isBoom: true,\n isServer: false,\n data: null,\n output:\n { statusCode: 401,\n payload:\n { statusCode: 401,\n error: 'Unauthorized',\n message:\n '[security_exception] missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0], with { header={ WWW-Authenticate={ 0=\"Bearer realm=\\\\\"security\\\\\"\" & 1=\"ApiKey\" & 2=\"Basic realm=\\\\\"security\\\\\" charset=\\\\\"UTF-8\\\\\"\" } } }' },\n headers: { 'WWW-Authenticate': [Array] } },\n reformat: [Function],\n [Symbol(ElasticsearchError)]: 'Elasticsearch/notAuthorized',\n [Symbol(SavedObjectsClientErrorCode)]: 'SavedObjectsClient/notAuthorized' }"} {"type":"error","@timestamp":"2020-05-25T10:06:15Z","tags":[],"pid":6,"level":"error","error":{"message":"Internal Server Error","name":"Error","stack":"Error: Internal Server Error\n at HapiResponseAdapter.toInternalError (/usr/share/kibana/src/core/server/http/router/response_adapter.js:67:19)\n at Router.handle (/usr/share/kibana/src/core/server/http/router/router.js:165:34)\n at process._tickCallback (internal/process/next_tick.js:68:7)"},"url":{"protocol":null,"slashes":null,"auth":null,"host":null,"port":null,"hostname":null,"hash":null,"search":null,"query":{},"pathname":"/","path":"/","href":"/"},"message":"Internal Server Error"} {"type":"response","@timestamp":"2020-05-25T10:06:15Z","tags":[],"pid":6,"method":"get","statusCode":500,"req":{"url":"/","method":"get","headers":{"host":"KIBANA-SERVER:5601","connection":"keep-alive","cache-control":"max-age=0","upgrade-insecure-requests":"1","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","sec-fetch-site":"none","sec-fetch-mode":"navigate","sec-fetch-user":"?1","sec-fetch-dest":"document","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"XXX.XXX.11.5","userAgent":"XXX.XXX.11.5"},"res":{"statusCode":500,"responseTime":44,"contentLength":9},"message":"GET / 500 44ms - 9.0B"}======================
更新
======================
嘗試使用具有相同配置的 kibana 6.8 版(docker image docker.elastic.co/kibana/kibana-oss:6.8.0)(一切都相同 - 只是以前的圖像)並且它可以工作,雖然我沒有得到kibana 登錄螢幕,而是由瀏覽器提示輸入憑據。
試過:
#> docker exec -it kibana /bin/bash bash-4.2$ bin/kibana-plugin install x-pack Plugin installation was unsuccessful due to error "You are using the OSS-only distribution of Kibana. As of version 6.3+ X-Pack is bundled in the standard distribution of this software by default; consequently it is no longer available as a plugin. Please use the standard distribution of Kibana to use X-Pack features."直到那時我才意識到我需要使用不同的 docker 容器:
docker.elastic.co/kibana/kibana:7.7.0只有這樣一切才開始按預期工作