问题:
Kibana服务器尚未准备好-[security_exception]无法验证用户[弹性]
章宏恺
结果是,我尝试为ElasticSearch和Kibana添加用户。对于ElasticSearch,我添加了xpack。安全启用:在elasticsearch中为true。yml和elasticsearch。用户名:“elastic”和elasticsearch。密码:kibana中的“ipF2vorNqvRgXTjuptqS”。yml。
当我启动ElasticSearch时,系统会提示我输入用户名和密码。我这样做并成功登录。
但是当我开始Kibana,在日志中我得到这个错误:[警告][许可][插件]由于[security_exception]无法验证用户[弹性]REST请求[/_xpack]
在http://localhost:5601,我得到了这个错误Kibana服务器还没有准备好
为了排除故障,我跑步http://localhost:9200/_security/user/我得到了
{
"elastic":{
"username":"elastic",
"roles":[
"superuser"
],
"full_name":null,
"email":null,
"metadata":{
"_reserved":true
},
"enabled":true
},
"kibana":{
"username":"kibana",
"roles":[
"kibana_system"
],
"full_name":null,
"email":null,
"metadata":{
"_deprecated":true,
"_deprecated_reason":"Please use the [kibana_system] user instead.",
"_reserved":true
},
"enabled":true
},
"kibana_system":{
"username":"kibana_system",
"roles":[
"kibana_system"
],
"full_name":null,
"email":null,
"metadata":{
"_reserved":true
},
"enabled":true
},
"logstash_system":{
"username":"logstash_system",
"roles":[
"logstash_system"
],
"full_name":null,
"email":null,
"metadata":{
"_reserved":true
},
"enabled":true
},
"beats_system":{
"username":"beats_system",
"roles":[
"beats_system"
],
"full_name":null,
"email":null,
"metadata":{
"_reserved":true
},
"enabled":true
},
"apm_system":{
"username":"apm_system",
"roles":[
"apm_system"
],
"full_name":null,
"email":null,
"metadata":{
"_reserved":true
},
"enabled":true
},
"remote_monitoring_user":{
"username":"remote_monitoring_user",
"roles":[
"remote_monitoring_collector",
"remote_monitoring_agent"
],
"full_name":null,
"email":null,
"metadata":{
"_reserved":true
},
"enabled":true
}
}
我按照以下步骤在elasticsearch设置密码。
D:\elasticsearch\bin>elasticsearch-setup-passwords auto
future versions of Elasticsearch will require Java 11; your Java version from [C:\Program Files\Java\jdk1.8.0_251\jre] does not meet this requirement
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
The passwords will be randomly generated and printed to the console.
Please confirm that you would like to continue [y/N]y
Changed password for user apm_system
PASSWORD apm_system = TCxggBZ1O8u7pCYMQZx3
Changed password for user kibana_system
PASSWORD kibana_system = G48r4h6M6WjLnjzPqjAG
Changed password for user kibana
PASSWORD kibana = G48r4h6M6WjLnjzPqjAG
Changed password for user logstash_system
PASSWORD logstash_system = UQZTsQrN84jQuzCKnOSc
Changed password for user beats_system
PASSWORD beats_system = wC5h5tShmOuouJ072owM
Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = VHqOCfKuxbCCjbEMTWQZ
Changed password for user elastic
PASSWORD elastic = ipF2vorNqvRgXTjuptqS
如何进一步排除故障或解决问题?我应该在kibana中使用“elastic”或“kibana\u system”作为用户名吗。yml?
我是基巴纳。yml
# Kibana is served by a back end server. This setting specifies the port to use.
#server.port: 5601
# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
#server.host: "localhost"
# Enables you to specify a path to mount Kibana at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
#server.basePath: ""
# Specifies whether Kibana should rewrite requests that are prefixed with
# `server.basePath` or require that they are rewritten by your reverse proxy.
# This setting was effectively always `false` before Kibana 6.3 and will
# default to `true` starting in Kibana 7.0.
#server.rewriteBasePath: false
# The maximum payload size in bytes for incoming server requests.
#server.maxPayloadBytes: 1048576
# The Kibana server's name. This is used for display purposes.
#server.name: "your-hostname"
# The URLs of the Elasticsearch instances to use for all your queries.
#elasticsearch.hosts: ["http://localhost:9200"]
# When this setting's value is true Kibana uses the hostname specified in the server.host
# setting. When the value of this setting is false, Kibana uses the hostname of the host
# that connects to this Kibana instance.
#elasticsearch.preserveHost: true
# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
# dashboards. Kibana creates a new index if the index doesn't already exist.
#kibana.index: ".kibana"
# The default application to load.
#kibana.defaultAppId: "home"
# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
elasticsearch.username: "elastic"
elasticsearch.password: "ipF2vorNqvRgXTjuptqS"
# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
#server.ssl.enabled: false
#server.ssl.certificate: /path/to/your/server.crt
#server.ssl.key: /path/to/your/server.key
# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
# These files are used to verify the identity of Kibana to Elasticsearch and are required when
# xpack.security.http.ssl.client_authentication in Elasticsearch is set to required.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key
# Optional setting that enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]
# To disregard the validity of SSL certificates, change this setting's value to 'none'.
#elasticsearch.ssl.verificationMode: full
# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
# the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500
# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
#elasticsearch.requestTimeout: 30000
# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]
# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}
# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 30000
# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying.
#elasticsearch.startupTimeout: 5000
# Logs queries sent to Elasticsearch. Requires logging.verbose set to true.
#elasticsearch.logQueries: false
# Specifies the path where Kibana creates the process ID file.
#pid.file: /var/run/kibana.pid
# Enables you to specify a file where Kibana stores log output.
#logging.dest: stdout
# Set the value of this setting to true to suppress all logging output.
#logging.silent: false
# Set the value of this setting to true to suppress all logging output other than error messages.
#logging.quiet: false
# Set the value of this setting to true to log all events, including system usage information
# and all requests.
#logging.verbose: false
# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000.
#ops.interval: 5000
# Specifies locale to be used for all localizable strings, dates and number formats.
# Supported languages are the following: English - en , by default , Chinese - zh-CN .
#i18n.locale: "en"
#elasticsearch.username: "elastic"
#elasticsearch.password: "ipF2vorNqvRgXTjuptqS"
#elasticsearch.username: "kibana_system"
#elasticsearch.password: "kibanapassword"
共有1个答案
池庆
你也需要在kibana中配置密码。yml文件:elasticsearch。密码:$password
查看此处的文档:https://www.elastic.co/guide/en/kibana/current/using-kibana-with-security.html
类似资料:
-
我刚刚在RHEL 8上安装了Kibana7.3。Kibana服务处于活动状态(正在运行)。 当我卷曲到http://localhost:5601时,我收到了消息。我的Elasticsearch实例在另一台服务器上,它正在成功响应我的请求。我已经用它更新了kibana.yml elasticsearch.hosts:["超文本传输协议://EXTERNAL-IP-ADDRESS-OF-ES: 920
-
我正试图用BouncyCastle CMS签署一份PDF文件。签名有效,但Adobe Reader告诉我它还没有准备好LTV。 据我所知,CRL嵌入在CMS SignedData中。证书也被嵌入其中。还嵌入了时间戳。 签名是一个分离的签名,放在“预留空间”。 为什么签名还没有准备好?我是不是做错了什么? 签名测试-PDF:http://www.filedropper.com/outputx 代码:
-
我有一个谷歌办公套件电子邮件地址example@gmail.com我创建了一个谷歌服务号example-sa@iam.gserviceaccount.com。 我的目标是从这个SA发送电子邮件,就像它是电子邮件一样,但我无法验证SA。 不过,我可以使用以下代码登录服务帐户Google Drive: 然而,当我尝试为gmail做同样的事情时,我得到了一个错误: 错误: 如果我点击错误消息中提供的UR
-
我从spring boot oauth2服务器生成JWT令牌,但当我想使用endpoint验证此JWT令牌时,我将post请求发送到此endpoint,并将JWT包含在授权头中,得到401-未经授权的http错误代码。 我从服务器得到的结果是: 为什么oauth服务器返回401? 下面是我对oauth服务器的实现:
-
问题内容: 进行客户端或服务器端验证哪个更好? 在我们的情况下,我们正在使用 jQuery和MVC。 在我们的视图和控制器之间传递的JSON数据。 我所做的许多验证工作都是在用户输入数据时对其进行验证。例如,我使用该事件来防止文本框中的字母,设置最大字符数,并且该数字在一定范围内。 我想更好的问题是,与客户端相比,进行服务器端验证是否有任何好处? 真棒的答案大家。我们拥有的网站受到密码保护,并且用
-
我试图扩展用户身份验证示例,这里也给出了这个示例,以便多个用户可以登录到服务器。我还想为每个用户分配一个不同的主目录。到目前为止,我还没有找到Apache SSHD API提供的任何此类实用程序,因此我尝试了以下解决方案,使用Apache FTPServer提供的实用程序。 我试图做的是: