致命错误"searchguard.readonly_mode.roles"；设置未在kibana中应用 [英] Fatal Error "searchguard.readonly_mode.roles" setting was not applied in kibana

问题描述

我已经安装了elasticsearch，kibana和logstash版本7.1.0，然后通过在elasticsearch.yml中输入以下内容来设置安全性，最后我在cmd上运行以下命令来设置密码.

  bin/elasticsearch-setup-passwords交互式 

现在我的elasticsearch网址已受密码保护，并且可以正常工作.当我访问

elasticsearch.yml

 #======================== Elasticsearch配置=========================##注意:对于大多数设置，Elasticsearch带有合理的默认值.#在开始调整和调整配置之前，请确保#了解您要实现的目标和后果.##配置节点的主要方法是通过此文件.该模板列出#您可能要为生产集群配置的最重要的设置.##请查阅文档以获取有关配置选项的更多信息:#https://www.elastic.co/guide/zh-CN/elasticsearch/reference/index.html##  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  簇  -  -  -  -  -  -  ----------------------##为您的集群使用一个描述性名称:##cluster.name:我的应用程序##------------------------------------节点------------------------------------##为节点使用描述性名称:#node.name:节点1##将自定义属性添加到节点:##node.attr.rack:r1##-----------------------------------路径------------------------------------##存储数据的目录路径(用逗号分隔多个位置):##path.data:/path/to/data##日志文件的路径:##path.logs:/path/to/logs##  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  - - 记忆  -  -  -  -  -  - -----------------------##在启动时锁定内存:##bootstrap.memory_lock:正确##确保将堆大小设置为大约可用内存的一半#在系统上，并且允许进程的所有者使用此命令# 限制.##系统交换内存时，Elasticsearch的性能较差.##  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  网络  -  -  -  -  -  -  ----------------------##设置绑定地址为特定的IP地址(IPv4或IPv6):#网络主机:10.42.35.14##为HTTP设置一个自定义端口:#http.port:9200##有关更多信息，请参阅网络模块文档.##---------------------------------发现----------------------------------##启动主机的初始列表以在此节点启动时执行发现:#默认的主机列表为["127.0.0.1"，"[:: 1]"]#Discovery.seed_hosts:["10.42.35.14"，"127.0.0.1"，"[:: 1]"]##使用一组初始的符合主机资格的节点来引导集群:#cluster.initial_master_nodes:["node-1"]##有关更多信息，请参阅发现和集群形成模块文档.##----------------------------------网关-----------------------------------##在整个集群重新启动后阻止初始恢复，直到启动N个节点为止:##gateway.recover_after_nodes:3##有关更多信息，请参阅网关模块文档.##  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  各种各样的  -  -  -  -  -  -  ----------------------##删除索引时需要明确的名称:##action.destructive_requires_name:正确xpack.security.enabled:正确xpack.security.transport.ssl.enabled:true 

kibana.yml

 #Kibana由后端服务器提供服务.此设置指定要使用的端口.server.port:5601#指定Kibana服务器将绑定到的地址.IP地址和主机名都是有效值.#默认值为'localhost'，这通常意味着远程计算机将无法连接.#要允许来自远程用户的连接，请将此参数设置为非环回地址.server.host:10.42.35.14#如果您在代理后面运行，则可以指定安装Kibana的路径.#使用`server.rewriteBasePath`设置告诉Kibana是否应删除basePath#从收到的请求中提取，并在启动时防止过时警告.#此设置不能以斜杠结尾.#server.basePath:"#指定Kibana是否应重写以开头的请求#`server.basePath`或要求它们由您的反向代理重写.#在Kibana 6.3之前，此设置实际上始终为"false"，并且会#从Kibana 7.0开始默认为`true`.#server.rewriteBasePath:否#传入服务器请求的最大有效负载大小(以字节为单位).#server.maxPayloadBytes:1048576#Kibana服务器的名称.这用于显示目的.#server.name:您的主机名"#用于所有查询的Elasticsearch实例的URL.elasticsearch.hosts:["http://10.42.35.14:9200/"]#当此设置的值为true时，Kibana使用server.host中指定的主机名# 环境.当此设置的值为false时，Kibana将使用主机的主机名#连接到该Kibana实例.#elasticsearch.preserveHost:true#Kibana在Elasticsearch中使用索引来存储保存的搜索，可视化和#仪表板.如果索引不存在，则Kibana会创建一个新索引.#kibana.index:.kibana"#加载的默认应用程序.#kibana.defaultAppId:家"#如果您的Elasticsearch受基本身份验证保护，则这些设置可提供#Kibana服务器在Kibana上执行维护所使用的用户名和密码#启动时的索引.您的Kibana用户仍然需要通过Elasticsearch进行身份验证，#通过Kibana服务器代理.#elasticsearch.username:用户"#elasticsearch.password:通过"#分别启用SSL以及PEM格式的SSL证书和SSL密钥文件的路径.#这些设置为从Kibana服务器到浏览器的传出请求启用SSL.#server.ssl.enabled:否#server.ssl.certificate:/path/to/your/server.crt#server.ssl.key:/path/to/your/server.key#可选设置，提供PEM格式SSL证书和密钥文件的路径.#这些文件验证您的Elasticsearch后端使用相同的密钥文件.#elasticsearch.ssl.certificate:/path/to/your/client.crt#elasticsearch.ssl.key:/path/to/your/client.key#可选设置，使您可以指定证书的PEM文件的路径#您的Elasticsearch实例的权限.#elasticsearch.ssl.certificateAuthorities:["/path/to/your/CA.pem"]#要忽略SSL证书的有效性，请将此设置的值更改为"none".#elasticsearch.ssl.verificationMode:完整#等待Elasticsearch响应ping的时间(以毫秒为单位).默认值为#elasticsearch.requestTimeout设置.#elasticsearch.ping超时:1500#等待后端或Elasticsearch响应的时间(以毫秒为单位).这个值#必须为正整数.#elasticsearch.requestTimeout:30000#要发送到Elasticsearch的Kibana客户端标头列表.发送*否*客户端#个标头，将此值设置为[](一个空列表).#elasticsearch.requestHeadersWhitelist:[授权]#发送到Elasticsearch的标题名称和值.任何自定义标头均不能覆盖#由客户端标头，而不管elasticsearch.requestHeadersWhitelist配置如何.#elasticsearch.customHeaders:{}#Elasticsearch等待分片响应的时间(以毫秒为单位).设置为0禁用.#elasticsearch.shardTimeout:30000#重试之前在Kibana启动时等待Elasticsearch的时间(以毫秒为单位).#elasticsearch.startupTimeout:5000#记录发送到Elasticsearch的查询.需要logging.verbose设置为true.#elasticsearch.log查询:false#指定Kibana在其中创建进程ID文件的路径.#pid.file:/var/run/kibana.pid#使您可以指定一个文件，Kibana将在此文件中存储日志输出.#logging.dest:标准输出#将此设置的值设置为true以禁止所有日志记录输出.#logging.silent:假#将此设置的值设置为true以禁止显示除错误消息以外的所有日志记录输出.#logging.quiet:否#将此设置的值设置为true以记录所有事件，包括系统使用情况信息#和所有请求.#logging.verbose:否#设置时间间隔(以毫秒为单位)以采样系统和过程性能#个指标.最小为100毫秒.默认为5000#ops.interval:5000#指定用于所有可本地化的字符串，日期和数字格式的语言环境.#i18n.locale:"en" 

解决方案

您必须在kibana.yml中启用以下两个参数，并使用运行"../elasticsearch-setup-密码互动"，然后重新启动Kibana.

elasticsearch.username:用户"elasticsearch.password:通过"

I have installed elasticsearch,kibana and logstash version 7.1.0, then set the security by entering following things in elasticsearch.yml and finally i run following command on cmd to set passwords.

bin/elasticsearch-setup-passwords interactive

Now my elasticsearch url is password protected and it is working fine. when i access http://10.42.35.14:9200/ it is asking user and password for elastic.

but now when i run kibana.bat file it is giving me an error.

elasticsearch.yml

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
#cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
#path.data: /path/to/data
#
# Path to log files:
#
#path.logs: /path/to/logs
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: 10.42.35.14
#
# Set a custom port for HTTP:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
discovery.seed_hosts: ["10.42.35.14", "127.0.0.1", "[::1]"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes: ["node-1"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true

kibana.yml

# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5601

# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: 10.42.35.14

# Enables you to specify a path to mount Kibana at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
#server.basePath: ""

# Specifies whether Kibana should rewrite requests that are prefixed with
# `server.basePath` or require that they are rewritten by your reverse proxy.
# This setting was effectively always `false` before Kibana 6.3 and will
# default to `true` starting in Kibana 7.0.
#server.rewriteBasePath: false

# The maximum payload size in bytes for incoming server requests.
#server.maxPayloadBytes: 1048576

# The Kibana server's name.  This is used for display purposes.
#server.name: "your-hostname"

# The URLs of the Elasticsearch instances to use for all your queries.
elasticsearch.hosts: ["http://10.42.35.14:9200/"]

# When this setting's value is true Kibana uses the hostname specified in the server.host
# setting. When the value of this setting is false, Kibana uses the hostname of the host
# that connects to this Kibana instance.
#elasticsearch.preserveHost: true

# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
# dashboards. Kibana creates a new index if the index doesn't already exist.
#kibana.index: ".kibana"

# The default application to load.
#kibana.defaultAppId: "home"

# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
#elasticsearch.username: "user"
#elasticsearch.password: "pass"

# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
#server.ssl.enabled: false
#server.ssl.certificate: /path/to/your/server.crt
#server.ssl.key: /path/to/your/server.key

# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
# These files validate that your Elasticsearch backend uses the same key files.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key

# Optional setting that enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]

# To disregard the validity of SSL certificates, change this setting's value to 'none'.
#elasticsearch.ssl.verificationMode: full

# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
# the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500

# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
#elasticsearch.requestTimeout: 30000

# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]

# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}

# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 30000

# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying.
#elasticsearch.startupTimeout: 5000

# Logs queries sent to Elasticsearch. Requires logging.verbose set to true.
#elasticsearch.logQueries: false

# Specifies the path where Kibana creates the process ID file.
#pid.file: /var/run/kibana.pid

# Enables you specify a file where Kibana stores log output.
#logging.dest: stdout

# Set the value of this setting to true to suppress all logging output.
#logging.silent: false

# Set the value of this setting to true to suppress all logging output other than error messages.
#logging.quiet: false

# Set the value of this setting to true to log all events, including system usage information
# and all requests.
#logging.verbose: false

# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000.
#ops.interval: 5000

# Specifies locale to be used for all localizable strings, dates and number formats.
#i18n.locale: "en"

解决方案

You have to enable the below two parameters in kibana.yml, with the exact username password which you used for user elastic which running "./elasticsearch-setup-passwords interactive" and restart Kibana.

elasticsearch.username: "user" elasticsearch.password: "pass"

这篇关于致命错误"searchguard.readonly_mode.roles"；设置未在kibana中应用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！