search

bvader / howtos

How To Do Stuff
4 stars 4 forks source link

Kibana server is not ready yet after TLS enabled ! #2

Closed mojitaleghani closed 2 years ago

mojitaleghani commented 2 years ago

Hi there, Thanks for your documents and how to, I used to replace exactly the same commands you wrote in the doc. there are two problems worth mentioning:

  1. some errors appeared when setting up the Kibana tls config lins as bellow: 
    **Jun 19 08:48:57 elk-test.namava.dc2.ser kibana[13410]: [2022-06-19T08:48:57.490+04:30][FATAL][root] Error: [config validation of [server].ssl]: cannot use [key] when [keystore.path] is specified**
Jun 19 08:48:57 elk-test.namava.dc2.ser systemd[1]: kibana.service: main process exited, code=exited, status=1/FAILURE
Jun 19 08:48:57 elk-test.namava.dc2.ser systemd[1]: Unit kibana.service entered failed state.
Jun 19 08:48:57 elk-test.namava.dc2.ser systemd[1]: kibana.service failed.
Jun 19 08:49:00 elk-test.namava.dc2.ser systemd[1]: kibana.service holdoff time over, scheduling restart.
Jun 19 08:49:00 elk-test.namava.dc2.ser systemd[1]: Stopped Kibana.
Jun 19 08:49:00 elk-test.namava.dc2.ser systemd[1]: Started Kibana.
Jun 19 08:49:02 elk-test.namava.dc2.ser kibana[13429]: [2022-06-19T08:49:02.662+04:30][FATAL][root] Error: [config validation of [server].ssl]: cannot use [key] when [keystore.path] is specified
Jun 19 08:49:02 elk-test.namava.dc2.ser kibana[13429]: at ObjectType.validate (/usr/share/kibana/node_modules/@kbn/config-schema/target_node/types/type.js:95:13)
Jun 19 08:49:02 elk-test.namava.dc2.ser kibana[13429]: at ConfigService.validateAtPath (/usr/share/kibana/node_modules/@kbn/config/target_node/config_service.js:228:19)
Jun 19 08:49:02 elk-test.namava.dc2.ser kibana[13429]: at MapSubscriber.project (/usr/share/kibana/node_modules/@kbn/config/target_node/config_service.js:236:169)
Jun 19 08:49:02 elk-test.namava.dc2.ser kibana[13429]: at MapSubscriber._next (/usr/share/kibana/node_modules/rxjs/internal/operators/map.js:49:35)
Jun 19 08:49:02 elk-test.namava.dc2.ser kibana[13429]: at MapSubscriber.Subscriber.next (/usr/share/kibana/node_modules/rxjs/internal/Subscriber.js:66:18)
Jun 19 08:49:02 elk-test.namava.dc2.ser kibana[13429]: at DistinctUntilChangedSubscriber._next (/usr/share/kibana/node_modules/rxjs/internal/operators/distinctUntilChanged.js:69:30)

    and the second error:

    
**Jun 19 08:50:39 elk-test.namava.dc2.ser kibana[13485]: [2022-06-19T08:50:39.034+04:30][FATAL][root] Error: [config validation of [server].ssl]: cannot use [certificate] when [keystore.path] is specified**
Jun 19 08:50:39 elk-test.namava.dc2.ser kibana[13485]: at ObjectType.validate (/usr/share/kibana/node_modules/@kbn/config-schema/target_node/types/type.js:95:13)
Jun 19 08:50:39 elk-test.namava.dc2.ser kibana[13485]: at ConfigService.validateAtPath (/usr/share/kibana/node_modules/@kbn/config/target_node/config_service.js:228:19)
Jun 19 08:50:39 elk-test.namava.dc2.ser kibana[13485]: at MapSubscriber.project (/usr/share/kibana/node_modules/@kbn/config/target_node/config_service.js:236:169)
Jun 19 08:50:39 elk-test.namava.dc2.ser kibana[13485]: at MapSubscriber._next (/usr/share/kibana/node_modules/rxjs/internal/operators/map.js:49:35)
Jun 19 08:50:39 elk-test.namava.dc2.ser kibana[13485]: at MapSubscriber.Subscriber.next (/usr/share/kibana/node_modules/rxjs/internal/Subscriber.js:66:18)
Jun 19 08:50:39 elk-test.namava.dc2.ser kibana[13485]: at DistinctUntilChangedSubscriber._next (/usr/share/kibana/node_modules/rxjs/internal/operators/distinctUntilChanged.js:69:30)
Jun 19 08:50:39 elk-test.namava.dc2.ser kibana[13485]: at DistinctUntilChangedSubscriber.Subscriber.next (/usr/share/kibana/node_modules/rxjs/internal/Subscriber.js:66:18)
Jun 19 08:50:39 elk-test.namava.dc2.ser kibana[13485]: at MapSubscriber._next (/usr/share/kibana/node_modules/rxjs/internal/operators/map.js:55:26)
Jun 19 08:50:39 elk-test.namava.dc2.ser kibana[13485]: at MapSubscriber.Subscriber.next (/usr/share/kibana/node_modules/rxjs/internal/Subscriber.js:66:18)

so, base on the first lines of the fatal errors, we would not use the lines:

server.ssl.certificate: "/etc/kibana/certs/kibana.crt"

server.ssl.key: "/etc/kibana/certs/kibana.key"



in the `kibana.yml` file.

2. after configuring all steps, and starting successfully all the services, there is one more problem that is dramatically wired to me and that is the although the kibana service is running, but when you want to open it in the browser, you face with bellow error with no log in the elasticsearch or kibana log files:
![image](https://user-images.githubusercontent.com/43955725/174466683-4aac34e4-821f-4024-a86f-8c0d979f3d11.png)

Are there any advice to figure out how to solve this problem?
mojitaleghani commented 2 years ago

my bad. comment out the line #server.ssl.certificate: "/etc/kibana/certs/kibana.crt". you dont need this line at all. BTW, thanks fot the doc.