search

cisagov / LME

Logging Made Easy (LME) is a no-cost and open logging and protective monitoring solution serving all organizations.
https://www.cisa.gov/resources-tools/services/logging-made-easy
Other
827 stars 64 forks source link

LME changed password for kebana_system - Elasticsearch is not responding #172

Open LeitLei opened 8 months ago

LeitLei commented 8 months ago

Describe the bug

LME changed password for kebana_system during update. Update fails with "Elasticsearch is not responding"

To Reproduce

I want to update from 1.0.0 to 1.3.2 So I followed your instructions here.

After creating the services there is the message "Waiting for Elasticsearch to be ready" followed by "Elasticsearch is not responding after 25 attempts - existing". With sudo docker ps -a I could see that the kibana container is still on "health: starting". So I checked the logs and found:

Unable to retrieve version information from Elasticsearch nodes. security_exception
        Root causes:
                security_exception: unable to authenticate user [kibana_system] for REST request [/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip]
[2024-01-30T10:44:06.267+00:00][INFO ][plugins.screenshotting.chromium] Browser executable: /usr/share/kibana/node_modules/@kbn/screenshotting-plugin/chromium/headless_shell-linux_x64/headless_shell

I noticed, that the password for kibana_system in docker-compose-stack-live.yml is now different as pre update. Also the password for logstash_writer in logstash.edited.conf.

After that, I followed your instructions here (but _elasticsearch-reset-password -v -u kibana_system -i --url https://localhost:9200_ instead elastic) and update the password as listed in docker-compose-stack-live.yml.

After a restart, all works fine.

But why is LME changing my passwords? I found only this which is similar but not the same in your Changelog. Is the installation finish after changing my password? Or is there anything more to do (except your points listed in your upgrade manual)?

Please complete the following information

Desktop:

Server:

Expected behavior

LME should not change the password during update or should tell the user, what he have to do after the automatic password change. The user needs information, if the Update was successful after changed the password with your code listed in 'troubleshooting'.

Screenshots

Additional context

llwaterhouse commented 8 months ago

Hello, thank you for submitting your ticket.

In order to best respond to your issue, please resubmit this using the Bug template and provide all of the requested information.

Thank you.

LeitLei commented 8 months ago

Hello, thank you for submitting your ticket.

In order to best respond to your issue, please resubmit this using the Bug template and provide all of the requested information.

Thank you.

@llwaterhouse : Updated!

LeitLei commented 8 months ago

@llwaterhouse : Please reopen it. Thanks a lot!

llwaterhouse commented 8 months ago

I have reopened it. Please resubmit with the template filled out so we can best answer. Thank you.

LeitLei commented 7 months ago

Hi @llwaterhouse,

can you tell me meanwhile, if the Update is successful finished after I changed the password with your code listed in 'troubleshooting'?

llwaterhouse commented 7 months ago

Can you log into kibana and are the panels displaying data?

LeitLei commented 7 months ago

@llwaterhouse :

yes, all works fine.

But I also have to set _elasticsearch-reset-password -v -u logstashwriter -i --url https://localhost:9200/