Closed lakonis closed 2 years ago
Hi, and thanks for the detailed issue report! 🙌
Indeed, in Elastic v7 security features become unavailable at the end of the trial. This is not the case anymore in v8, but that's a different topic.
Based on the provided information, I can't think about a reason why Kibana is unavailable because:
kibana_1
logs don't show any error. But possibly the output is incomplete because Kibana seems to be still starting.Up 4 minutes
) so the theory of a component crashing can be excluded.To answer your question, the first step to check that your data is intact would be to query Elasticsearch using a HTTP client like curl
or Postman
. Example, to list your indices:
curl -D- http://localhost:9200/_cat/indices -u elastic:changeme
To get to the bottom of this, I would suggest starting the stack, waiting about 2 minutes, then fetching the logs of Elasticsearch and Kibana again with
docker-compose logs elasticsearch
docker-compose logs kibana
I'm expecting the reason why Kibana returns a 503 to be obvious from those logs.
Thank you for your answer :rocket:
curl -D- http://localhost:9200/_cat/indices -u elastic:changeme
HTTP/1.1 403 Forbidden
X-elastic-product: Elasticsearch
content-type: application/json; charset=UTF-8
content-length: 571
{"error":{"root_cause":[{"type":"security_exception","reason":"current license is non-compliant for [security]","license.expired.feature":"security","suppressed":[{"type":"security_exception","reason":"current license is non-compliant for [security]","license.expired.feature":"security"}]}],"type":"security_exception","reason":"current license is non-compliant for [security]","license.expired.feature":"security","suppressed":[{"type":"security_exception","reason":"current license is non-compliant for [security]","license.expired.feature":"security"}]},"status":403}
docker-compose logs elasticsearch
Attaching to elasticsearchstack_elasticsearch_1
elasticsearch_1 | Created elasticsearch keystore in /usr/share/elasticsearch/config/elasticsearch.keystore
elasticsearch_1 | {"type": "server", "timestamp": "2021-12-20T23:37:19,092Z", "level": "INFO", "component": "o.e.n.Node", "cluster.name": "docker-cluster", "node.name": "33907d556df4", "message": "versio
n[7.16.1], pid[7], build[default/docker/5b38441b16b1ebb16a27c107a4c3865776e20c53/2021-12-11T00:29:38.865893768Z], OS[Linux/5.4.0-91-generic/amd64], JVM[Eclipse Adoptium/OpenJDK 64-Bit Server VM/17.0.1/17.0.1+12]
" }
elasticsearch_1 | {"type": "server", "timestamp": "2021-12-20T23:37:19,104Z", "level": "INFO", "component": "o.e.n.Node", "cluster.name": "docker-cluster", "node.name": "33907d556df4", "message": "JVM ho
me [/usr/share/elasticsearch/jdk], using bundled JDK [true]" }
elasticsearch_1 | {"type": "server", "timestamp": "2021-12-20T23:37:19,105Z", "level": "INFO", "component": "o.e.n.Node", "cluster.name": "docker-cluster", "node.name": "33907d556df4", "message": "JVM ar
guments [-Xshare:auto, -Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackT
raceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog
4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Dlog4j2.formatMsgNoLookups=true, -Djava.locale.providers=SPI,COMPAT, --add-opens=java.base/java.io=ALL-UNNAMED, -XX:+UseG1GC, -Djava.io.tmpdir=/tmp/elast
icsearch-3400406744126664140, -XX:+HeapDumpOnOutOfMemoryError, -XX:+ExitOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=logs/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,p
id,tags:filecount=32,filesize=64m, -Des.cgroups.hierarchy.override=/, -Xmx3048m, -Xms3048m, -XX:MaxDirectMemorySize=1598029824, -XX:G1HeapRegionSize=4m, -XX:InitiatingHeapOccupancyPercent=30, -XX:G1ReservePercen
t=15, -Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/usr/share/elasticsearch/config, -Des.distribution.flavor=default, -Des.distribution.type=docker, -Des.bundled_jdk=true]" }
elasticsearch_1 | {"type": "server", "timestamp": "2021-12-20T23:37:22,773Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "33907d556df4", "message
": "loaded module [aggs-matrix-stats]" }
elasticsearch_1 | {"type": "server", "timestamp": "2021-12-20T23:37:22,773Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "33907d556df4", "message
": "loaded module [analysis-common]" }
elasticsearch_1 | {"type": "server", "timestamp": "2021-12-20T23:37:22,781Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "33907d556df4", "message
": "loaded module [constant-keyword]" }
elasticsearch_1 | {"type": "server", "timestamp": "2021-12-20T23:37:22,781Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "33907d556df4", "message
": "loaded module [frozen-indices]" }
elasticsearch_1 | {"type": "server", "timestamp": "2021-12-20T23:37:22,781Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "33907d556df4", "message
": "loaded module [ingest-common]" }
elasticsearch_1 | {"type": "server", "timestamp": "2021-12-20T23:37:22,782Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "33907d556df4", "message
": "loaded module [ingest-geoip]" }
elasticsearch_1 | {"type": "server", "timestamp": "2021-12-20T23:37:22,782Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "33907d556df4", "message
": "loaded module [ingest-user-agent]" }
elasticsearch_1 | {"type": "server", "timestamp": "2021-12-20T23:37:22,782Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "33907d556df4", "message
": "loaded module [kibana]" }
elasticsearch_1 | {"type": "server", "timestamp": "2021-12-20T23:37:22,783Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "33907d556df4", "message
": "loaded module [lang-expression]" }
elasticsearch_1 | {"type": "server", "timestamp": "2021-12-20T23:37:22,784Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "33907d556df4", "message
": "loaded module [lang-mustache]" }
elasticsearch_1 | {"type": "server", "timestamp": "2021-12-20T23:37:22,784Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "33907d556df4", "message
": "loaded module [lang-painless]" }
elasticsearch_1 | {"type": "server", "timestamp": "2021-12-20T23:37:22,788Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "33907d556df4", "message
": "loaded module [legacy-geo]" }
elasticsearch_1 | {"type": "server", "timestamp": "2021-12-20T23:37:22,797Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "33907d556df4", "message
": "loaded module [mapper-extras]" }
elasticsearch_1 | {"type": "server", "timestamp": "2021-12-20T23:37:22,798Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "33907d556df4", "message
": "loaded module [mapper-version]" }
elasticsearch_1 | {"type": "server", "timestamp": "2021-12-20T23:37:22,798Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "33907d556df4", "message
": "loaded module [parent-join]" }
elasticsearch_1 | {"type": "server", "timestamp": "2021-12-20T23:37:22,798Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "33907d556df4", "message
": "loaded module [percolator]" }
elasticsearch_1 | {"type": "server", "timestamp": "2021-12-20T23:37:22,799Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "33907d556df4", "message
": "loaded module [rank-eval]" }
elasticsearch_1 | {"type": "server", "timestamp": "2021-12-20T23:37:22,799Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "33907d556df4", "message
": "loaded module [reindex]" }
elasticsearch_1 | {"type": "server", "timestamp": "2021-12-20T23:37:22,800Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "33907d556df4", "message
": "loaded module [repositories-metering-api]" }
elasticsearch_1 | {"type": "server", "timestamp": "2021-12-20T23:37:22,800Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "docker-cluster", "node.name": "33907d556df4", "message
": "loaded module [repository-encrypted]" }
...
docker-compose logs kibana
AttacAttaching to elasticsearchstack_kibana_1
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:35+00:00","tags":["info","plugins-service"],"pid":8,"message":"Plugin \"metricsEntities\" is disabled."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:35+00:00","tags":["info","http","server","Preboot"],"pid":8,"message":"http server running at http://0.0.0.0:5601"}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:35+00:00","tags":["warning","config","deprecation"],"pid":8,"message":"You should set server.basePath along with server.rewriteBasePath. Starting in 7.0, Kibana will expect that all requests start with server.basePath rather than expecting you to
rewrite the requests in your reverse proxy. Set server.rewriteBasePath to false to preserve the current behavior and silence this warning."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:35+00:00","tags":["warning","config","deprecation"],"pid":8,"message":"Starting in 8.0, the Kibana logging format will be changing. This may affect you if you are doing any special handling of your Kibana logs, such as ingesting logs into Elastic
search for further analysis. If you are using the new logging configuration, you are already receiving logs in both old and new formats, and the old format will simply be going away. If you are not yet using the new logging configuration, the log format will change upon upgrade to 8.0. Beginning in 8.0, the format o
f JSON logs will be ECS-compatible JSON, and the default pattern log format will be configurable with our new logging system. Please refer to the documentation for more information about the new logging format."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:35+00:00","tags":["warning","config","deprecation"],"pid":8,"message":"Kibana is configured to authenticate to Elasticsearch with the \"elastic\" user. Use a service account token instead."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:35+00:00","tags":["warning","config","deprecation"],"pid":8,"message":"Use Kibana application privileges to grant reporting privileges. Using \"xpack.reporting.roles.allow\" to grant reporting privileges is deprecated. The \"xpack.reporting.role
s.enabled\" setting will default to false in a future release."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:35+00:00","tags":["warning","config","deprecation"],"pid":8,"message":"User sessions will automatically time out after 8 hours of inactivity starting in 8.0. Override this value to change the timeout."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:35+00:00","tags":["warning","config","deprecation"],"pid":8,"message":"Users are automatically required to log in again after 30 days starting in 8.0. Override this value to change the timeout."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:35+00:00","tags":["info","plugins-system","standard"],"pid":8,"message":"Setting up [113] plugins: [translations,licensing,globalSearch,globalSearchProviders,features,licenseApiGuard,code,usageCollection,xpackLegacy,taskManager,telemetryCollectio
nManager,telemetryCollectionXpack,kibanaUsageCollection,share,embeddable,uiActionsEnhanced,screenshotMode,banners,telemetry,newsfeed,mapsEms,mapsLegacy,kibanaLegacy,fieldFormats,expressions,dataViews,charts,esUiShared,bfetch,data,savedObjects,presentationUtil,expressionShape,expressionRevealImage,expressionRepeatIma
ge,expressionMetric,expressionImage,customIntegrations,home,searchprofiler,painlessLab,grokdebugger,management,watcher,licenseManagement,advancedSettings,spaces,security,savedObjectsTagging,reporting,canvas,lists,ingestPipelines,fileUpload,encryptedSavedObjects,dataEnhanced,cloud,snapshotRestore,eventLog,actions,ale
rting,triggersActionsUi,transform,stackAlerts,ruleRegistry,visualizations,visTypeXy,visTypeVislib,visTypeVega,visTypeTimelion,visTypeTagcloud,visTypeTable,visTypePie,visTypeMetric,visTypeMarkdown,tileMap,regionMap,expressionTagcloud,expressionMetricVis,console,graph,fleet,indexManagement,remoteClusters,crossClusterR
eplication,indexLifecycleManagement,dashboard,maps,dashboardMode,dashboardEnhanced,visualize,visTypeTimeseries,rollup,indexPatternFieldEditor,lens,cases,timelines,discover,osquery,observability,discoverEnhanced,dataVisualizer,ml,uptime,securitySolution,infra,upgradeAssistant,monitoring,logstash,enterpriseSearch,apm,
savedObjectsManagement,indexPatternManagement]"}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:35+00:00","tags":["info","plugins","taskManager"],"pid":8,"message":"TaskManager is identified by the Kibana UUID: d94546ff-f3c8-48ec-abdc-c6a23c9b72d6"}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:36+00:00","tags":["warning","plugins","security","config"],"pid":8,"message":"Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.y
ml or use the bin/kibana-encryption-keys command."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:36+00:00","tags":["warning","plugins","security","config"],"pid":8,"message":"Session cookies will be transmitted over insecure connections. This is not recommended."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:36+00:00","tags":["warning","plugins","security","config"],"pid":8,"message":"Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.y
ml or use the bin/kibana-encryption-keys command."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:36+00:00","tags":["warning","plugins","security","config"],"pid":8,"message":"Session cookies will be transmitted over insecure connections. This is not recommended."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:36+00:00","tags":["warning","plugins","reporting","config"],"pid":8,"message":"Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.reporting.encryptionKey in the kiban
a.yml or use the bin/kibana-encryption-keys command."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:36+00:00","tags":["warning","plugins","encryptedSavedObjects"],"pid":8,"message":"Saved objects encryption key is not set. This will severely limit Kibana functionality. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or us
e the bin/kibana-encryption-keys command."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:36+00:00","tags":["warning","plugins","actions"],"pid":8,"message":"APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kiba
na-encryption-keys command."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:36+00:00","tags":["warning","plugins","alerting"],"pid":8,"message":"APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kib
ana-encryption-keys command."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:36+00:00","tags":["info","plugins","ruleRegistry"],"pid":8,"message":"Installing common resources shared between all indices"}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:37+00:00","tags":["warning","plugins","reporting","config"],"pid":8,"message":"Chromium sandbox provides an additional layer of protection, but is not supported for Linux CentOS 8.5.2111\n OS. Automatically setting 'xpack.reporting.capture.browse
r.chromium.disableSandbox: true'."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:40+00:00","tags":["warning","process"],"pid":8,"message":"Error [ProductNotSupportedSecurityError]: The client is unable to verify that the server is Elasticsearch due to security privileges on the server side. Some functionality may not be compa
tible if the server is running an unsupported product.\n at /usr/share/kibana/node_modules/@elastic/elasticsearch/lib/Transport.js:576:19\n at onBody (/usr/share/kibana/node_modules/@elastic/elasticsearch/lib/Transport.js:369:9)\n at IncomingMessage.onEnd (/usr/share/kibana/node_modules/@elastic/elasticsear
ch/lib/Transport.js:291:11)\n at IncomingMessage.emit (node:events:402:35)\n at endReadableNT (node:internal/streams/readable:1343:12)\n at processTicksAndRejections (node:internal/process/task_queues:83:21)"}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:42+00:00","tags":["error","elasticsearch-service"],"pid":8,"message":"Unable to retrieve version information from Elasticsearch nodes. security_exception: [security_exception] Reason: unable to authenticate user [elastic] for REST request [/_node
s?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip]"}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:45+00:00","tags":["info","savedobjects-service"],"pid":8,"message":"Waiting until all Elasticsearch nodes are compatible with Kibana before starting saved objects migrations..."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:45+00:00","tags":["info","savedobjects-service"],"pid":8,"message":"Starting saved objects migrations"}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:46+00:00","tags":["info","savedobjects-service"],"pid":8,"message":"[.kibana] INIT -> WAIT_FOR_YELLOW_SOURCE. took: 55ms."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:46+00:00","tags":["info","savedobjects-service"],"pid":8,"message":"[.kibana_task_manager] INIT -> WAIT_FOR_YELLOW_SOURCE. took: 62ms."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:46+00:00","tags":["error","savedobjects-service"],"pid":8,"message":"[.kibana] Action failed with 'security_exception: [security_exception] Reason: current license is non-compliant for [security]'. Retrying attempt 1 in 2 seconds."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:46+00:00","tags":["info","savedobjects-service"],"pid":8,"message":"[.kibana] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 27ms."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:46+00:00","tags":["error","savedobjects-service"],"pid":8,"message":"[.kibana_task_manager] Action failed with 'security_exception: [security_exception] Reason: current license is non-compliant for [security]'. Retrying attempt 1 in 2 seconds."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:46+00:00","tags":["info","savedobjects-service"],"pid":8,"message":"[.kibana_task_manager] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 28ms."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:48+00:00","tags":["error","savedobjects-service"],"pid":8,"message":"[.kibana] Action failed with 'security_exception: [security_exception] Reason: current license is non-compliant for [security]'. Retrying attempt 2 in 4 seconds."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:48+00:00","tags":["info","savedobjects-service"],"pid":8,"message":"[.kibana] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 2013ms."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:48+00:00","tags":["error","savedobjects-service"],"pid":8,"message":"[.kibana_task_manager] Action failed with 'security_exception: [security_exception] Reason: current license is non-compliant for [security]'. Retrying attempt 2 in 4 seconds."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:48+00:00","tags":["info","savedobjects-service"],"pid":8,"message":"[.kibana_task_manager] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 2008ms."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:52+00:00","tags":["error","savedobjects-service"],"pid":8,"message":"[.kibana] Action failed with 'security_exception: [security_exception] Reason: current license is non-compliant for [security]'. Retrying attempt 3 in 8 seconds."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:52+00:00","tags":["info","savedobjects-service"],"pid":8,"message":"[.kibana] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 4007ms."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:52+00:00","tags":["error","savedobjects-service"],"pid":8,"message":"[.kibana_task_manager] Action failed with 'security_exception: [security_exception] Reason: current license is non-compliant for [security]'. Retrying attempt 3 in 8 seconds."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:37:52+00:00","tags":["info","savedobjects-service"],"pid":8,"message":"[.kibana_task_manager] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 4008ms."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:38:00+00:00","tags":["error","savedobjects-service"],"pid":8,"message":"[.kibana] Action failed with 'security_exception: [security_exception] Reason: current license is non-compliant for [security]'. Retrying attempt 4 in 16 seconds."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:38:00+00:00","tags":["info","savedobjects-service"],"pid":8,"message":"[.kibana] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 8011ms."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:38:00+00:00","tags":["error","savedobjects-service"],"pid":8,"message":"[.kibana_task_manager] Action failed with 'security_exception: [security_exception] Reason: current license is non-compliant for [security]'. Retrying attempt 4 in 16 seconds."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:38:00+00:00","tags":["info","savedobjects-service"],"pid":8,"message":"[.kibana_task_manager] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 8009ms."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:38:16+00:00","tags":["error","savedobjects-service"],"pid":8,"message":"[.kibana] Action failed with 'security_exception: [security_exception] Reason: current license is non-compliant for [security]'. Retrying attempt 5 in 32 seconds."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:38:16+00:00","tags":["info","savedobjects-service"],"pid":8,"message":"[.kibana] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 16014ms."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:38:16+00:00","tags":["error","savedobjects-service"],"pid":8,"message":"[.kibana_task_manager] Action failed with 'security_exception: [security_exception] Reason: current license is non-compliant for [security]'. Retrying attempt 5 in 32 seconds."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:38:16+00:00","tags":["info","savedobjects-service"],"pid":8,"message":"[.kibana_task_manager] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 16014ms."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:38:48+00:00","tags":["error","savedobjects-service"],"pid":8,"message":"[.kibana_task_manager] Action failed with 'security_exception: [security_exception] Reason: current license is non-compliant for [security]'. Retrying attempt 6 in 64 seconds."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:38:48+00:00","tags":["info","savedobjects-service"],"pid":8,"message":"[.kibana_task_manager] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 32011ms."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:38:48+00:00","tags":["error","savedobjects-service"],"pid":8,"message":"[.kibana] Action failed with 'security_exception: [security_exception] Reason: current license is non-compliant for [security]'. Retrying attempt 6 in 64 seconds."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:38:48+00:00","tags":["info","savedobjects-service"],"pid":8,"message":"[.kibana] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 32020ms."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:39:52+00:00","tags":["error","savedobjects-service"],"pid":8,"message":"[.kibana_task_manager] Action failed with 'security_exception: [security_exception] Reason: current license is non-compliant for [security]'. Retrying attempt 7 in 64 seconds."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:39:52+00:00","tags":["info","savedobjects-service"],"pid":8,"message":"[.kibana_task_manager] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 64014ms."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:39:52+00:00","tags":["error","savedobjects-service"],"pid":8,"message":"[.kibana] Action failed with 'security_exception: [security_exception] Reason: current license is non-compliant for [security]'. Retrying attempt 7 in 64 seconds."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:39:52+00:00","tags":["info","savedobjects-service"],"pid":8,"message":"[.kibana] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 64014ms."}
kibana_1 | {"type":"log","@timestamp":"2021-12-20T23:41:18+00:00","tags":["info","plugins-service"],"pid":7,"message":"Plugin \"metricsEntities\" is disabled."}
[...]
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:32+00:00","tags":["warning","config","deprecation"],"pid":7,"message":"Enabling or disabling the Security plugin in Kibana is deprecated. Configure security in Elasticsearch instead."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:32+00:00","tags":["warning","config","deprecation"],"pid":7,"message":"User sessions will automatically time out after 8 hours of inactivity starting in 8.0. Override this value to change the timeout."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:32+00:00","tags":["warning","config","deprecation"],"pid":7,"message":"Users are automatically required to log in again after 30 days starting in 8.0. Override this value to change the timeout."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:33+00:00","tags":["info","plugins-system","standard"],"pid":7,"message":"Setting up [113] plugins: [translations,licensing,globalSearch,globalSearchProviders,features,licenseApiGuard,code,usageCollection,xpackLegacy,taskManager,telemetryCollectio
nManager,telemetryCollectionXpack,kibanaUsageCollection,share,embeddable,uiActionsEnhanced,screenshotMode,banners,telemetry,newsfeed,mapsEms,mapsLegacy,kibanaLegacy,fieldFormats,expressions,dataViews,charts,esUiShared,bfetch,data,savedObjects,presentationUtil,expressionShape,expressionRevealImage,expressionRepeatIma
ge,expressionMetric,expressionImage,customIntegrations,home,searchprofiler,painlessLab,grokdebugger,management,watcher,licenseManagement,advancedSettings,spaces,security,savedObjectsTagging,reporting,canvas,lists,ingestPipelines,fileUpload,encryptedSavedObjects,dataEnhanced,cloud,snapshotRestore,eventLog,actions,ale
rting,triggersActionsUi,transform,stackAlerts,ruleRegistry,visualizations,visTypeXy,visTypeVislib,visTypeVega,visTypeTimelion,visTypeTagcloud,visTypeTable,visTypePie,visTypeMetric,visTypeMarkdown,tileMap,regionMap,expressionTagcloud,expressionMetricVis,console,graph,fleet,indexManagement,remoteClusters,crossClusterR
eplication,indexLifecycleManagement,dashboard,maps,dashboardMode,dashboardEnhanced,visualize,visTypeTimeseries,rollup,indexPatternFieldEditor,lens,cases,timelines,discover,osquery,observability,discoverEnhanced,dataVisualizer,ml,uptime,securitySolution,infra,upgradeAssistant,monitoring,logstash,enterpriseSearch,apm,
savedObjectsManagement,indexPatternManagement]"}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:33+00:00","tags":["info","plugins","taskManager"],"pid":7,"message":"TaskManager is identified by the Kibana UUID: d94546ff-f3c8-48ec-abdc-c6a23c9b72d6"}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:33+00:00","tags":["warning","plugins","security","config"],"pid":7,"message":"Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.y
ml or use the bin/kibana-encryption-keys command."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:33+00:00","tags":["warning","plugins","security","config"],"pid":7,"message":"Session cookies will be transmitted over insecure connections. This is not recommended."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:33+00:00","tags":["warning","plugins","security","config"],"pid":7,"message":"Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.y
ml or use the bin/kibana-encryption-keys command."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:33+00:00","tags":["warning","plugins","security","config"],"pid":7,"message":"Session cookies will be transmitted over insecure connections. This is not recommended."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:33+00:00","tags":["warning","plugins","reporting","config"],"pid":7,"message":"Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.reporting.encryptionKey in the kiban
a.yml or use the bin/kibana-encryption-keys command."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:33+00:00","tags":["warning","plugins","encryptedSavedObjects"],"pid":7,"message":"Saved objects encryption key is not set. This will severely limit Kibana functionality. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or us
e the bin/kibana-encryption-keys command."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:33+00:00","tags":["warning","plugins","actions"],"pid":7,"message":"APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kiba
na-encryption-keys command."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:33+00:00","tags":["warning","plugins","alerting"],"pid":7,"message":"APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kib
ana-encryption-keys command."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:33+00:00","tags":["info","plugins","ruleRegistry"],"pid":7,"message":"Installing common resources shared between all indices"}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:35+00:00","tags":["warning","plugins","reporting","config"],"pid":7,"message":"Chromium sandbox provides an additional layer of protection, but is not supported for Linux CentOS 8.5.2111\n OS. Automatically setting 'xpack.reporting.capture.browse
r.chromium.disableSandbox: true'."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:41+00:00","tags":["info","savedobjects-service"],"pid":7,"message":"Waiting until all Elasticsearch nodes are compatible with Kibana before starting saved objects migrations..."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:41+00:00","tags":["info","savedobjects-service"],"pid":7,"message":"Starting saved objects migrations"}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:43+00:00","tags":["info","savedobjects-service"],"pid":7,"message":"[.kibana] INIT -> WAIT_FOR_YELLOW_SOURCE. took: 441ms."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:43+00:00","tags":["info","savedobjects-service"],"pid":7,"message":"[.kibana_task_manager] INIT -> WAIT_FOR_YELLOW_SOURCE. took: 440ms."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:44+00:00","tags":["error","savedobjects-service"],"pid":7,"message":"[.kibana] Action failed with 'security_exception: [security_exception] Reason: current license is non-compliant for [security]'. Retrying attempt 1 in 2 seconds."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:44+00:00","tags":["info","savedobjects-service"],"pid":7,"message":"[.kibana] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 947ms."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:44+00:00","tags":["error","savedobjects-service"],"pid":7,"message":"[.kibana_task_manager] Action failed with 'security_exception: [security_exception] Reason: current license is non-compliant for [security]'. Retrying attempt 1 in 2 seconds."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:44+00:00","tags":["info","savedobjects-service"],"pid":7,"message":"[.kibana_task_manager] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 943ms."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:46+00:00","tags":["error","savedobjects-service"],"pid":7,"message":"[.kibana_task_manager] Action failed with 'security_exception: [security_exception] Reason: current license is non-compliant for [security]'. Retrying attempt 2 in 4 seconds."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:46+00:00","tags":["info","savedobjects-service"],"pid":7,"message":"[.kibana_task_manager] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 2012ms."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:46+00:00","tags":["error","savedobjects-service"],"pid":7,"message":"[.kibana] Action failed with 'security_exception: [security_exception] Reason: current license is non-compliant for [security]'. Retrying attempt 2 in 4 seconds."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:46+00:00","tags":["info","savedobjects-service"],"pid":7,"message":"[.kibana] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 2022ms."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:50+00:00","tags":["error","savedobjects-service"],"pid":7,"message":"[.kibana] Action failed with 'security_exception: [security_exception] Reason: current license is non-compliant for [security]'. Retrying attempt 3 in 8 seconds."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:50+00:00","tags":["info","savedobjects-service"],"pid":7,"message":"[.kibana] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 4009ms."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:50+00:00","tags":["error","savedobjects-service"],"pid":7,"message":"[.kibana_task_manager] Action failed with 'security_exception: [security_exception] Reason: current license is non-compliant for [security]'. Retrying attempt 3 in 8 seconds."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:50+00:00","tags":["info","savedobjects-service"],"pid":7,"message":"[.kibana_task_manager] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 4018ms."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:58+00:00","tags":["error","savedobjects-service"],"pid":7,"message":"[.kibana] Action failed with 'security_exception: [security_exception] Reason: current license is non-compliant for [security]'. Retrying attempt 4 in 16 seconds."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:58+00:00","tags":["info","savedobjects-service"],"pid":7,"message":"[.kibana] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 8012ms."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:58+00:00","tags":["error","savedobjects-service"],"pid":7,"message":"[.kibana_task_manager] Action failed with 'security_exception: [security_exception] Reason: current license is non-compliant for [security]'. Retrying attempt 4 in 16 seconds."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:45:58+00:00","tags":["info","savedobjects-service"],"pid":7,"message":"[.kibana_task_manager] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 8013ms."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:46:14+00:00","tags":["error","savedobjects-service"],"pid":7,"message":"[.kibana] Action failed with 'security_exception: [security_exception] Reason: current license is non-compliant for [security]'. Retrying attempt 5 in 32 seconds."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:46:14+00:00","tags":["info","savedobjects-service"],"pid":7,"message":"[.kibana] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 16016ms."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:46:14+00:00","tags":["error","savedobjects-service"],"pid":7,"message":"[.kibana_task_manager] Action failed with 'security_exception: [security_exception] Reason: current license is non-compliant for [security]'. Retrying attempt 5 in 32 seconds."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:46:14+00:00","tags":["info","savedobjects-service"],"pid":7,"message":"[.kibana_task_manager] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 16030ms."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:46:46+00:00","tags":["error","savedobjects-service"],"pid":7,"message":"[.kibana] Action failed with 'security_exception: [security_exception] Reason: current license is non-compliant for [security]'. Retrying attempt 6 in 64 seconds."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:46:46+00:00","tags":["info","savedobjects-service"],"pid":7,"message":"[.kibana] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 32013ms."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:46:46+00:00","tags":["error","savedobjects-service"],"pid":7,"message":"[.kibana_task_manager] Action failed with 'security_exception: [security_exception] Reason: current license is non-compliant for [security]'. Retrying attempt 6 in 64 seconds."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:46:46+00:00","tags":["info","savedobjects-service"],"pid":7,"message":"[.kibana_task_manager] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 32010ms."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:47:50+00:00","tags":["error","savedobjects-service"],"pid":7,"message":"[.kibana] Action failed with 'security_exception: [security_exception] Reason: current license is non-compliant for [security]'. Retrying attempt 7 in 64 seconds."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:47:50+00:00","tags":["info","savedobjects-service"],"pid":7,"message":"[.kibana] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 64014ms."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:47:50+00:00","tags":["error","savedobjects-service"],"pid":7,"message":"[.kibana_task_manager] Action failed with 'security_exception: [security_exception] Reason: current license is non-compliant for [security]'. Retrying attempt 7 in 64 seconds."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:47:50+00:00","tags":["info","savedobjects-service"],"pid":7,"message":"[.kibana_task_manager] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 64008ms."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:48:54+00:00","tags":["error","savedobjects-service"],"pid":7,"message":"[.kibana] Action failed with 'security_exception: [security_exception] Reason: current license is non-compliant for [security]'. Retrying attempt 8 in 64 seconds."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:48:54+00:00","tags":["info","savedobjects-service"],"pid":7,"message":"[.kibana] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 64013ms."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:48:54+00:00","tags":["error","savedobjects-service"],"pid":7,"message":"[.kibana_task_manager] Action failed with 'security_exception: [security_exception] Reason: current license is non-compliant for [security]'. Retrying attempt 8 in 64 seconds."}
kibana_1 | {"type":"log","@timestamp":"2022-04-13T12:48:54+00:00","tags":["info","savedobjects-service"],"pid":7,"message":"[.kibana_task_manager] WAIT_FOR_YELLOW_SOURCE -> WAIT_FOR_YELLOW_SOURCE. took: 64013ms."}
Thanks for the additional info!
Like I suspected, Elasticsearch not only warns about the expired license, but it actually blocks authentication attempts:
// Elasticsearch (response to curl command)
{"type":"security_exception","reason":"current license is non-compliant for [security]"}
// Kibana
{"message":"Action failed with 'security_exception: [security_exception] Reason: current license is non-compliant for [security]"}
Could you please apply the following changes to the Elasticsearch configuration, then try a docker-compose restart elasticsearch
?
- xpack.license.self_generated.type: trial
- xpack.security.enabled: true
+ xpack.license.self_generated.type: basic
+ xpack.security.enabled: false
Yes I will try this asap (beginning of next week). Thank you!
Thank you, the stack restarted normally. Basic it was ! :)
Glad it worked!
Problem description
I have updated ELK (following issue #645 ), but I encounter the following error when composing
sudo docker-compose -f docker-compose.yml up
:sudo docker-compose -f docker-compose.yml up -d
gives:But from the browser I have a 503 error with the message
Kibana server is not ready yet
.Looking at the running dockers
sudo docker ps --no-trunc
:Before I go further, I would like to know whether the data are saved and available.
Stack configuration
docker-stack.yaml
docker-compose.yml
Docker setup
Container logs