search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.56k stars 8.08k forks source link

Fatal error on enabling elasticsearch.ssl.alwaysPresentCertificate #25298

Closed anthonyhaussman closed 5 years ago

anthonyhaussman commented 5 years ago

Kibana version: 6.4.3 Elasticsearch version: 6.4.2 Server OS version: Ubuntu Bionic

Hi, I wanted to use the last feature option elasticsearch.ssl.alwaysPresentCertificate but when I enable it, it results directly by a fatal error.

My configuration:

server.port: 5601
server.host: "0.0.0.0"
elasticsearch.ssl.certificateAuthorities: /etc/kibana/ca.pem
elasticsearch.ssl.certificate: /etc/kibana/tls.crt
elasticsearch.ssl.key: /etc/kibana/tls.key
elasticsearch.ssl.verificationMode: full
elasticsearch.ssl.alwaysPresentCertificate: true
elasticsearch.url: "https://es-01.vip.test.gg:9444"
elasticsearch.requestTimeout: 300000
elasticsearch.shardTimeout: 1

When I try to launch:

# /usr/share/kibana/bin/kibana -c /etc/kibana/kibana.yml --verbose
  log   [14:52:34.115] [debug][plugin] Found plugin at /usr/share/kibana/src/core_plugins/apm_oss
  log   [14:52:34.142] [debug][plugin] Found plugin at /usr/share/kibana/src/core_plugins/console
  log   [14:52:34.160] [debug][plugin] Found plugin at /usr/share/kibana/src/core_plugins/elasticsearch
  log   [14:52:34.162] [debug][plugin] Found plugin at /usr/share/kibana/src/core_plugins/input_control_vis
  log   [14:52:34.164] [debug][plugin] Found plugin at /usr/share/kibana/src/core_plugins/inspector_views
  log   [14:52:34.165] [debug][plugin] Found plugin at /usr/share/kibana/src/core_plugins/kbn_doc_views
  log   [14:52:34.167] [debug][plugin] Found plugin at /usr/share/kibana/src/core_plugins/kbn_vislib_vis_types
  log   [14:52:34.223] [debug][plugin] Found plugin at /usr/share/kibana/src/core_plugins/kibana
  log   [14:52:34.231] [debug][plugin] Found plugin at /usr/share/kibana/src/core_plugins/markdown_vis
  log   [14:52:34.232] [debug][plugin] Found plugin at /usr/share/kibana/src/core_plugins/metric_vis
  log   [14:52:34.288] [debug][plugin] Found plugin at /usr/share/kibana/src/core_plugins/metrics
  log   [14:52:34.290] [debug][plugin] Found plugin at /usr/share/kibana/src/core_plugins/region_map
  log   [14:52:34.292] [debug][plugin] Found plugin at /usr/share/kibana/src/core_plugins/state_session_storage_redirect
  log   [14:52:34.293] [debug][plugin] Found plugin at /usr/share/kibana/src/core_plugins/status_page
  log   [14:52:34.295] [debug][plugin] Found plugin at /usr/share/kibana/src/core_plugins/table_vis
  log   [14:52:34.296] [debug][plugin] Found plugin at /usr/share/kibana/src/core_plugins/tagcloud
  log   [14:52:34.297] [debug][plugin] Found plugin at /usr/share/kibana/src/core_plugins/tile_map
  log   [14:52:34.298] [debug][plugin] Found plugin at /usr/share/kibana/src/core_plugins/timelion
  log   [14:52:34.300] [debug][plugin] Found plugin at /usr/share/kibana/src/core_plugins/vega
 error  [14:52:34.462] [fatal] ValidationError: child "elasticsearch" fails because [child "ssl" fails because ["alwaysPresentCertificate" is not allowed]]
    at Object.exports.process (/usr/share/kibana/node_modules/joi/lib/errors.js:181:19)
    at internals.Object._validateWithOptions (/usr/share/kibana/node_modules/joi/lib/any.js:651:31)
    at module.exports.internals.Any.root.validate (/usr/share/kibana/node_modules/joi/lib/index.js:121:23)
    at Config._commit (/usr/share/kibana/src/server/config/config.js:138:35)
    at Config.set (/usr/share/kibana/src/server/config/config.js:108:10)
    at Config.extendSchema (/usr/share/kibana/src/server/config/config.js:81:10)
    at extendConfigService (/usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:10)
    at <anonymous>
FATAL { ValidationError: child "elasticsearch" fails because [child "ssl" fails because ["alwaysPresentCertificate" is not allowed]]
    at Object.exports.process (/usr/share/kibana/node_modules/joi/lib/errors.js:181:19)
    at internals.Object._validateWithOptions (/usr/share/kibana/node_modules/joi/lib/any.js:651:31)
    at module.exports.internals.Any.root.validate (/usr/share/kibana/node_modules/joi/lib/index.js:121:23)
    at Config._commit (/usr/share/kibana/src/server/config/config.js:138:35)
    at Config.set (/usr/share/kibana/src/server/config/config.js:108:10)
    at Config.extendSchema (/usr/share/kibana/src/server/config/config.js:81:10)
    at extendConfigService (/usr/share/kibana/src/plugin_discovery/plugin_config/extend_config_service.js:45:10)
    at <anonymous>
  isJoi: true,
  name: 'ValidationError',
  details: 
   [ { message: '"alwaysPresentCertificate" is not allowed',
       path: 'elasticsearch.ssl.alwaysPresentCertificate',
       type: 'object.allowUnknown',
       context: [Object] } ],
  _object: 
   { pkg: 
      { version: '6.4.3',
        branch: '6.4',
        buildNum: 18044,
        buildSha: '968768f01f873fec244749abc3c6e939d0e3eda0' },
     dev: { basePathProxyTarget: 5603 },
     pid: { exclusive: false },
     cpu: undefined,
     cpuacct: undefined,
     server: 
      { port: 5601,
        host: '0.0.0.0',
        name: 'archtone',
        maxPayloadBytes: 1048576,
        autoListen: true,
        defaultRoute: '/app/kibana',
        basePath: '',
        rewriteBasePath: false,
        customResponseHeaders: {},
        ssl: [Object],
        cors: false,
        xsrf: [Object] },
     logging: 
      { verbose: true,
        silent: false,
        quiet: false,
        events: {},
        dest: 'stdout',
        filter: {},
        json: false,
        useUTC: true },
     ops: { interval: 5000 },
     plugins: { scanDirs: [Array], paths: [], initialize: true },
     path: { data: '/var/lib/kibana' },
     optimize: 
      { enabled: true,
        bundleFilter: '!tests',
        bundleDir: '/usr/share/kibana/optimize/bundles',
        viewCaching: true,
        watch: false,
        watchPort: 5602,
        watchHost: 'localhost',
        watchPrebuild: false,
        watchProxyTimeout: 300000,
        useBundleCache: true,
        profile: false },
     status: { allowAnonymous: false },
     map: 
      { manifestServiceUrl: ' https://catalogue.maps.elastic.co/v2/manifest',
        emsLandingPageUrl: 'https://maps.elastic.co/v2',
        includeElasticMapsService: true },
     tilemap: { options: [Object] },
     regionmap: { includeElasticMapsService: true },
     i18n: { defaultLocale: 'en' },
     __newPlatform: undefined,
     input_control_vis: { enabled: true },
     inspector_views: { enabled: true },
     kbn_doc_views: { enabled: true },
     kbn_vislib_vis_types: { enabled: true },
     markdown_vis: { enabled: true },
     metric_vis: { enabled: true },
     region_map: { enabled: true },
     state_session_storage_redirect: { enabled: true },
     status_page: { enabled: true },
     table_vis: { enabled: true },
     tagcloud: { enabled: true },
     tile_map: { enabled: true },
     timelion: { enabled: true },
     apm_oss: 
      { enabled: true,
        indexPattern: 'apm-*',
        errorIndices: 'apm-*',
        onboardingIndices: 'apm-*',
        spanIndices: 'apm-*',
        transactionIndices: 'apm-*' },
     console: { enabled: true, proxyFilter: [Array], ssl: {} },
     elasticsearch: 
      { ssl: [Object],
        url: 'https://es-01.vip.test.gg:9444',
        requestTimeout: 300000,
        shardTimeout: 1 } },
  annotate: [Function] }
jbudz commented 5 years ago

Hey @anthonyhaussman, this feature will be available starting in 6.5.0. Hope that helps, closing this out for now let me know if there's more and we can reopen.