Not Able to Access Kibana Console after Version Upgrade #3
Description
Hi, I am in process of upgrading my elastic cluster to version 7.10.2. I am using Opendistro security plugin for LDAP integration. But after the upgrade, I am not able to access Kibana console. I'm getting the following error in logs:
May 5 10:51:22 ip-10-50-16-244 kibana[5276]: {"type":"log","@timestamp":"2021-05-05T10:51:22Z","tags":["error","elasticsearch","data"],"pid":5276,"message":"[ResponseError]: Response Error"}
May 5 10:51:22 ip-10-50-16-244 kibana[5276]: {"type":"log","@timestamp":"2021-05-05T10:51:22Z","tags":["error","plugins","spaces"],"pid":5276,"message":"Unable to navigate to space "default". ResponseError: Response Error"}
Although default space is present in Kibana and on the browser I get the following error message:
{"statusCode":401,"error":"Unauthorized","message":"Response Error"}
The login works fine If I disable the spaces' option from kibana.yml but I want to enable spaces. I have created a test user from kibana console after turning the spaces off, with unlimited permission to cluster and indices(just for testing) and read-write access to global tenant.
The opendistro version that I am using is compatible with elastic version 7.10.2. Attaching elastic and kibana files below.
KIbana.yml:-
server.port: 5601
xpack.security.enabled: false
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://XX.XX.XX.XX:9200"]
elasticsearch.username: "XXXXXXXX"
elasticsearch.password: "XXXXXXXX"
xpack.spaces.enabled: false
xpack.infra.enabled: true
opendistro_security.multitenancy.enabled: true
elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
elasticsearch.yml:-
luster.name: elastic-development
path.data: "/var/lib/elasticsearch"
path.logs: "/var/log/elasticsearch"
network.bind_host: 0.0.0.0
network.publish_host: ec2:privateIpv4
cloud.node.auto_attributes: true
#cluster.initial_master_nodes: XX.XX.XX.XX
cluster.routing.allocation.awareness.attributes: aws_availability_zone
discovery.zen.minimum_master_nodes: 1
discovery.zen.hosts_provider: ec2
discovery.ec2.tag.Cluster: elastic-development
discovery.ec2.groups: sg-0c1b5c
discovery.ec2.endpoint: ec2.eu-west-1.amazonaws.com
discovery.ec2.host_type: private_ip
node.master: true
node.data: true
node.ingest: true
######## Start OpenDistro for Elasticsearch Security Demo Configuration ########
xpack.security.enabled: false
opendistro_security.ssl.transport.pemcert_filepath: esnode.pem
opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem
opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
opendistro_security.ssl.transport.truststore_filepath: /etc/elasticsearch/cacerts
opendistro_security.ssl.transport.enforce_hostname_verification: false
opendistro_security.ssl.http.enabled: false
opendistro_security.ssl.http.pemcert_filepath: esnode.pem
opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
opendistro_security.allow_unsafe_democertificates: true
opendistro_security.allow_default_init_securityindex: true
opendistro_security.authcz.admin_dn:
- CN=xx,OU=xx,O=xx,L=xx, C=xx
opendistro_security.audit.type: internal_elasticsearch
opendistro_security.enable_snapshot_restore_privilege: true
opendistro_security.check_snapshot_restore_write_privileges: true
opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
cluster.routing.allocation.disk.threshold_enabled: false
I have created a 2 node elasticsearch cluster.
Also, the elastic-cluster version upgrade is working fine without open-distro integration.