Upgraded to 4.1.0 now kibana can't start
1,105 views
Skip to first unread message
Mike Lissner
Feb 15, 2021, 7:01:57 PM2/15/21
to Wazuh mailing list
Hi, super new to Wazuh. Yesterday I installed using the super simple single node mode and had things working. Today I upgraded and now kibana won't start. Looking in the logs I see:
Feb 15 23:59:25 ip-172-26-5-88 systemd[1]: Started Kibana.
Feb 15 23:59:29 ip-172-26-5-88 kibana[167036]: {"type":"log","@timestamp":"2021-02-15T23:59:29Z","tags":["info","plugins-service"],"pid":167036,"message":"Plugin \"visTypeXy\" is disabled."}
Feb 15 23:59:29 ip-172-26-5-88 kibana[167036]: {"type":"log","@timestamp":"2021-02-15T23:59:29Z","tags":["warning","config","deprecation"],"pid":167036,"message":"\"server.defaultRoute\" is deprecated and has been replaced by \"uiSettings.overrides.defaultRoute\""}
Feb 15 23:59:29 ip-172-26-5-88 kibana[167036]: {"type":"log","@timestamp":"2021-02-15T23:59:29Z","tags":["fatal","root"],"pid":167036,"message":"{ Error: listen EACCES: permission denied 0.0.0.0:443\n at Server.setupListenHandle [as _listen2] (net.js:1263:19)\n at listenInCluster (net.js:1328:12)\n at doListen (net.js:1461:7)\n at process._tickCallback (internal/process/next_tick.js:63:19)\n code: 'EACCES',\n errno: 'EACCES',\n syscall: 'listen',\n address: '0.0.0.0',\n port: 443 }"}
Feb 15 23:59:29 ip-172-26-5-88 kibana[167036]: FATAL Error: listen EACCES: permission denied 0.0.0.0:443
Feb 15 23:59:29 ip-172-26-5-88 systemd[1]: kibana.service: Main process exited, code=exited, status=1/FAILURE
Feb 15 23:59:29 ip-172-26-5-88 systemd[1]: kibana.service: Failed with result 'exit-code'.
Feb 15 23:59:29 ip-172-26-5-88 systemd[1]: kibana.service: Scheduled restart job, restart counter is at 77.
Feb 15 23:59:29 ip-172-26-5-88 systemd[1]: Stopped Kibana.
Feb 15 23:59:29 ip-172-26-5-88 kibana[167036]: {"type":"log","@timestamp":"2021-02-15T23:59:29Z","tags":["info","plugins-service"],"pid":167036,"message":"Plugin \"visTypeXy\" is disabled."}
Feb 15 23:59:29 ip-172-26-5-88 kibana[167036]: {"type":"log","@timestamp":"2021-02-15T23:59:29Z","tags":["warning","config","deprecation"],"pid":167036,"message":"\"server.defaultRoute\" is deprecated and has been replaced by \"uiSettings.overrides.defaultRoute\""}
Feb 15 23:59:29 ip-172-26-5-88 kibana[167036]: {"type":"log","@timestamp":"2021-02-15T23:59:29Z","tags":["fatal","root"],"pid":167036,"message":"{ Error: listen EACCES: permission denied 0.0.0.0:443\n at Server.setupListenHandle [as _listen2] (net.js:1263:19)\n at listenInCluster (net.js:1328:12)\n at doListen (net.js:1461:7)\n at process._tickCallback (internal/process/next_tick.js:63:19)\n code: 'EACCES',\n errno: 'EACCES',\n syscall: 'listen',\n address: '0.0.0.0',\n port: 443 }"}
Feb 15 23:59:29 ip-172-26-5-88 kibana[167036]: FATAL Error: listen EACCES: permission denied 0.0.0.0:443
Feb 15 23:59:29 ip-172-26-5-88 systemd[1]: kibana.service: Main process exited, code=exited, status=1/FAILURE
Feb 15 23:59:29 ip-172-26-5-88 systemd[1]: kibana.service: Failed with result 'exit-code'.
Feb 15 23:59:29 ip-172-26-5-88 systemd[1]: kibana.service: Scheduled restart job, restart counter is at 77.
Feb 15 23:59:29 ip-172-26-5-88 systemd[1]: Stopped Kibana.
I'm still trying to figure this out. When I upgraded using sudo apt-get upgrade, it told me that the filebeat.yml file and the kibana.yml files had both changed. I've tried using the new defaults and my old ones but neither seem to work.
I used lsof -i :443 to check if something else (possibly the old version?) was using the port, but there seems to be nothing there that's conflicting. Is Kibana no longer running as root in 4.1.0, say? I didn't see anything about that in the release notes.
Any thoughts? I expected an upgrade to be a lot smoother, but I'm new here, so perhaps I shouldn't?
Mike
Mike Lissner
Feb 15, 2021, 7:13:39 PM2/15/21
to Mike Lissner, Wazuh mailing list
Well, I'm seeing some signs online that Kibana is never run as root and usually only opens ports 5601, not 443, so I'm a bit lost. This *was* working before the upgrade.
Anybody know what's going on?
--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/Y1YcKBatD_g/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/b67244c0-b496-4a34-8cb8-34943962c1d7n%40googlegroups.com.
--
David Fernández Miranda
Feb 16, 2021, 4:05:26 AM2/16/21
to Wazuh mailing list
Hello Mike,
The issue with the Kibana port permissions can be solved with:
- setcap 'cap_net_bind_service=+ep' /usr/share/kibana/node/bin/node
In addition to sudo apt-get upgrade, there are some extra steps to be done. To learn more about the upgrading process, you can check the following links:
- Wazuh upgrade guide
- Upgrading Elasticsearch, Filebeat, and Kibana
Please, let us know if you need any help with the upgrade.
Regards,
David
Mike Lissner
Feb 16, 2021, 8:37:04 PM2/16/21
to David Fernández Miranda, Wazuh mailing list
Thanks David! Any idea why the special command became necessary for the port? Did I screw something up?
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/898d2cf1-912b-4bb3-97fd-e594e92dbe8dn%40googlegroups.com.
Reply all
Reply to author
Forward
Message has been deleted
0 new messages