Activation key retrival mode - File

gustavo.yoshizaki · January 14, 2023, 2:57pm

Hi.

In order to have an automated deploy of our environment, we need to load the activation key of the Enterprise license using a local file.

I have tried the following configuration:

readonlyrest_kbn.license.activationKeyRetrievalModes: ["file"]
readonlyrest_kbn.license.activationKeyFilePath: '/root/plugins/readonlyrestkbn/ROR_ACTIVATION_KEY.txt'

But it is not working. The logs shows:

[14:51:07:000] [info][plugins][ReadonlyREST][preElasticsearchProxy] Pre-Elasticsearch-proxy will listen on 127.0.0.1:48077
[14:51:07:054] [error][plugins][ReadonlyREST][LicenseService] Cannot decrypt activation key {"_index":".readonlyrest_license","_type":"_doc","_id":"token","_version":2,"_seq_no":1,"_primary_term":1,"_ignored":["encrypted.keyword"],"found":true,"_source":{"encrypted":"XXXX"}}
[14:51:07:058] [info][plugins][ReadonlyREST][LicenseService] No Activation Key found. That's OK. Defaulting to Free license.You can add your own Activation Key later.

Thanks in advance.

sscarduzio · January 15, 2023, 10:01am

Hi Gustavo!

If you try to set in kibana.yml readonlyrest_kbn.logLevel: trace you will be able to read one of these two lines in the logs:

Either:

   logger.trace(`File was empty: ${path}`);

or:

   logger.trace(`File not found: ${path}`);

Both coming from LicenseService

sscarduzio · January 16, 2023, 9:16am

@gustavo.yoshizaki were you able to chase this down with the extra log info?

gustavo.yoshizaki · January 16, 2023, 11:56am

Hi @sscarduzio

This is the requested log:

[11:54:23:055] [info][plugins][ReadonlyREST][preElasticsearchProxy] Pre-Elasticsearch-proxy will listen on 127.0.0.1:30909
[11:54:23:056] [trace][plugins][ReadonlyREST][preKibanaProxy] Pre-kibana-proxy will listen on http://0.0.0.0:5601
[11:54:23:113] [info][plugins][ReadonlyREST][LicenseService] Cannot get the encrypted activation key from Kibana... Status code: 404
[11:54:23:113] [trace][plugins][ReadonlyREST][LicenseService] File not found: /usr/share/kibana/ROR_ACTIVATION_KEY.txt
[11:54:23:117] [trace][plugins][ReadonlyREST][LicenseService] ✅ Checked ES cluster_uuid in license activation key matches

It looks like the option:

readonlyrest_kbn.license.activationKeyFilePath

Is not been used.

Thanks in advance.

sscarduzio · January 16, 2023, 2:35pm

What version of ROR do you have? In the current one it works all right.

gustavo.yoshizaki · January 16, 2023, 2:46pm

Unless mistaken, I am using the version 1.46.0

sscarduzio · January 16, 2023, 5:15pm

OK, I got my environment to load my key using the develop version of ROR Enterprise. I added some more logs and enhancements.

I will send you this pre build, so we share the very same code (a few fixes were merged in the past weeks) as soon as it pops out from the CI (it takes around 45m).

What Kibana version is this?

gustavo.yoshizaki · January 26, 2023, 12:39pm

Hi @sscarduzio

Sorry, I did not see your question.

We are using kibana 7.16.3

Regards

sscarduzio · January 26, 2023, 4:51pm

Hey, np. Here is the build for you!

Note for the future googler: this fix is available on ROR Kibana >= 1.47.0-pre3

gustavo.yoshizaki · February 20, 2023, 7:29pm

Well, I have just got time to test it back and now it works

[19:27:44:180] [info][plugins][ReadonlyREST][LicenseService] Found valid activation key in file /etc/kibana/ROR_ACTIVATION_KEY.txt:  {
  exp: CENSORED,
  iat: CENSORED,
  jti: 'CENSORED',
  sub: 'CENSORED',
  licensor: { name: 'Beshu Limited t/a ReadonlyREST Security' },
  licensee: { name: 'Avature Limited', buying_for: null },
  license: {
    cluster_uuid: '*',
    edition: 'kbn_ent',
    edition_name: 'Enterprise',
    isTrial: true
  }
}

The only difference is that the file is in a different path.