Automate readonlyrest creation

atownsend · June 12, 2019, 12:56pm

Hi,

Trying to automate the creation of the readonlyrest index and have managed to get it working via postman. The query I have is how can you convert the YML config to a format that is acceptable via the API?

Cheers,
Andy

sscarduzio · June 12, 2019, 1:50pm

The YAML payload is simply JSON encoded and set as an argument of the JSON body of the HTTP request to the API.

You can observe the format by either sniffing the HTTP traffic between ROR PRO/Enterprise and Elasticsearch (while you press “save” in the ROR Kibana App), or enabling debug logs in Elasticsearch and again press save. You will see the request body in the ES logs then.

atownsend · June 13, 2019, 11:42am

Thanks Simone. I have a ansible playbook trying to post the settings but although it says it completes ok, it doesn’t update or create the .readonlyrest index.

  - name: Configure ROR
uri:
  url: https://localhost:5601/api/readonlyrest_kbn/settings
  user: roradmin
  password: roradmin
  headers:
    Content-Type: "application/json"
    kbn-xsrf: "6.7.1"
  method: POST
  force_basic_auth: yes
  body_format: json
  body: "{{ lookup('file','readonlyrest.json') }}"
  validate_certs: no
  follow_redirects: all

Do I have the correct endpoint/options? My readonlyrest.json contains the following;

{ "settings": "readonlyrest":{"audit_collector":true,"access_control_rules":[{"name":"::LOGSTASH::","auth_key":"logstash:logstash","actions":["indices:data/read/*","indices:data/write/*","indices:admin/template/*","indices:admin/create","cluster:monitor/*","cluster:admin/xpack/monitoring/*","cluster:monitor/main","cluster:admin/xpack/monitoring/bulk"],"indices":["*"]},{"name":"::KIBANA-SRV::","auth_key":"kibana:kibana","verbosity":"error"},{"name":"::ELASTIC::","auth_key":"elastic:elastic","verbosity":"error"},{"name":"::ADMIN::","auth_key":"admin:admin","kibana_access":"admin","verbosity":"error"},{"name":"::METRICBEAT::","auth_key":"metricbeat:metricbeat","actions":["*"],"verbosity":"error"}]}}

atownsend · June 17, 2019, 11:27am

Fixed up an issue in the json but still can’t get this to work. Does the API need the rorCookie to work, I can’t seem to get it working with basic auth.

sscarduzio · June 18, 2019, 8:14am

OK I understand the issue. You are sending the request to Kibana, why? You should send it directly to Elasticsearch!

POST $ES_URL/_readonlyrest/admin/config

Authorization: Basic XXXXXXX

{

"settings": "...JSON escaped settings YAML"

}