Automate readonlyrest creation


Trying to automate the creation of the readonlyrest index and have managed to get it working via postman. The query I have is how can you convert the YML config to a format that is acceptable via the API?


The YAML payload is simply JSON encoded and set as an argument of the JSON body of the HTTP request to the API.

You can observe the format by either sniffing the HTTP traffic between ROR PRO/Enterprise and Elasticsearch (while you press “save” in the ROR Kibana App), or enabling debug logs in Elasticsearch and again press save. You will see the request body in the ES logs then.

Thanks Simone. I have a ansible playbook trying to post the settings but although it says it completes ok, it doesn’t update or create the .readonlyrest index.

  - name: Configure ROR
  url: https://localhost:5601/api/readonlyrest_kbn/settings
  user: roradmin
  password: roradmin
    Content-Type: "application/json"
    kbn-xsrf: "6.7.1"
  method: POST
  force_basic_auth: yes
  body_format: json
  body: "{{ lookup('file','readonlyrest.json') }}"
  validate_certs: no
  follow_redirects: all

Do I have the correct endpoint/options? My readonlyrest.json contains the following;

{ "settings": "readonlyrest":{"audit_collector":true,"access_control_rules":[{"name":"::LOGSTASH::","auth_key":"logstash:logstash","actions":["indices:data/read/*","indices:data/write/*","indices:admin/template/*","indices:admin/create","cluster:monitor/*","cluster:admin/xpack/monitoring/*","cluster:monitor/main","cluster:admin/xpack/monitoring/bulk"],"indices":["*"]},{"name":"::KIBANA-SRV::","auth_key":"kibana:kibana","verbosity":"error"},{"name":"::ELASTIC::","auth_key":"elastic:elastic","verbosity":"error"},{"name":"::ADMIN::","auth_key":"admin:admin","kibana_access":"admin","verbosity":"error"},{"name":"::METRICBEAT::","auth_key":"metricbeat:metricbeat","actions":["*"],"verbosity":"error"}]}}

Fixed up an issue in the json but still can’t get this to work. Does the API need the rorCookie to work, I can’t seem to get it working with basic auth.

OK I understand the issue. You are sending the request to Kibana, why? You should send it directly to Elasticsearch!

POST $ES_URL/_readonlyrest/admin/config

Authorization: Basic XXXXXXX


"settings": "...JSON escaped settings YAML"