Hi,
Trying to automate the creation of the readonlyrest index and have managed to get it working via postman. The query I have is how can you convert the YML config to a format that is acceptable via the API?
Cheers,
Andy
Hi,
Trying to automate the creation of the readonlyrest index and have managed to get it working via postman. The query I have is how can you convert the YML config to a format that is acceptable via the API?
Cheers,
Andy
The YAML payload is simply JSON encoded and set as an argument of the JSON body of the HTTP request to the API.
You can observe the format by either sniffing the HTTP traffic between ROR PRO/Enterprise and Elasticsearch (while you press “save” in the ROR Kibana App), or enabling debug logs in Elasticsearch and again press save. You will see the request body in the ES logs then.
Thanks Simone. I have a ansible playbook trying to post the settings but although it says it completes ok, it doesn’t update or create the .readonlyrest index.
- name: Configure ROR
uri:
url: https://localhost:5601/api/readonlyrest_kbn/settings
user: roradmin
password: roradmin
headers:
Content-Type: "application/json"
kbn-xsrf: "6.7.1"
method: POST
force_basic_auth: yes
body_format: json
body: "{{ lookup('file','readonlyrest.json') }}"
validate_certs: no
follow_redirects: all
Do I have the correct endpoint/options? My readonlyrest.json contains the following;
{ "settings": "readonlyrest":{"audit_collector":true,"access_control_rules":[{"name":"::LOGSTASH::","auth_key":"logstash:logstash","actions":["indices:data/read/*","indices:data/write/*","indices:admin/template/*","indices:admin/create","cluster:monitor/*","cluster:admin/xpack/monitoring/*","cluster:monitor/main","cluster:admin/xpack/monitoring/bulk"],"indices":["*"]},{"name":"::KIBANA-SRV::","auth_key":"kibana:kibana","verbosity":"error"},{"name":"::ELASTIC::","auth_key":"elastic:elastic","verbosity":"error"},{"name":"::ADMIN::","auth_key":"admin:admin","kibana_access":"admin","verbosity":"error"},{"name":"::METRICBEAT::","auth_key":"metricbeat:metricbeat","actions":["*"],"verbosity":"error"}]}}
Fixed up an issue in the json but still can’t get this to work. Does the API need the rorCookie to work, I can’t seem to get it working with basic auth.
OK I understand the issue. You are sending the request to Kibana, why? You should send it directly to Elasticsearch!
POST $ES_URL/_readonlyrest/admin/config
Authorization: Basic XXXXXXX
{
"settings": "...JSON escaped settings YAML"
}