Cannot hide kibana:monitoring


(Peter Hallin) #1

Hello,

I am getting the following error in Kibana when I try to log in with a user that has “kibana:monitoring” hidden:

Error: Uncaught Error: Nav link for id = kibana:monitoring not found (http://lkb471.srv.lu.se:5601/bundles/commons.bundle.js:3)
at window.onerror (http://lkb471.srv.lu.se:5601/bundles/commons.bundle.js:3:882859)

The ES and Kibana logs show nothing that seems to indicate a problem.

I am running ES/Kibana 6.3.2 and ROR Enterprise 1.6.23_es6.3.2

This is the configuration. User test1 gets the error message, but everything works fine for user test2.

readonlyrest:

    # IMPORTANT FOR LOGIN/LOGOUT TO WORK WITH ROR PLUGIN FOR KIBANA
    prompt_for_basic_auth: false
    
    # Enable the audit collector
    audit_collector: true

    access_control_rules:
    

    #####################################################################################
    # These credentials have no limitations, and shall be used only by the Kibana deamon.
    #####################################################################################
    - name: "::KIBANA-SRV::"
      auth_key: kibana:kibana
      verbosity: error
      
    ###########################
    # ADMIN
    ###########################

    - name: "::ADMIN_KIBANA::"
      auth_key: admin:admin
      kibana_access: admin
      indices: [".kibana*", "*"]
      kibana_index: ".kibana_admin"
      
    - name: "::ADMIN_INDICES::"
      auth_key: admin:admin
      actions: ["indices:*"]
      indices: ["*"]


    ##############################
    # TEST
    ##############################
      
    - name: "::TEST1::"
      auth_key: test1:testpw
      kibana_access: ro
      indices: [ ".kibana_test", ".kibana-devnull", "testindex-*"]
      kibana_hide_apps: ["readonlyrest_kbn", "timelion", "kibana:dev_tools", "kibana:management", "kibana:monitoring"]
      kibana_index: ".kibana_test"
    
    - name: "::TEST2::"
      auth_key: test2:testpw
      kibana_access: ro
      indices: [ ".kibana_test", ".kibana-devnull", "testindex-*"]
      kibana_hide_apps: ["readonlyrest_kbn", "timelion", "kibana:dev_tools", "kibana:management"]
      kibana_index: ".kibana_test"

elasticsearch.yml:

# Disable all x-pack features except for monitoring
xpack.monitoring.enabled: true
xpack.ml.enabled: false
xpack.security.enabled: false
xpack.security.audit.enabled: false
xpack.watcher.enabled: false

kibana.yml:

#### READONLYREST CONFIG ####
# Kibana server use ::KIBANA-SRV:: credentials
elasticsearch.username: "kibana"
elasticsearch.password: "kibana"
# Hard coded cookie encryption key. Should be the same on all Kibana instances, if behind a load balancer.
readonlyrest_kbn.cookiePass: XXXXX

# Disable all x-pack features except for monitoring
xpack.monitoring.enabled: true
xpack.security.enabled: false
xpack.graph.enabled: false
xpack.ml.enabled: false
xpack.reporting.enabled: false
xpack.apm.enabled: false

Have I missed something?

Please advise,

//Peter


(Simone Scarduzio) #2

Are you using the OSS version of Kibana? The one without X-Pack?


(Peter Hallin) #3

No, this is the one with X-pack. Monitoring works fine, unless I try to hide the app with ROR.


(Simone Scarduzio) #4

Strange, can you try to navigate to monitoring and paste here the URI you see in the browser?


(Peter Hallin) #5

Very strange indeed.

If I login with the test2 user, the URI is the following:

http://kibana.host:5601/app/monitoring#/overview?_g=(cluster_uuid:FbokcX6pS3GR18ahQdD_rw)

With user test1, that has the monitoring app hidden, I get the same error message when I try to go to the URI above.

So far I have tried the following:

  • Uninstalled Kibana
  • Deleted /usr/share/kibana and /usr/lib/kibana
  • Deleted the .readonlyrest index
  • Reinstalled Kibana
  • Reinstalled ROR
  • Recursively set owner kibana:kibana on /usr/share/kibana

No errors in the logs when I login with user test1.

Elasticsearch:

[2018-08-24T12:27:33,836][INFO ][t.b.r.a.ACL              ] ALLOWED by { name: '::TEST1::', policy: ALLOW} req={ ID:647456314-1892050120#574595, TYP:NodesInfoRequest, CGR:N/A, USR:test1, BRS:false, KDX:.kibana_test, ACT:cluster:monitor/nodes/info, OA:127.0.0.1, DA:127.0.0.1, IDX:<N/A>, MET:GET, PTH:/_nodes/_local, CNT:<N/A>, HDR:{authorization=Basic dGVzdDE6dGVzdHB3, Connection=close, Authorization=<OMITTED>, content-length=0, Host=localhost:9200}, HIS:[::KIBANA-SRV::->[auth_key->false]], [::ADMIN_KIBANA::->[auth_key->false]], [::ADMIN_INDICES::->[auth_key->false]], [::TEST1::->[kibana_access->true, indices->true, kibana_hide_apps->true, auth_key->true, kibana_index->true]] } 
[2018-08-24T12:27:34,102][INFO ][t.b.r.a.ACL              ] ALLOWED by { name: '::TEST1::', policy: ALLOW} req={ ID:1256870614-1927139315#574601, TYP:GetRequest, CGR:N/A, USR:test1, BRS:false, KDX:.kibana_test, ACT:indices:data/read/get, OA:127.0.0.1, DA:127.0.0.1, IDX:.kibana_test, MET:GET, PTH:/.kibana_test/doc/config%3A6.3.2, CNT:<N/A>, HDR:{authorization=Basic dGVzdDE6dGVzdHB3, Connection=keep-alive, Authorization=<OMITTED>, Host=localhost:9200, Content-Length=0}, HIS:[::KIBANA-SRV::->[auth_key->false]], [::ADMIN_KIBANA::->[auth_key->false]], [::ADMIN_INDICES::->[auth_key->false]], [::TEST1::->[kibana_access->true, indices->true, kibana_hide_apps->true, auth_key->true, kibana_index->true]] } 

Kibana:

{
  "type": "response",
  "@timestamp": "2018-08-24T10:27:33Z",
  "tags": [],
  "pid": 47287,
  "method": "post",
  "statusCode": 302,
  "req": {
    "url": "/login",
    "method": "post",
    "headers": {
      "host": "kibana.host:5601",
      "connection": "keep-alive",
      "content-length": "30",
      "origin": "http://kibana.host:5601",
      "kbn-xsrf": "6.3.2",
      "kbn-version": "6.3.2",
      "user-agent": "Mozilla/5.0 (X11; OpenBSD amd64; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36",
      "content-type": "application/x-www-form-urlencoded; charset=UTF-8",
      "accept": "application/json, text/javascript, */*; q=0.01",
      "x-requested-with": "XMLHttpRequest",
      "referer": "http://kibana.host:5601/login",
      "accept-encoding": "gzip, deflate",
      "accept-language": "en-US,en;q=0.9,sv;q=0.8"
    },
    "remoteAddress": "192.168.0.99",
    "userAgent": "192.168.0.99",
    "referer": "http://kibana.host:5601/login"
  },
  "res": {
    "statusCode": 302,
    "responseTime": 19,
    "contentLength": 9
  },
  "message": "POST /login 302 19ms - 9.0B"
}
{
  "type": "response",
  "@timestamp": "2018-08-24T10:27:33Z",
  "tags": [],
  "pid": 47287,
  "method": "get",
  "statusCode": 200,
  "req": {
    "url": "/",
    "method": "get",
    "headers": {
      "host": "kibana.host:5601",
      "connection": "keep-alive",
      "kbn-xsrf": "6.3.2",
      "kbn-version": "6.3.2",
      "user-agent": "Mozilla/5.0 (X11; OpenBSD amd64; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36",
      "accept": "application/json, text/javascript, */*; q=0.01",
      "x-requested-with": "XMLHttpRequest",
      "referer": "http://kibana.host:5601/login",
      "accept-encoding": "gzip, deflate",
      "accept-language": "en-US,en;q=0.9,sv;q=0.8"
    },
    "remoteAddress": "192.168.0.99",
    "userAgent": "192.168.0.99",
    "referer": "http://kibana.host:5601/login"
  },
  "res": {
    "statusCode": 200,
    "responseTime": 16,
    "contentLength": 9
  },
  "message": "GET / 200 16ms - 9.0B"
}
{
  "type": "response",
  "@timestamp": "2018-08-24T10:27:34Z",
  "tags": [],
  "pid": 47287,
  "method": "get",
  "statusCode": 200,
  "req": {
    "url": "/app/kibana",
    "method": "get",
    "headers": {
      "host": "kibana.host:5601",
      "connection": "keep-alive",
      "upgrade-insecure-requests": "1",
      "user-agent": "Mozilla/5.0 (X11; OpenBSD amd64; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36",
      "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8",
      "referer": "http://kibana.host:5601/login",
      "accept-encoding": "gzip, deflate",
      "accept-language": "en-US,en;q=0.9,sv;q=0.8"
    },
    "remoteAddress": "192.168.0.99",
    "userAgent": "192.168.0.99",
    "referer": "http://kibana.host:5601/login"
  },
  "res": {
    "statusCode": 200,
    "responseTime": 36,
    "contentLength": 9
  },
  "message": "GET /app/kibana 200 36ms - 9.0B"
}
{
  "type": "response",
  "@timestamp": "2018-08-24T10:27:34Z",
  "tags": [],
  "pid": 47287,
  "method": "get",
  "statusCode": 200,
  "req": {
    "url": "/bundles/app/kibana/bootstrap.js",
    "method": "get",
    "headers": {
      "host": "kibana.host:5601",
      "connection": "keep-alive",
      "user-agent": "Mozilla/5.0 (X11; OpenBSD amd64; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36",
      "accept": "*/*",
      "referer": "http://kibana.host:5601/app/kibana",
      "accept-encoding": "gzip, deflate",
      "accept-language": "en-US,en;q=0.9,sv;q=0.8"
    },
    "remoteAddress": "192.168.0.99",
    "userAgent": "192.168.0.99",
    "referer": "http://kibana.host:5601/app/kibana"
  },
  "res": {
    "statusCode": 200,
    "responseTime": 10,
    "contentLength": 9
  },
  "message": "GET /bundles/app/kibana/bootstrap.js 200 10ms - 9.0B"
}
{
  "type": "response",
  "@timestamp": "2018-08-24T10:27:34Z",
  "tags": [],
  "pid": 47287,
  "method": "get",
  "statusCode": 200,
  "req": {
    "url": "/ui/favicons/favicon-32x32.png",
    "method": "get",
    "headers": {
      "host": "kibana.host:5601",
      "connection": "keep-alive",
      "user-agent": "Mozilla/5.0 (X11; OpenBSD amd64; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36",
      "accept": "image/webp,image/apng,image/*,*/*;q=0.8",
      "referer": "http://kibana.host:5601/app/kibana",
      "accept-encoding": "gzip, deflate",
      "accept-language": "en-US,en;q=0.9,sv;q=0.8"
    },
    "remoteAddress": "192.168.0.99",
    "userAgent": "192.168.0.99",
    "referer": "http://kibana.host:5601/app/kibana"
  },
  "res": {
    "statusCode": 200,
    "responseTime": 48,
    "contentLength": 9
  },
  "message": "GET /ui/favicons/favicon-32x32.png 200 48ms - 9.0B"
}
{
  "type": "response",
  "@timestamp": "2018-08-24T10:27:34Z",
  "tags": [],
  "pid": 47287,
  "method": "get",
  "statusCode": 200,
  "req": {
    "url": "/bundles/vendors.style.css",
    "method": "get",
    "headers": {
      "host": "kibana.host:5601",
      "connection": "keep-alive",
      "user-agent": "Mozilla/5.0 (X11; OpenBSD amd64; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36",
      "accept": "text/css,*/*;q=0.1",
      "referer": "http://kibana.host:5601/app/kibana",
      "accept-encoding": "gzip, deflate",
      "accept-language": "en-US,en;q=0.9,sv;q=0.8"
    },
    "remoteAddress": "192.168.0.99",
    "userAgent": "192.168.0.99",
    "referer": "http://kibana.host:5601/app/kibana"
  },
  "res": {
    "statusCode": 200,
    "responseTime": 78,
    "contentLength": 9
  },
  "message": "GET /bundles/vendors.style.css 200 78ms - 9.0B"
}
{
  "type": "response",
  "@timestamp": "2018-08-24T10:27:34Z",
  "tags": [],
  "pid": 47287,
  "method": "get",
  "statusCode": 200,
  "req": {
    "url": "/ui/favicons/favicon-16x16.png",
    "method": "get",
    "headers": {
      "host": "kibana.host:5601",
      "connection": "keep-alive",
      "user-agent": "Mozilla/5.0 (X11; OpenBSD amd64; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36",
      "accept": "image/webp,image/apng,image/*,*/*;q=0.8",
      "referer": "http://kibana.host:5601/app/kibana",
      "accept-encoding": "gzip, deflate",
      "accept-language": "en-US,en;q=0.9,sv;q=0.8"
    },
    "remoteAddress": "192.168.0.99",
    "userAgent": "192.168.0.99",
    "referer": "http://kibana.host:5601/app/kibana"
  },
  "res": {
    "statusCode": 200,
    "responseTime": 27,
    "contentLength": 9
  },
  "message": "GET /ui/favicons/favicon-16x16.png 200 27ms - 9.0B"
}
{
  "type": "response",
  "@timestamp": "2018-08-24T10:27:34Z",
  "tags": [],
  "pid": 47287,
  "method": "get",
  "statusCode": 200,
  "req": {
    "url": "/bundles/kibana.style.css",
    "method": "get",
    "headers": {
      "host": "kibana.host:5601",
      "connection": "keep-alive",
      "user-agent": "Mozilla/5.0 (X11; OpenBSD amd64; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36",
      "accept": "text/css,*/*;q=0.1",
      "referer": "http://kibana.host:5601/app/kibana",
      "accept-encoding": "gzip, deflate",
      "accept-language": "en-US,en;q=0.9,sv;q=0.8"
    },
    "remoteAddress": "192.168.0.99",
    "userAgent": "192.168.0.99",
    "referer": "http://kibana.host:5601/app/kibana"
  },
  "res": {
    "statusCode": 200,
    "responseTime": 84,
    "contentLength": 9
  },
  "message": "GET /bundles/kibana.style.css 200 84ms - 9.0B"
}
{
  "type": "response",
  "@timestamp": "2018-08-24T10:27:34Z",
  "tags": [],
  "pid": 47287,
  "method": "get",
  "statusCode": 200,
  "req": {
    "url": "/bundles/commons.style.css",
    "method": "get",
    "headers": {
      "host": "kibana.host:5601",
      "connection": "keep-alive",
      "user-agent": "Mozilla/5.0 (X11; OpenBSD amd64; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36",
      "accept": "text/css,*/*;q=0.1",
      "referer": "http://kibana.host:5601/app/kibana",
      "accept-encoding": "gzip, deflate",
      "accept-language": "en-US,en;q=0.9,sv;q=0.8"
    },
    "remoteAddress": "192.168.0.99",
    "userAgent": "192.168.0.99",
    "referer": "http://kibana.host:5601/app/kibana"
  },
  "res": {
    "statusCode": 200,
    "responseTime": 128,
    "contentLength": 9
  },
  "message": "GET /bundles/commons.style.css 200 128ms - 9.0B"
}
{
  "type": "response",
  "@timestamp": "2018-08-24T10:27:34Z",
  "tags": [],
  "pid": 47287,
  "method": "get",
  "statusCode": 200,
  "req": {
    "url": "/bundles/vendors.bundle.js",
    "method": "get",
    "headers": {
      "host": "kibana.host:5601",
      "connection": "keep-alive",
      "user-agent": "Mozilla/5.0 (X11; OpenBSD amd64; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36",
      "accept": "*/*",
      "referer": "http://kibana.host:5601/app/kibana",
      "accept-encoding": "gzip, deflate",
      "accept-language": "en-US,en;q=0.9,sv;q=0.8"
    },
    "remoteAddress": "192.168.0.99",
    "userAgent": "192.168.0.99",
    "referer": "http://kibana.host:5601/app/kibana"
  },
  "res": {
    "statusCode": 200,
    "responseTime": 950,
    "contentLength": 9
  },
  "message": "GET /bundles/vendors.bundle.js 200 950ms - 9.0B"
}
{
  "type": "response",
  "@timestamp": "2018-08-24T10:27:35Z",
  "tags": [],
  "pid": 47287,
  "method": "get",
  "statusCode": 200,
  "req": {
    "url": "/bundles/commons.bundle.js",
    "method": "get",
    "headers": {
      "host": "kibana.host:5601",
      "connection": "keep-alive",
      "user-agent": "Mozilla/5.0 (X11; OpenBSD amd64; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36",
      "accept": "*/*",
      "referer": "http://kibana.host:5601/app/kibana",
      "accept-encoding": "gzip, deflate",
      "accept-language": "en-US,en;q=0.9,sv;q=0.8"
    },
    "remoteAddress": "192.168.0.99",
    "userAgent": "192.168.0.99",
    "referer": "http://kibana.host:5601/app/kibana"
  },
  "res": {
    "statusCode": 200,
    "responseTime": 240,
    "contentLength": 9
  },
  "message": "GET /bundles/commons.bundle.js 200 240ms - 9.0B"
}
{
  "type": "response",
  "@timestamp": "2018-08-24T10:27:35Z",
  "tags": [],
  "pid": 47287,
  "method": "get",
  "statusCode": 200,
  "req": {
    "url": "/bundles/kibana.bundle.js",
    "method": "get",
    "headers": {
      "host": "kibana.host:5601",
      "connection": "keep-alive",
      "user-agent": "Mozilla/5.0 (X11; OpenBSD amd64; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36",
      "accept": "*/*",
      "referer": "http://kibana.host:5601/app/kibana",
      "accept-encoding": "gzip, deflate",
      "accept-language": "en-US,en;q=0.9,sv;q=0.8"
    },
    "remoteAddress": "192.168.0.99",
    "userAgent": "192.168.0.99",
    "referer": "http://kibana.host:5601/app/kibana"
  },
  "res": {
    "statusCode": 200,
    "responseTime": 159,
    "contentLength": 9
  },
  "message": "GET /bundles/kibana.bundle.js 200 159ms - 9.0B"
}
{
  "type": "response",
  "@timestamp": "2018-08-24T10:27:36Z",
  "tags": [],
  "pid": 47287,
  "method": "get",
  "statusCode": 200,
  "req": {
    "url": "/ui/fonts/open_sans/open_sans_v15_latin_regular.woff2",
    "method": "get",
    "headers": {
      "host": "kibana.host:5601",
      "connection": "keep-alive",
      "origin": "http://kibana.host:5601",
      "user-agent": "Mozilla/5.0 (X11; OpenBSD amd64; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36",
      "accept": "*/*",
      "referer": "http://kibana.host:5601/app/kibana",
      "accept-encoding": "gzip, deflate",
      "accept-language": "en-US,en;q=0.9,sv;q=0.8"
    },
    "remoteAddress": "192.168.0.99",
    "userAgent": "192.168.0.99",
    "referer": "http://kibana.host:5601/app/kibana"
  },
  "res": {
    "statusCode": 200,
    "responseTime": 3,
    "contentLength": 9
  },
  "message": "GET /ui/fonts/open_sans/open_sans_v15_latin_regular.woff2 200 3ms - 9.0B"
}
{
  "type": "response",
  "@timestamp": "2018-08-24T10:27:36Z",
  "tags": [],
  "pid": 47287,
  "method": "get",
  "statusCode": 200,
  "req": {
    "url": "/api/console/api_server?sense_version=%40%40SENSE_VERSION&apis=es_5_0",
    "method": "get",
    "headers": {
      "host": "kibana.host:5601",
      "connection": "keep-alive",
      "accept": "application/json, text/javascript, */*; q=0.01",
      "x-requested-with": "XMLHttpRequest",
      "kbn-version": "6.3.2",
      "user-agent": "Mozilla/5.0 (X11; OpenBSD amd64; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36",
      "referer": "http://kibana.host:5601/app/kibana",
      "accept-encoding": "gzip, deflate",
      "accept-language": "en-US,en;q=0.9,sv;q=0.8"
    },
    "remoteAddress": "192.168.0.99",
    "userAgent": "192.168.0.99",
    "referer": "http://kibana.host:5601/app/kibana"
  },
  "res": {
    "statusCode": 200,
    "responseTime": 25,
    "contentLength": 9
  },
  "message": "GET /api/console/api_server?sense_version=%40%40SENSE_VERSION&apis=es_5_0 200 25ms - 9.0B"
}
{
  "type": "response",
  "@timestamp": "2018-08-24T10:27:36Z",
  "tags": [],
  "pid": 47287,
  "method": "get",
  "statusCode": 200,
  "req": {
    "url": "/bundles/4b5a84aaf1c9485e060c503a0ff8cadb.woff2",
    "method": "get",
    "headers": {
      "host": "kibana.host:5601",
      "connection": "keep-alive",
      "origin": "http://kibana.host:5601",
      "user-agent": "Mozilla/5.0 (X11; OpenBSD amd64; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36",
      "accept": "*/*",
      "referer": "http://kibana.host:5601/bundles/commons.style.css",
      "accept-encoding": "gzip, deflate",
      "accept-language": "en-US,en;q=0.9,sv;q=0.8"
    },
    "remoteAddress": "192.168.0.99",
    "userAgent": "192.168.0.99",
    "referer": "http://kibana.host:5601/bundles/commons.style.css"
  },
  "res": {
    "statusCode": 200,
    "responseTime": 4,
    "contentLength": 9
  },
  "message": "GET /bundles/4b5a84aaf1c9485e060c503a0ff8cadb.woff2 200 4ms - 9.0B"
}

(Ld57) #6

Hi, it is normal, it is like APM, you have to just put “monitoring” instead of “kibana:monitoring”.
It is a specific addons, not a direct plugin.

kibana_hide_apps: ["readonlyrest_kbn", "timelion", "kibana:dev_tools", "kibana:management", "monitoring"]

(Peter Hallin) #7

Thanks, that solved it!