Installed free ROR plugin and kibana doesnt work

vmora · July 7, 2023, 3:54pm

Hi,

After installing the free ROR plugin, I am not able to use Kibana. Please see logs below. Many thanks.

[root@asscc3617s bin]# ./kibana --allow-root
[2023-07-07T17:53:27.945+02:00][INFO ][node] Kibana process configured with roles: [background_tasks, ui]
[2023-07-07T17:53:41.307+02:00][INFO ][plugins-service] Plugin “cloudChat” is disabled.
[2023-07-07T17:53:41.307+02:00][INFO ][plugins-service] Plugin “cloudExperiments” is disabled.
[2023-07-07T17:53:41.307+02:00][INFO ][plugins-service] Plugin “cloudFullStory” is disabled.
[2023-07-07T17:53:41.307+02:00][INFO ][plugins-service] Plugin “cloudGainsight” is disabled.
[2023-07-07T17:53:41.317+02:00][INFO ][plugins-service] Plugin “profiling” is disabled.
[2023-07-07T17:53:41.424+02:00][INFO ][http.server.Preboot] http server running at http://69.117.53.17:5601
[2023-07-07T17:53:41.502+02:00][INFO ][plugins-system.preboot] Setting up [1] plugins: [interactiveSetup]
[2023-07-07T17:53:41.590+02:00][WARN ][config.deprecation] The default mechanism for Reporting privileges will work differently in future versions, which will affect the behavior of this cluster. Set “xpack.reporting.roles.enabled” to “false” to adopt the future behavior before upgrading.
[2023-07-07T17:53:42.004+02:00][INFO ][plugins-system.standard] Setting up [132] plugins: [translations,monitoringCollection,licensing,globalSearch,globalSearchProviders,features,mapsEms,licenseApiGuard,customBranding,usageCollection,taskManager,cloud,guidedOnboarding,telemetryCollectionManager,telemetryCollectionXpack,kibanaUsageCollection,share,screenshotMode,banners,newsfeed,ftrApis,fieldFormats,expressions,screenshotting,dataViews,charts,esUiShared,customIntegrations,home,searchprofiler,painlessLab,grokdebugger,management,cloudDataMigration,advancedSettings,spaces,security,snapshotRestore,lists,encryptedSavedObjects,telemetry,licenseManagement,files,eventLog,actions,notifications,console,contentManagement,bfetch,data,watcher,fileUpload,ingestPipelines,ecsDataQualityDashboard,alerting,unifiedSearch,unifiedFieldList,savedSearch,savedObjects,graph,savedObjectsTagging,savedObjectsManagement,eventAnnotation,embeddable,reporting,uiActionsEnhanced,presentationUtil,expressionShape,expressionRevealImage,expressionRepeatImage,expressionMetric,expressionImage,controls,dataViewFieldEditor,triggersActionsUi,transform,stackConnectors,stackAlerts,ruleRegistry,visualizations,canvas,visTypeXy,visTypeVislib,visTypeVega,visTypeTimeseries,visTypeTimelion,visTypeTagcloud,visTypeTable,visTypeMetric,visTypeHeatmap,visTypeMarkdown,dashboard,dashboardEnhanced,expressionXY,expressionTagcloud,expressionPartitionVis,visTypePie,expressionMetricVis,expressionLegacyMetricVis,expressionHeatmap,expressionGauge,lens,maps,cases,timelines,sessionView,kubernetesSecurity,threatIntelligence,aiops,discover,observability,fleet,osquery,indexManagement,rollup,remoteClusters,crossClusterReplication,indexLifecycleManagement,cloudSecurityPosture,discoverEnhanced,dataVisualizer,ml,synthetics,securitySolution,infra,upgradeAssistant,monitoring,logstash,enterpriseSearch,apm,visTypeGauge,dataViewManagement]
[2023-07-07T17:53:42.022+02:00][INFO ][custom-branding-service] CustomBrandingService registering plugin: customBranding
[2023-07-07T17:53:42.028+02:00][INFO ][plugins.taskManager] TaskManager is identified by the Kibana UUID: 603a7968-cd6f-41db-a059-77f3f6d9f166
[2023-07-07T17:53:42.132+02:00][WARN ][plugins.security.config] Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2023-07-07T17:53:42.132+02:00][WARN ][plugins.security.config] Session cookies will be transmitted over insecure connections. This is not recommended.
[2023-07-07T17:53:42.165+02:00][WARN ][plugins.security.config] Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2023-07-07T17:53:42.166+02:00][WARN ][plugins.security.config] Session cookies will be transmitted over insecure connections. This is not recommended.
[2023-07-07T17:53:42.176+02:00][WARN ][plugins.encryptedSavedObjects] Saved objects encryption key is not set. This will severely limit Kibana functionality. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2023-07-07T17:53:42.189+02:00][WARN ][plugins.actions] APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2023-07-07T17:53:42.196+02:00][INFO ][plugins.notifications] Email Service Error: Email connector not specified.
[2023-07-07T17:53:42.295+02:00][WARN ][plugins.alerting] APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2023-07-07T17:53:42.339+02:00][WARN ][plugins.reporting.config] Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.reporting.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2023-07-07T17:53:42.369+02:00][INFO ][plugins.ruleRegistry] Installing common resources shared between all indices
[2023-07-07T17:53:42.682+02:00][INFO ][plugins.cloudSecurityPosture] Registered task successfully [Task: cloud_security_posture-stats_task]
[2023-07-07T17:53:43.141+02:00][WARN ][plugins.screenshotting.config] Chromium sandbox provides an additional layer of protection, but is not supported for Linux Red Hat Linux 8.4 OS. Automatically setting ‘xpack.screenshotting.browser.chromium.disableSandbox: true’.
[2023-07-07T17:53:43.266+02:00][INFO ][savedobjects-service] Waiting until all Elasticsearch nodes are compatible with Kibana before starting saved objects migrations…
[2023-07-07T17:53:43.267+02:00][INFO ][savedobjects-service] Starting saved objects migrations
[2023-07-07T17:53:43.311+02:00][INFO ][savedobjects-service] [.kibana] INIT → OUTDATED_DOCUMENTS_SEARCH_OPEN_PIT. took: 27ms.
[2023-07-07T17:53:43.315+02:00][INFO ][savedobjects-service] [.kibana_task_manager] INIT → OUTDATED_DOCUMENTS_SEARCH_OPEN_PIT. took: 26ms.
[2023-07-07T17:53:43.319+02:00][INFO ][savedobjects-service] [.kibana] OUTDATED_DOCUMENTS_SEARCH_OPEN_PIT → OUTDATED_DOCUMENTS_SEARCH_READ. took: 8ms.
[2023-07-07T17:53:43.323+02:00][INFO ][savedobjects-service] [.kibana_task_manager] OUTDATED_DOCUMENTS_SEARCH_OPEN_PIT → OUTDATED_DOCUMENTS_SEARCH_READ. took: 8ms.
[2023-07-07T17:53:43.326+02:00][INFO ][savedobjects-service] [.kibana] OUTDATED_DOCUMENTS_SEARCH_READ → OUTDATED_DOCUMENTS_SEARCH_CLOSE_PIT. took: 7ms.
[2023-07-07T17:53:43.330+02:00][INFO ][savedobjects-service] [.kibana_task_manager] OUTDATED_DOCUMENTS_SEARCH_READ → OUTDATED_DOCUMENTS_SEARCH_CLOSE_PIT. took: 7ms.
[2023-07-07T17:53:43.333+02:00][INFO ][savedobjects-service] [.kibana] OUTDATED_DOCUMENTS_SEARCH_CLOSE_PIT → CHECK_TARGET_MAPPINGS. took: 7ms.
[2023-07-07T17:53:43.334+02:00][INFO ][savedobjects-service] [.kibana] CHECK_TARGET_MAPPINGS → CHECK_VERSION_INDEX_READY_ACTIONS. took: 1ms.
[2023-07-07T17:53:43.335+02:00][INFO ][savedobjects-service] [.kibana] CHECK_VERSION_INDEX_READY_ACTIONS → DONE. took: 1ms.
[2023-07-07T17:53:43.335+02:00][INFO ][savedobjects-service] [.kibana] Migration completed after 51ms
[2023-07-07T17:53:43.337+02:00][INFO ][savedobjects-service] [.kibana_task_manager] OUTDATED_DOCUMENTS_SEARCH_CLOSE_PIT → CHECK_TARGET_MAPPINGS. took: 7ms.
[2023-07-07T17:53:43.337+02:00][INFO ][savedobjects-service] [.kibana_task_manager] CHECK_TARGET_MAPPINGS → CHECK_VERSION_INDEX_READY_ACTIONS. took: 0ms.
[2023-07-07T17:53:43.338+02:00][INFO ][savedobjects-service] [.kibana_task_manager] CHECK_VERSION_INDEX_READY_ACTIONS → DONE. took: 1ms.
[2023-07-07T17:53:43.338+02:00][INFO ][savedobjects-service] [.kibana_task_manager] Migration completed after 49ms
[2023-07-07T17:53:43.344+02:00][INFO ][plugins-system.preboot] Stopping all plugins.
[2023-07-07T17:53:43.346+02:00][INFO ][plugins-system.standard] Starting [132] plugins: [translations,monitoringCollection,licensing,globalSearch,globalSearchProviders,features,mapsEms,licenseApiGuard,customBranding,usageCollection,taskManager,cloud,guidedOnboarding,telemetryCollectionManager,telemetryCollectionXpack,kibanaUsageCollection,share,screenshotMode,banners,newsfeed,ftrApis,fieldFormats,expressions,screenshotting,dataViews,charts,esUiShared,customIntegrations,home,searchprofiler,painlessLab,grokdebugger,management,cloudDataMigration,advancedSettings,spaces,security,snapshotRestore,lists,encryptedSavedObjects,telemetry,licenseManagement,files,eventLog,actions,notifications,console,contentManagement,bfetch,data,watcher,fileUpload,ingestPipelines,ecsDataQualityDashboard,alerting,unifiedSearch,unifiedFieldList,savedSearch,savedObjects,graph,savedObjectsTagging,savedObjectsManagement,eventAnnotation,embeddable,reporting,uiActionsEnhanced,presentationUtil,expressionShape,expressionRevealImage,expressionRepeatImage,expressionMetric,expressionImage,controls,dataViewFieldEditor,triggersActionsUi,transform,stackConnectors,stackAlerts,ruleRegistry,visualizations,canvas,visTypeXy,visTypeVislib,visTypeVega,visTypeTimeseries,visTypeTimelion,visTypeTagcloud,visTypeTable,visTypeMetric,visTypeHeatmap,visTypeMarkdown,dashboard,dashboardEnhanced,expressionXY,expressionTagcloud,expressionPartitionVis,visTypePie,expressionMetricVis,expressionLegacyMetricVis,expressionHeatmap,expressionGauge,lens,maps,cases,timelines,sessionView,kubernetesSecurity,threatIntelligence,aiops,discover,observability,fleet,osquery,indexManagement,rollup,remoteClusters,crossClusterReplication,indexLifecycleManagement,cloudSecurityPosture,discoverEnhanced,dataVisualizer,ml,synthetics,securitySolution,infra,upgradeAssistant,monitoring,logstash,enterpriseSearch,apm,visTypeGauge,dataViewManagement]
[2023-07-07T17:53:44.850+02:00][INFO ][plugins.fleet] Task Fleet-Usage-Sender-1.1.0 scheduled with interval 1h
[2023-07-07T17:53:44.875+02:00][INFO ][plugins.monitoring.monitoring] config sourced from: production cluster
[2023-07-07T17:53:46.566+02:00][INFO ][http.server.Kibana] http server running at http://69.117.53.17:5601
[2023-07-07T17:53:46.587+02:00][INFO ][plugins.fleet] Task Fleet-Usage-Logger-Task scheduled with interval 15m
[2023-07-07T17:53:46.657+02:00][INFO ][plugins.monitoring.monitoring.kibana-monitoring] Starting monitoring stats collection
[2023-07-07T17:53:46.680+02:00][INFO ][plugins.ruleRegistry] Installed common resources shared between all indices
[2023-07-07T17:53:46.681+02:00][INFO ][plugins.ruleRegistry] Installing resources for index .alerts-observability.uptime.alerts
[2023-07-07T17:53:46.682+02:00][INFO ][plugins.ruleRegistry] Installing resources for index .alerts-security.alerts
[2023-07-07T17:53:46.682+02:00][INFO ][plugins.ruleRegistry] Installing resources for index .preview.alerts-security.alerts
[2023-07-07T17:53:46.682+02:00][INFO ][plugins.ruleRegistry] Installing resources for index .alerts-observability.logs.alerts
[2023-07-07T17:53:46.683+02:00][INFO ][plugins.ruleRegistry] Installing resources for index .alerts-observability.metrics.alerts
[2023-07-07T17:53:46.683+02:00][INFO ][plugins.ruleRegistry] Installing resources for index .alerts-observability.apm.alerts
[2023-07-07T17:53:46.694+02:00][INFO ][plugins.ruleRegistry] Installed resources for index .alerts-observability.apm.alerts
[2023-07-07T17:53:46.695+02:00][INFO ][plugins.ruleRegistry] Installed resources for index .alerts-observability.metrics.alerts
[2023-07-07T17:53:46.695+02:00][INFO ][plugins.ruleRegistry] Installed resources for index .alerts-observability.logs.alerts
[2023-07-07T17:53:46.697+02:00][INFO ][plugins.ruleRegistry] Installed resources for index .alerts-security.alerts
[2023-07-07T17:53:46.698+02:00][INFO ][plugins.ruleRegistry] Installed resources for index .alerts-observability.uptime.alerts
[2023-07-07T17:53:46.699+02:00][WARN ][plugins.securitySolution] Unable to verify endpoint policies in line with license change: failed to fetch package policies: Forbidden by ReadonlyREST ES plugin: forbidden_response
Root causes:
forbidden_response: Forbidden by ReadonlyREST ES plugin
[2023-07-07T17:53:46.702+02:00][INFO ][plugins.ruleRegistry] Installed resources for index .preview.alerts-security.alerts
[2023-07-07T17:53:46.731+02:00][INFO ][status] Kibana is now degraded
[2023-07-07T17:53:47.169+02:00][INFO ][plugins.screenshotting.chromium] Browser executable: /usr/share/kibana/x-pack/plugins/screenshotting/chromium/headless_shell-linux_x64/headless_shell
[2023-07-07T17:53:49.779+02:00][INFO ][status] Kibana is now available (was degraded)
[2023-07-07T17:53:54.460+02:00][ERROR][plugins.security.authentication] License is not available or does not support security features, re-authentication is not possible (available: true, enabled: false).
[2023-07-07T17:53:54.770+02:00][ERROR][plugins.security.authentication] License is not available or does not support security features, re-authentication is not possible (available: true, enabled: false).
[2023-07-07T17:53:54.811+02:00][ERROR][plugins.security.authentication] License is not available or does not support security features, re-authentication is not possible (available: true, enabled: false).
[2023-07-07T17:53:54.850+02:00][ERROR][plugins.security.authentication] License is not available or does not support security features, re-authentication is not possible (available: true, enabled: false).
[2023-07-07T17:53:54.892+02:00][ERROR][plugins.security.authentication] License is not available or does not support security features, re-authentication is not possible (available: true, enabled: false).
[2023-07-

sscarduzio · July 7, 2023, 4:14pm

In order to use Kibana with ROR, you need to install ROR in both Elasticsearch and Kibana, and have a suitable ACL in your readonlyrest.yml

An example of basic setup of ROR is visible in this multi user guide.

vmora · July 7, 2023, 5:00pm

at the moment I would like to apply indices rules, it is not about limit access to kibana features.

readonlyrest:
   enable: true
   ssl:
      enable: false
   prompt_for_basic_auth: false
   response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin
   access_control_rules:
      - name: "::KIBANA-SRV::"
        auth_key: kibana_system:XXXX
        type: allow
        verbosity: info # don't log successful request
      - name: "::LOGSTASH::"
        auth_key: elastic:XXXX
        indices: ["logstash-*","queres*"]
      - name: "::ADMIN::"
        ldap_auth:
          name: ldapsergas
          groups: ["APP_Pro_Admin"]
        indices: [".kibana", "queres*"]

…

is it possible to be able to use kibana in that way?

sscarduzio · July 8, 2023, 8:37am

Of course, filling Kibana dashboards with a filtered subset of indices is ReadonlyREST bread and butter.

This already should work, doesn’t it?

- name: "::ADMIN::"
  ldap_auth:
    name: ldapsergas
    groups: ["APP_Pro_Admin"]
  indices: [".kibana", "queres*"]

Any user in APP_Pro_Admin LDAP group should be able to login and see Kibana dashboards with the sole data contained in indices that match the expression "queres*".

Of course the indices list can go on with other patterns.

Then you can add another block for another LDAP group that can see other indices right after the above one, so your kibana shows different data to different people.

vmora · July 11, 2023, 10:49am

many thanks, but I am still having this error in kibana:

[2023-07-11T12:41:02.879+02:00][ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. forbidden_response
Root causes:
forbidden_response: Forbidden by ReadonlyREST ES plugin

I am not sure if it is a problem with the configuration in the yml files or I do need to install ROR in Kibana just for filling Kibana dashboards with a filtered subset of indices?

sscarduzio · July 12, 2023, 8:15am

Yes you need to install ROR in Kibana as well, or it won’t work. Sorry this was not clear!

Please install the universal Kibana plugin, you can upgrade it to PRO or Enterprise using trial activation keys if you want, but the free tier is going to work just fine for what you want to achieve.

vmora · July 14, 2023, 11:55am

Ok, many thanks! Now, I have installed ROR in kibana. And it works when I do a basic auth but it does not work when I use ldap auth. This is what kibana log said:

{“service”:{“node”:{“roles”:[“background_tasks”,“ui”]}},“ecs”:{“version”:“8.6.0”},“@timestamp”:“2023-07-14T13:52:41.578+02:00”,“message”:“License is not available or does not support security features, re-authentication is not possible (available: true, enabled: false).”,“log”:{“level”:“ERROR”,“logger”:“plugins.security.authentication”},“process”:{“pid”:877806},“trace”:{“id”:“a8c3b01783d0d78d848de7e7020281e5”},“transaction”:{“id”:“fc5cb63aaa5a10b4”}}

sscarduzio · July 14, 2023, 1:16pm

Did you add this setting to elasticsearch.yml?

xpack.security.enabled: false

vmora · July 14, 2023, 2:40pm

Many thanks! I did… but I needed to add

xpack.security.transport.ssl.enabled: false

to elasticsearch.yml

sscarduzio · July 14, 2023, 3:05pm

Oh sure!

Good job Victor

Everything works now?

vmora · July 14, 2023, 3:51pm

yes, it looks like is working fine now. Many thanks for your help!