Hi. I’m attempting an upgrade of ES + ReadonlyREST and experiencing an problem with what seems to be JWT.
old: ES 6.4.3, RoR 1.16.29
new: ES 6.5.4, RoR 1.16.32
The issue that’s experienced is that startup hangs after the following log lines:
[2019-01-02T21:50:39,220][DEBUG][t.b.r.e.IndexLevelActionFilter] [host]Read data from /etc/elasticsearch/readonlyrest.yml [2019-01-02T21:50:39,240][INFO ][t.b.r.e.IndexLevelActionFilter] [host]Settings observer refreshing..
readonlyrest: ... access_control_rules: - name: admin kibana_access: rw jwt_auth: name: "jwt_provider_1" roles: ["writer"] jwt: - name: jwt_provider_1 signature_key: "..." signature_algo: RSA user_claim: preferred_username
We have other config options/ACL rules in place (LDAP, basic auth, etc.) If the “admin” jwt auth section is commented out Elasticsearch/RoR starts up properly. Does anyone have any ideas how to further troubleshoot what’s going wrong here? We’ve tried a variety of changes to this config section to no avail. Prior to the upgrade the
jwt_auth value was just a string with the name of the ACL (admin.) After reviewing the docs we changed it over to a hash/map. TYIA!