Kibana Monitoring is not working

kirubasankars · November 20, 2018, 5:08pm

elasticsearch: 6.2.3
readonlyrest: readonlyrest-1.16.29_es6.2.3

ld57 · November 21, 2018, 8:43am

Hi,

with that information, it is mostly impossible to help you…

RoR kibana plugin installed or not ? using basic mode ?

readonlyrest.yml config ?

X-pack config ?

kirubasankars · November 21, 2018, 2:23pm

Thank you for your help and appreciated.

kibana RoR is not installed and its basic mode.

readonlyrest.yml

access_control_rules:

- name: elastic
  auth_key_unix: elastic:xxx
  verbosity: error

- name: kibana
  auth_key_unix: kibana:xxx
  verbosity: error

- name: admin
  ldap_authentication: "ldap1"
  ldap_authorization:
    name: "ldap1"
    groups: ["xxx-admin"]

- name: application
  ldap_authentication:
    name: "ldap1"
    cache_ttl_in_sec: 60
    groups: ["xxx_app1"]
  actions: ["cluster:monitor/main","indices:admin/types/exists","indices:data/read/*","indices:data/write/*","indices:admin/create", "indices:admin/delete"]

- name: users
  ldap_authentication:
    name: "ldap1"
    cache_ttl_in_sec: 60
    groups: ["xxx-debug"]
  actions: ["cluster:monitor/main","indices:admin/types/exists","indices:data/read/*","indices:data/write/*"]


ldaps:

- name: ldap1

  host: "xxx.local"
  port: 389
  ssl_enabled: false
  ssl_trust_all_certs: true

  bind_dn: "CN=xxx,OU=Service Accounts,OU=Users,OU=xxx,OU=xxx,DC=xxx,DC=xxx"
  bind_password: "xxx"

  user_id_attribute: "userPrincipalName"
  search_user_base_DN: "DC=xxx,DC=xxx"
  search_groups_base_DN: "DC=xxx,DC=xxx"
  unique_member_attribute: "member"
  group_search_filter: "(objectClass=group)(cn=xxx*)"
  group_name_attribute: "xxx"

  connection_pool_size: 10
  connection_timeout_in_sec: 10
  request_timeout_in_sec: 10
  cache_ttl_in_sec: 60

elasticsearch.yml

xpack.security.enabled: false

metsaviha · November 21, 2018, 2:54pm

Just use the forum search, this issue was discussed several times here, including possible workarounds:
e.g. :

kirubasankars · December 5, 2018, 5:31pm

will monitoring work with readonlyrest enterprise without hack?

ld57 · December 5, 2018, 9:54pm

yep, it is not related to RoR.

but you will need to define access to indice “.monitoring*”

also in your rule (users ones) , I do not see any indices pattern definition, is it normal ?

sscarduzio · December 6, 2018, 2:47am

Dear all,
That post with the hack was really old. We have added a sensible workaround in ReadonlyREST Enterprise, so that that when a user is allowed to see Monitoring, the missing credentials are injected by our plugin.

Please see the below screenshot of the latest Kibana 6.5.1 running the monitoring app, sporting multi tenancy and the tenancy selector dropdown menu.

askids · December 19, 2018, 6:17am

Not really that old. Just used it few days back in v6.2.4 running ROR free edition with a slight adjustment on the index list. But I am glad that a better solution exists now.