Kibana Monitoring is not working


(KIRUBA SANKAR SWAMINATHAN) #1

elasticsearch: 6.2.3
readonlyrest: readonlyrest-1.16.29_es6.2.3


(Ld57) #2

Hi,

with that information, it is mostly impossible to help you…

RoR kibana plugin installed or not ? using basic mode ?

readonlyrest.yml config ?

X-pack config ?


(KIRUBA SANKAR SWAMINATHAN) #3

Thank you for your help and appreciated.

kibana RoR is not installed and its basic mode.

readonlyrest.yml

access_control_rules:

- name: elastic
  auth_key_unix: elastic:xxx
  verbosity: error

- name: kibana
  auth_key_unix: kibana:xxx
  verbosity: error

- name: admin
  ldap_authentication: "ldap1"
  ldap_authorization:
    name: "ldap1"
    groups: ["xxx-admin"]

- name: application
  ldap_authentication:
    name: "ldap1"
    cache_ttl_in_sec: 60
    groups: ["xxx_app1"]
  actions: ["cluster:monitor/main","indices:admin/types/exists","indices:data/read/*","indices:data/write/*","indices:admin/create", "indices:admin/delete"]

- name: users
  ldap_authentication:
    name: "ldap1"
    cache_ttl_in_sec: 60
    groups: ["xxx-debug"]
  actions: ["cluster:monitor/main","indices:admin/types/exists","indices:data/read/*","indices:data/write/*"]


ldaps:

- name: ldap1

  host: "xxx.local"
  port: 389
  ssl_enabled: false
  ssl_trust_all_certs: true

  bind_dn: "CN=xxx,OU=Service Accounts,OU=Users,OU=xxx,OU=xxx,DC=xxx,DC=xxx"
  bind_password: "xxx"

  user_id_attribute: "userPrincipalName"
  search_user_base_DN: "DC=xxx,DC=xxx"
  search_groups_base_DN: "DC=xxx,DC=xxx"
  unique_member_attribute: "member"
  group_search_filter: "(objectClass=group)(cn=xxx*)"
  group_name_attribute: "xxx"

  connection_pool_size: 10
  connection_timeout_in_sec: 10
  request_timeout_in_sec: 10
  cache_ttl_in_sec: 60

elasticsearch.yml

xpack.security.enabled: false


#4

Just use the forum search, this issue was discussed several times here, including possible workarounds:
e.g. :


(KIRUBA SANKAR SWAMINATHAN) #5

will monitoring work with readonlyrest enterprise without hack?


(Ld57) #6

yep, it is not related to RoR.

but you will need to define access to indice “.monitoring*”

also in your rule (users ones) , I do not see any indices pattern definition, is it normal ?


(Simone Scarduzio) #7

Dear all,
That post with the hack was really old. We have added a sensible workaround in ReadonlyREST Enterprise, so that that when a user is allowed to see Monitoring, the missing credentials are injected by our plugin.

Please see the below screenshot of the latest Kibana 6.5.1 running the monitoring app, sporting multi tenancy and the tenancy selector dropdown menu.


ClusterHealthRequest blocked