Kibana plugin software, licensing and expiration

i_zeratul · March 8, 2021, 7:37pm

My company is a ReadonlyREST Enterprise subscriber.

I have some questions regarding the licensing and the software.

What is the proper way to download the latest ReadonlyREST kibana plugin .zip files ?
Installing directly from the Internet is not an option since most of our ELK clusters do not have access to the internet.
Are there plans to support more recent ELK versions by the Kibana plugin ?
The plugin that we use at the moment is fixed to v7.8.1 (readonlyrest_kbn_enterprise-1.24.0_es7.8.1.zip). We would like to move to a more recent version in the near future like 7.10 or 7.11.
Sudden license expired error during testing.
On one of my test machines elasticsearch and kibana started throwing errors that the ReadonlyREST license has expired. Kibana is reporting “Kibana server is not ready yet”. How do we avoid such a situation in production ? It’s unclear to me why this happened, it was working fine until this morning. I am using the same .zip files on my test machine and on the other ELK cluster I am building.
I am using the “Free Elasticsearch Plugin” that you provide from your download page and I am using the readonlyrest_kbn_enterprise-1.24.0_es7.8.1.zip file that you sent to my company via e-mail. Is this incorrect in some way ?

sscarduzio · March 8, 2021, 9:40pm

We have two ways: email, and devops friendly API. Please see our download form, ROR Enterprise for Kibana 7.8.1, and check your email. There will be the direct link for download in your computer, or the link to paste in your scripts.

Absolutely yes, we are ready to release our plugins for Kibana 7.9.3. 7.11.x to follow ASAP.

From the filename it looks like a faulty non-trial build, I remember some time ago we had this unfortunate issue. I encourage you to update immediately your Kibana and Elasticsearch plugins to the latest ROR for 7.8.1.
In recent builds you can inspect the “ror_build_time” and “ror_valid_for_days” information from plugins/readonlyrest_kbn/package.json

i_zeratul · March 8, 2021, 9:59pm

I will check tomorrow with a colleague. I am not sure which e-mail address we initially used to subscribe.

I will try to download and install the latest ROR for 7.8.1.

sscarduzio · March 8, 2021, 11:10pm

I had a look, your authorized email address is the one that starts with k8s@…

i_zeratul · March 9, 2021, 9:00pm

I downloaded the latest ROR for 7.8.1 today. I removed the old plugins and installed the new builds. It seems to be working okay for the most part.

I see now we have a problem with LDAP users when they try to log out. I receive the following error and I am not allowed to log out:

{“statusCode”:400,“error”:“Bad Request”,“message”:“[undefined] forbidden, with { due_to={ 0="OPERATION_NOT_ALLOWED" } } :: {"path":"/_readonlyrest/admin/audit/event","query":{},"body":"{\"audit_event_type\":\"logout\",\"audit_event_origin\":\"N/A\"}","statusCode":403,"response":"{\"error\":{\"root_cause\":[{\"reason\":\"forbidden\",\"due_to\":[\"OPERATION_NOT_ALLOWED\"]}],\"reason\":\"forbidden\",\"due_to\":[\"OPERATION_NOT_ALLOWED\"],\"status\":403}}"}”}

The LDAP users have access to just their indices:

- name: "Employee indices"
  ldap_auth:
    name: "ldap1"
    groups: ["ldap_employees"]
  indices: [".kibana*","employees*"]
  kibana_access: rw
  kibana_index: ".kibana_employees"
  kibana_hide_apps: ["readonlyrest_kbn", "timelion", "ml", "infra:home", "apm", "uptime", "siem", "monitoring", "kibana:management"]

Any idea how to fix this ?

sscarduzio · March 9, 2021, 10:55pm

Please make sure you have updated to the latest Elasticsearch plugin, seems like the API to submit custom audit log events is not implemented in that version.

i_zeratul · March 11, 2021, 12:04am

I am using Elasticsearch plugin 1.27.1 for Elasticsearch version 7.8.1.

I think it’s not that big of an issue at the moment. We can live with it.

coutoPL · March 11, 2021, 9:00pm

@i_zeratul we have fixed the issue. I’ll send you tomorrow a prebuild to test.

coutoPL · March 13, 2021, 7:12am

please, try this pre-build and let me know if it works

i_zeratul · March 16, 2021, 11:43am

Hi @coutoPL

I was quite busy yesterday and today. I will try to test in the following days.

One other small issue we experience is users with kibana_access: ro receive the following error message.

- name: "Project Allusers"
  ldap_auth:
    name: "ldap9"
    groups: ["allusers"]
  indices: [".kibana*"]
  kibana_access: ro
  kibana_index: ".kibana_allusers"
  kibana_hide_apps: ["readonlyrest_kbn", "timelion", "ml", "infra:home", "apm", "uptime", "siem", "monitoring","kibana:management","kibana:stack_management"]

Error: Internal Server Error
at Fetch._callee3$ (https://<>/32141/bundles/commons.bundle.js:8:1282515)
at l (https://<>/32141/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:288:969217)
at Generator._invoke (https://<>/32141/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:288:968970)
at Generator.forEach.e. [as next] (https://<>/32141/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:288:969574)
at asyncGeneratorStep (https://<>/32141/bundles/commons.bundle.js:8:1276035)
at _next (https://<>/32141/bundles/commons.bundle.js:8:1276346)

It’s not that big of an issue because they can just click on the X icon on the error pop-up in Kibana. I just wanted to let you know.