Installed readonlyrest-1.16.19_es6.2.2 on a local machine with EL and Kibana 6.2.2. Kibana Status is red. What I’m doing wrong ?
Thanks for help this newbie
readonlyrest.yaml :
readonlyrest:
enable: true
response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin
ssl:
enable: false
keystore_file: "/elasticsearch/plugins/readonlyrest/elasticsearch.jks"
keystore_pass: PASS_JKS
key_pass: PASS_JKS
access_control_rules:
- name: "Block 1 - Allowing kibana to access"
type: allow
auth_key: kibana:PASS_KIBANA
verbosity: error
actions: ["cluster:monitor/main", "cluster:monitor/nodes/info", "indices:admin/mappings/get"]
- name: "Block 2 - read only for other indices"
type: allow
auth_key: ui:PASS_UI
kibana_access: ro
actions: ["indices:data/read/*", "indices:admin/get"]
- name: "Block 3 - read write access to indices for application"
type: allow
auth_key: appl:PASS_APPL
verbosity: error
- name: "Block 4 - admin user for emergency"
type: allow
auth_key: admin:PASS_ADMIN
kibana_access: admin
- name: "Block 5 - monitoring User"
type: allow
auth_key: mon:PASS_MON
actions: ["cluster:monitor/main", "cluster:monitor/health", "cluster:monitor/nodes/stats", "cluster:monitor/state", "cluster:monitor/stats", "indices:monitor/stats"]
Elasticsearch Log File:
C:\pers\kibana-6.2.2-windows-x86_64\kibana-6.2.2-windows-x86_64\bin>.\kibana.bat
log [08:17:07.323] [info][status][plugin:kibana@6.2.2] Status changed from uninitialized to green - Ready
log [08:17:07.407] [info][status][plugin:elasticsearch@6.2.2] Status changed from uninitialized to yellow - Waiting for Elasticsearch
log [08:17:08.549] [info][status][plugin:timelion@6.2.2] Status changed from uninitialized to green - Ready
log [08:17:08.559] [info][status][plugin:console@6.2.2] Status changed from uninitialized to green - Ready
log [08:17:08.565] [info][status][plugin:metrics@6.2.2] Status changed from uninitialized to green - Ready
log [08:17:08.618] [info][listening] Server running at http://localhost:5601
log [08:17:08.836] [error][status][plugin:elasticsearch@6.2.2] Status changed from yellow to red - Authentication Exception
[2018-05-31T10:20:06,716][INFO ][t.b.r.a.ACL ] e[35mFORBIDDEN by default req={ ID:589574002-970298994#48, TYP:MainRequest, CGR:N/A, USR:[no basic auth header], BRS:false, KDX:null, ACT:cluster:monitor/main, OA:127.0.0.1, DA:127.0.0.1, IDX:<N/A>, MET:HEAD, PTH:/, CNT:<N/A>, HDR:{Connection=keep-alive, Content-Length=0, Host=localhost:9200}, HIS:[Block 1 - Allowing kibana to access->[auth_key->false]], [Block 2 - read only for other indices->[auth_key->false]], [Block 3 - read write access to indices for application->[auth_key->false]], [Block 4 - admin user for emergency->[auth_key->false]], [Block 5 - monitoring User->[auth_key->false]] } e[0m
[2018-05-31T10:20:06,716][INFO ][t.b.r.a.ACL ] e[35mFORBIDDEN by default req={ ID:1859738829-2026337532#47, TYP:MainRequest, CGR:N/A, USR:[no basic auth header], BRS:false, KDX:null, ACT:cluster:monitor/main, OA:127.0.0.1, DA:127.0.0.1, IDX:<N/A>, MET:HEAD, PTH:/, CNT:<N/A>, HDR:{Connection=keep-alive, Content-Length=0, Host=localhost:9200}, HIS:[Block 1 - Allowing kibana to access->[auth_key->false]], [Block 2 - read only for other indices->[auth_key->false]], [Block 3 - read write access to indices for application->[auth_key->false]], [Block 4 - admin user for emergency->[auth_key->false]], [Block 5 - monitoring User->[auth_key->false]] } e[0m
[2018-05-31T10:20:09,222][INFO ][t.b.r.a.ACL ] e[35mFORBIDDEN by default req={ ID:1235125248-118906047#49, TYP:MainRequest, CGR:N/A, USR:[no basic auth header], BRS:false, KDX:null, ACT:cluster:monitor/main, OA:127.0.0.1, DA:127.0.0.1, IDX:<N/A>, MET:HEAD, PTH:/, CNT:<N/A>, HDR:{Connection=keep-alive, Content-Length=0, Host=localhost:9200}, HIS:[Block 1 - Allowing kibana to access->[auth_key->false]], [Block 2 - read only for other indices->[auth_key->false]], [Block 3 - read write access to indices for application->[auth_key->false]], [Block 4 - admin user for emergency->[auth_key->false]], [Block 5 - monitoring User->[auth_key->false]] } e[0m
[2018-05-31T10:20:11,732][INFO ][t.b.r.a.ACL ] e[35mFORBIDDEN by default req={ ID:1124847677-1459140648#52, TYP:MainRequest, CGR:N/A, USR:[no basic auth header], BRS:false, KDX:null, ACT:cluster:monitor/main, OA:127.0.0.1, DA:127.0.0.1, IDX:<N/A>, MET:HEAD, PTH:/, CNT:<N/A>, HDR:{Connection=keep-alive, Content-Length=0, Host=localhost:9200}, HIS:[Block 1 - Allowing kibana to access->[auth_key->false]], [Block 2 - read only for other indices->[auth_key->false]], [Block 3 - read write access to indices for application->[auth_key->false]], [Block 4 - admin user for emergency->[auth_key->false]], [Block 5 - monitoring User->[auth_key->false]] } e[0m
[2018-05-31T10:20:14,238][INFO ][t.b.r.a.ACL ] e[35mFORBIDDEN by default req={ ID:118155470-629632947#53, TYP:MainRequest, CGR:N/A, USR:[no basic auth header], BRS:false, KDX:null, ACT:cluster:monitor/main, OA:127.0.0.1, DA:127.0.0.1, IDX:<N/A>, MET:HEAD, PTH:/, CNT:<N/A>, HDR:{Connection=keep-alive, Content-Length=0, Host=localhost:9200}, HIS:[Block 1 - Allowing kibana to access->[auth_key->false]], [Block 2 - read only for other indices->[auth_key->false]], [Block 3 - read write access to indices for application->[auth_key->false]], [Block 4 - admin user for emergency->[auth_key->false]], [Block 5 - monitoring User->[auth_key->false]] } e[0m
[2018-05-31T10:20:16,741][INFO ][t.b.r.a.ACL ] e[35mFORBIDDEN by default req={ ID:707967796-1523730112#56, TYP:MainRequest, CGR:N/A, USR:[no basic auth header], BRS:false, KDX:null, ACT:cluster:monitor/main, OA:127.0.0.1, DA:127.0.0.1, IDX:<N/A>, MET:HEAD, PTH:/, CNT:<N/A>, HDR:{Connection=keep-alive, Content-Length=0, Host=localhost:9200}, HIS:[Block 1 - Allowing kibana to access->[auth_key->false]], [Block 2 - read only for other indices->[auth_key->false]], [Block 3 - read write access to indices for application->[auth_key->false]], [Block 4 - admin user for emergency->[auth_key->false]], [Block 5 - monitoring User->[auth_key->false]] } e[0m
[2018-05-31T10:20:19,256][INFO ][t.b.r.a.ACL ] e[35mFORBIDDEN by default req={ ID:411324807-759305612#57, TYP:MainRequest, CGR:N/A, USR:[no basic auth header], BRS:false, KDX:null, ACT:cluster:monitor/main, OA:127.0.0.1, DA:127.0.0.1, IDX:<N/A>, MET:HEAD, PTH:/, CNT:<N/A>, HDR:{Connection=keep-alive, Content-Length=0, Host=localhost:9200}, HIS:[Block 1 - Allowing kibana to access->[auth_key->false]], [Block 2 - read only for other indices->[auth_key->false]], [Block 3 - read write access to indices for application->[auth_key->false]], [Block 4 - admin user for emergency->[auth_key->false]], [Block 5 - monitoring User->[auth_key->false]] } e[0m
[2018-05-31T10:20:21,762][INFO ][t.b.r.a.ACL ] e[35mFORBIDDEN by default req={ ID:1195765663-1416574631#60, TYP:MainRequest, CGR:N/A, USR:[no basic auth header], BRS:false, KDX:null, ACT:cluster:monitor/main, OA:127.0.0.1, DA:127.0.0.1, IDX:<N/A>, MET:HEAD, PTH:/, CNT:<N/A>, HDR:{Connection=keep-alive, Content-Length=0, Host=localhost:9200}, HIS:[Block 1 - Allowing kibana to access->[auth_key->false]], [Block 2 - read only for other indices->[auth_key->false]], [Block 3 - read write access to indices for application->[auth_key->false]], [Block 4 - admin user for emergency->[auth_key->false]], [Block 5 - monitoring User->[auth_key->false]] } e[0m