Question on Kibana Integration


(Damocles) #1

(I haven’t yet purchased the Kibana PRO/ENTERPRISE license and neither do I have a Trial license yet. Am trying to do some basic Kibana Integration with my ROR enabled elastic stack. Successful POC will allow me to trigger a purchase of the PRO License FYI). POC intent is to get Kibana to Load successfully with the default internal kibana/kibana elasticpassword and allow me to navigate all the features of kibana-elasticsearch by default without any Basic Authentication Popups.

  • WITHOUT purchasing the PRO/ENTERPRISE/TRIAL license, what all can I do by default?
  • Am getting a Basic Authentication Challenge whilst bringing up Kibana! I was hoping with the kibana/kibana yml configuration - at the very least Kibana will come up - write the necessary indexes etc. However, I get a foribidden error RANDOMLY with this configuration. The odd thing is - sometimes I do get the user correctly as kibana and the KIBANA-SRV rule passes, but other most of the other times it fails as below. Any suggestions?

FORBIDDEN by default req={ ID:419936870-1449684158#181, TYP:GetFieldMappingsRequest, CGR:N/A, USR:[no basic auth header], BRS:false, ACT:indices:admin/mappings/fields/get, OA:10.203.122.154, DA:10.203.121.87, IDX:.kibana, MET:GET, PTH:/.kibana/_mapping/*/field/_source, CNT:<N/A>, HDR:{Connection=keep-alive, content-length=0, host=converse-elasticsearch.clouddqt.capitalone.com, X-Forwarded-For=10.203.121.86, 10.203.123.205, X-Forwarded-Port=443, X-Forwarded-Proto=https}, HIS:[Rout53 Access->[actions->false, x_forwarded_for->true]], [Global Write/Admin Access->[auth_key->false]], [::KIBANA-SRV::->[auth_key->false]], [::RO::->[auth_key->false]], [::RW::->[auth_key->false]] }

I have configured

kibana.yml

elasticsearch:username: "kibana"
elasticsearch.password: “kibana”

readonlyrest.yml

readonlyrest:
access_control_rules:

- name: "Rout53 Access"
  type: allow
  x_forwarded_for: ["0.0.0.0/0"]
  actions: ["cluster:monitor/*","indices:data/read/*", "indices:admin/get", "indices:admin/aliases", "indices:admin/aliases/*", "indices:admin/analyze", "indices:monitor/*"]
  verbosity: error

- name: "Global Write/Admin Access"
  auth_key: "elastic:$apr1$JRxL0HOz$ndMHCirazDfTZznLy.icH1"
  type: allow
  actions: ["indices:data/write/*","indices:admin/*", "cluster:admin/*"]

- name: "::KIBANA-SRV::"
  kibana_access: ro
  auth_key: **kibana:kibana**

- name: "::RO::"
  auth_key: ro:dev
  kibana_access: ro
  indices: [ ".kibana", ".kibana-devnull", "logstash-*"]
  kibana_hide_apps: ["readonlyrest_kbn", "timelion", "kibana:dev_tools", "kibana:management"]

- name: "::RW::"
  auth_key: rw:dev
  kibana_access: rw
  indices: [".kibana", ".kibana-devnull", "logstash-*"]
  kibana_hide_apps: ["readonlyrest_kbn", "timelion", "kibana:dev_tools", "kibana:management"]

(Simone Scarduzio) #2

Well, you are describing the long standing Kibana bug I was talking about.

However, a very shitty way to mitigate this is to open up the ACL for those certain actions. A bit like you did for the ELB health checks.
Maybe as a “proof of concept” it will momentarily do the trick.

Talking about POC and demos: I’d hate to come across as the classical pushy seller, but - if you need - I can simply hand you over a link to the trial of the Kibana plugin. No strings attached.


(Damocles) #3

@sscarduzio Thank you. Thats very forthcoming - once I had my kibana working I was planning on using the trial to prototype and demo to mesh the last part of this - multi tenancy. A readiliy available link would help speed things along.

to this point : Maybe as a “proof of concept” it will momentarily do the trick.
I assume this bug is regardless of whether or not its a Proof of Concept or not? Are you suggesting that I hack the Kibana flow across the environment spectrum (DEV/QA/PROD) until an “official” fix is available?


(Simone Scarduzio) #4

Maybe it’s semantics, but in my understanding I supposed a POC would not reach QA/PROD.
I just suggested to pin some holes in the ACL in a controlled environment, if you just need to show off what’s possible.

About the bug. This bug in Kibana in 2016 and never resolved. I know because was the one reporting it. Personally I lost hope.


(Damocles) #5

@sscarduzio Ah - I meant if the Proof of Concept is approved - when we take it to PROD - we cant depend on the kibana/kibana due to the bug so the same “hack” for allowing a custom ACL for kibana events would need to get promoted to PROD?


(Simone Scarduzio) #6

Well of course if you promote the PoC to prod as is, you will expose production data to flaws. So by all means, I suggest to use the appropriate tools if your PoC has chances to go straight to prod.