I am currently using ELK version 7.17.14 along with Free ROR 1.54, I am thinking about upgrading to 1.59.0 but have some doubts.
I noticed in the changelog that in version 1.57.0 the “User settings available to users with all access types” was added, however in this area apart from “User settings” for the user with RW permissions for Kibana the “Activation Key” and “API” applications are visible and available with some data that should be protected from typical user. Is this correct and cannot access to these be limited only for admin or unrestricted users, if so how can I do it? I limit access to commands via ELK API e.g. Dev Tools(_cat,_cluster,_mapping) using “uri_re” rule with type forbid in readonlyrest config.
Every RW user has access to Stack Management → “Upgrade assistant” cannot this be limited as well for every RW user?
Regards,
Michał
yeah, this information may be misleading for RW Kibana users. It would probably be better if they were visible only to Admin users. We will change it.
Currently, the RW user can do anything with Kibana indices (including upgrades). In the future, we will probably split the access level into two separate levels. At the moment you can use actions and kibana.hide_apps (no available with the Free license) to restrict access to this part of Kibana.
After waiting for some time and finally stopping(CTRL-C) patching command I try ‘verify’
node/bin/node plugins/readonlyrestkbn/ror-tools.js verify
[ROR COMPAT] Verifying patched state...
[ROR COMPAT] /home/kibana_XXX.ror161/plugins/readonlyrestkbn/kibana/patchers/../../../../x-pack/plugins/reporting/server/routes/lib/request_handler.js was patched with the ReadonlyREST plugin version 1.61.0 and Kibana version 7.17.14 on 2024:11:19 15:09:45.
[ROR COMPAT] request_handler.js patch status: VERIFIED.
[ROR COMPAT] Found patch file /home/kibana_XXX.ror161/plugins/readonlyrestkbn/kibana/patchers/patches_for_kbn_distribution/serve.js.patch
[ROR COMPAT] Verifying patched state...
[ROR COMPAT] /home/kibana_XXX.ror161/plugins/readonlyrestkbn/kibana/patchers/../../../../src/cli/serve/serve.js was patched with the ReadonlyREST plugin version 1.61.0 and Kibana version 7.17.14 on 2024:11:19 15:09:45.
[ROR COMPAT] serve.js patch status: VERIFIED.
[ROR COMPAT] Found patch file /home/kibana_XXX.ror161/plugins/readonlyrestkbn/kibana/patchers/patches_for_kbn_distribution/store.patch
[ROR COMPAT] Verifying patched state...
[ROR COMPAT] /home/kibana_XXX.ror161/plugins/readonlyrestkbn/kibana/patchers/../../../../x-pack/plugins/reporting/server/lib/store/store.js was patched with the ReadonlyREST plugin version 1.61.0 and Kibana version 7.17.14 on 2024:11:19 15:09:45.
[ROR COMPAT] store.js patch status: VERIFIED.
and it doesn’t end by itself as well. Just stops logging anything more and the only option is to CTRL-C
In addition, running
node/bin/node plugins/readonlyrestkbn/ror-tools.js unpatch
[ROR COMPAT] Found patch file /home/kibana_XXX.ror161/plugins/readonlyrestkbn/kibana/patchers/patches_for_kbn_distribution/serve.js.patch
[ROR COMPAT] Backup file found!
[ROR COMPAT] /home/kibana_XXX.ror161/plugins/readonlyrestkbn/kibana/patchers/../../../../src/cli/serve/serve.js was patched with the ReadonlyREST plugin version 1.61.0 and Kibana version 7.17.14 on 2024:11:19 15:09:45.
[ROR COMPAT] /home/kibana_XXX.ror161/plugins/readonlyrestkbn/kibana/patchers/../../../../src/cli/serve/serve.js.metadata.json file removed
[ROR COMPAT] Restored /home/kibana_XXX.ror161/plugins/readonlyrestkbn/kibana/patchers/../../../../src/cli/serve/serve.js
[ROR COMPAT] Found patch file /home/kibana_XXX.ror161/plugins/readonlyrestkbn/kibana/patchers/patches_for_kbn_distribution/store.patch
[ROR COMPAT] Backup file found!
[ROR COMPAT] /home/kibana_XXX.ror161/plugins/readonlyrestkbn/kibana/patchers/../../../../x-pack/plugins/reporting/server/lib/store/store.js was patched with the ReadonlyREST plugin version 1.61.0 and Kibana version 7.17.14 on 2024:11:19 15:09:45.
[ROR COMPAT] /home/kibana_XXX.ror161/plugins/readonlyrestkbn/kibana/patchers/../../../../x-pack/plugins/reporting/server/lib/store/store.js.metadata.json file removed
[ROR COMPAT] Restored /home/kibana_XXX.ror161/plugins/readonlyrestkbn/kibana/patchers/../../../../x-pack/plugins/reporting/server/lib/store/store.js
also freezes without returning any result to terminal and another verification gives
[ROR COMPAT] Received command: verify
[ROR COMPAT] Verifying the presence of ROR hooks on Kibana files..
[ROR COMPAT] Found patch file /home/kibana_XXX.ror161/plugins/readonlyrestkbn/kibana/patchers/patches_for_kbn_distribution/get_document_payload.patch
[ROR COMPAT] Verifying patched state...
[ROR COMPAT] ReadonlyREST encountered problems during patching verification: Unable to retrieve the ReadonlyREST plugin version for which the file was patched. Please ensure all steps in the upgrade guide have been followed: https://docs.readonlyrest.com/kibana#upgrading.
and also hangs without any further action/exit_code and the only option is to stop.
Is this a problem with this specific version of kibana I’m using or js script for ROR_1.61?
Thanks for the message, I’m able to reproduce the issue with a terminal hanging. Based on your logs and what I observed, the patch, verify and unpatch commands work as expected and it’s and issues with correctly exiting a process after finishing.
Could you try to run Kibana after the patch command?
After starting kibana seems to be working fine. However, I noticed that in newer ROR version 1.61 Free after every 10 minutes there are logged events about Activation Key not being found, which in older version was logged once just before start.
Nov 21 07:32:52 host kibana[X]: [ROR COMPAT] store.js patch status: VERIFIED.
Nov 21 07:42:49 host kibana[X]: [07:42:49:610] [info][plugins][ReadonlyREST][LicenseService][x-ror-correlation-id=d9b33af6-XXX] Cannot get the encrypted activation key from Kibana... Status code: 404
Nov 21 07:42:49 host kibana[X]: [07:42:49:616] [info][plugins][ReadonlyREST][LicenseService][x-ror-correlation-id=d9b33af6-XXX] No Activation Key found. That's OK. Defaulting to Free license.You can add your own Activation Key later.
Nov 21 07:42:49 host kibana[X]: [07:42:49:617] [info][plugins][ReadonlyREST][LicenseService][x-ror-correlation-id=d9b33af6-XXX] Visit ReadonlyREST Customer Portal at https://readonlyrest.com to get a trial Activation Key.
Nov 21 07:52:49 host kibana[X]: [07:52:49:611] [info][plugins][ReadonlyREST][LicenseService][x-ror-correlation-id=dbac2c8f-XXX] Cannot get the encrypted activation key from Kibana... Status code: 404
Nov 21 07:52:49 host kibana[X]: [07:52:49:618] [info][plugins][ReadonlyREST][LicenseService][x-ror-correlation-id=dbac2c8f-XXX] No Activation Key found. That's OK. Defaulting to Free license.You can add your own Activation Key later.
Nov 21 07:52:49 host kibana[X]: [07:52:49:618] [info][plugins][ReadonlyREST][LicenseService][x-ror-correlation-id=dbac2c8f-XXX] Visit ReadonlyREST Customer Portal at https://readonlyrest.com to get a trial Activation Key.
Nov 21 08:02:49 host kibana[X]: [08:02:49:614] [info][plugins][ReadonlyREST][LicenseService][x-ror-correlation-id=dbac2c8f-XXX] Cannot get the encrypted activation key from Kibana... Status code: 404
Nov 21 08:02:49 host kibana[X]: [08:02:49:622] [info][plugins][ReadonlyREST][LicenseService][x-ror-correlation-id=dbac2c8f-XXX] No Activation Key found. That's OK. Defaulting to Free license.You can add your own Activation Key later.
Nov 21 08:02:49 host kibana[X]: [08:02:49:622] [info][plugins][ReadonlyREST][LicenseService][x-ror-correlation-id=dbac2c8f-XXX] Visit ReadonlyREST Customer Portal at https://readonlyrest.com to get a trial Activation Key.
I noticed that in newer ROR version 1.61 Free after every 10 minutes, there are logged events about the Activation Key not being found
Yes, a few versions ago we introduced a mechanism to periodically verify the Activation key, 10 minutes is a default value, but you can change it in the kibana.yml config