HI there,
We recently upgraded our ELK stack from 5.5 to 6.2.X. while for the most parts things worked well, we found that as part of the upgrade we had to migrate our Kibana index as indicated in this page:
What this resulted in is a creation of a new .kibana-6 index aliased to .kibana as explained in that migration step. After we bring up Kibana - ROR throws this error. IT feels like the kibana/kibana auth is no longer passing. Any ideas?
".kibana-6": {
"aliases": {
".kibana": {}
}
}
Error
[2018-06-06T14:07:58,654][INFO ][t.b.r.a.ACL ] ^[[35mFORBIDDEN by default req={ ID:104099432-366820386#21395, TYP:IndexRequest, CGR:N/A, USR:[no basic auth header], BRS:true, KDX:null, ACT:indices:data/write/index, OA:10.203.122.120, DA:10.203.123.182, IDX:myindex, MET:POST, PTH:/myindex/ctr, CNT:<OMITTED, LENGTH=1152>, HDR:{Accept=/, Accept-Encoding=gzip, deflate, Connection=keep-alive, Content-Length=1152, Content-Type=application/json, host=myapp.foo.com, User-Agent=python-requests/2.18.4, X-Forwarded-For=10.206.201.85, X-Forwarded-Port=443, X-Forwarded-Proto=https}, HIS:[::KIBANA-SRV 1::->[auth_key->false]], [::RO::->[auth_key->false]], [::RW::->[auth_key->false]], [GlobalWrite/Admin Access->[auth_key->false]], [Route53 Access->[actions->false, x_forwarded_for->true]], [::NGINX-RESTRICTED-GROUP::->[proxy_auth->false]], [::NGINX-READONLY-GROUP::->[proxy_auth->false]], [::NGINX-ADMIN-GROUP::->[proxy_auth->false]]
This is my kibana config (hasn’t changed between 5.5 and 6.2):
server.host: 0.0.0.0
elasticsearch.url: https://myapp.foo.com:443/
elasticsearch.username: "kibana"
elasticsearch.password: "kibana"
elasticsearch.requestHeadersWhitelist: [ authorization, x-forwarded-user, x-forwarded-group ]
logging.verbose: true
ROR Config (used to work with the old .kibana index):
readonlyrest:
prompt_for_basic_auth: falseaccess_control_rules: - name: "::KIBANA-SRV 1::" kibana_access: admin auth_key: kibana:kibana verbosity: error - name: "Global Write/Admin Access" auth_key: elastic:elastic type: allow actions: ["indices:data/write/*","indices:admin/*", "cluster:admin/*", "cluster:monitor/*", "indices:monitor/*"] verbosity: error - name: "Route53 Access" type: allow x_forwarded_for: ["0.0.0.0/0"] actions: ["cluster:monitor/*", "indices:admin/get", "indices:admin/aliases", "indices:admin/aliases/*", "indices:admin/analyze", "indices:monitor/*", "indices:data/read/*"] verbosity: error