Unable to connect elasticsearch server 5.6.9

jsjuber · May 3, 2018, 8:40am

Hi,
I have setup elasticsearch setup with latest version 5.6.9. I have configured elasticseach-head plugin in standalone mode. For kibana authentication, we have configured readonlyrest plugin. After configuring readonlyrest plugin elasticsearch server not connected to the elasticsearch-head. I have also mention header authorization but still is not working.

elasicesearch configuration file
elasticsearch.yml

---------------------------------- Network -----------------------------------
Set the bind address to a specific IP (IPv4 or IPv6):
network.host: 0.0.0.0
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization
Set a custom port for HTTP:
http.port: 9200
For more information, consult the network module documentation.

Readonlyrest.yml

readonlyrest:

response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin

access_control_rules:

- name: "::LOGSTASH::"
  # auth_key is good for testing, but replace it with `auth_key_sha1`!
  auth_key: logstash:logstash
  actions: ["cluster:monitor/main","indices:admin/types/exists","indices:data/read/*","indices:data/write/*","indices:admin/template/*","indices:admin/create"]
  indices: ["logstash-*"]

# We trust Kibana's server side process, full access granted via HTTP authentication
- name: "::KIBANA-SRV::"
  auth_key: kibana:kibana
  verbosity: error
  type: allow

logs:-
FORBIDDEN by default req={ ID:121019886-517551234#262, TYP:MainRequest, CGR:N/A, USR:[no basic auth header], BRS:true, KDX:null, ACT:cluster:monitor/main, OA:35.231.36.26, DA:10.142.0.2, IDX:<N/A>, MET:HEAD, PTH:/, CNT:<N/A>, HDR:{Content-Length=0, Content-Type=application/json, Host=35.231.36.26:9200, User-Agent=Faraday v0.13.1}, HIS:[::LOGSTASH::->[auth_key->false]], [::KIBANA-SRV::->[auth_key->false]] }

sscarduzio · May 3, 2018, 8:54am

Hi @jsjuber!
You forgot to tell Kibana to use the credentials you have set up in ROR:

See the docs paragraph

jsjuber · May 3, 2018, 9:04am

Hi @sscarduzio
I was updated kibana credentials but still is not worked. kibana authentication is working but elasticsearch server not connected to elastic-head plugin after configuring readonlyrest plugin. I am getting frustrated totally.

kibana.yml

elasticsearch.username: "kibana"
elasticsearch.password: “kibana”

sscarduzio · May 3, 2018, 9:36am

Unfortunately Head does not seem to support basic auth?
The only way I managed to make it work is setting up in ROR

readonlyrest:
    prompt_for_basic_auth: false
    ...other settings...

And then opening a tab in the browser towards Elasticsearch directly (port 9200), setting the password from the prompt, and then go back to Head.

jsjuber · May 3, 2018, 9:56am

As per your suggestion, I have configured ROR below like that

readonlyrest:
prompt_for_basic_auth: false

But I have to get an error on port http://ip:9200 on browser

{“error”:{“root_cause”:[{“reason”:“Forbidden by ReadonlyREST ES plugin”}],“reason”:“Forbidden by ReadonlyREST ES plugin”},“status”:403}

sscarduzio · May 3, 2018, 10:08am

@jsjuber you have to indent it right, at the same height with “access_control_rules”

jsjuber · May 3, 2018, 10:17am

Below I have attached my readonlyrest yml file configuration

Still, I have to get the same error on browser
{“error”:{“root_cause”:[{“reason”:“forbidden”}],“reason”:“forbidden”},“status”:403}

sscarduzio · May 3, 2018, 2:15pm

OK this should not happen, are you sure you restarted the instance?
If you are using ROR PRO/Enterprise, make sure you don’t have in-index settings overriding this.

You should have 401 not 403