The documentation of an open source product should also be open source! Found a problem? Edit the file directly from GitHub!
⬅️ Elasticsearch plugin project (Github)
Official Documentation of ReadonlyREST Plugin
License: GNU General Public License v3.0
The documentation of an open source product should also be open source! Found a problem? Edit the file directly from GitHub!
⬅️ Elasticsearch plugin project (Github)
The documented structure of ACL blocks seems to have changed significantly between 1.16 and 1.18 however this is not clearly documented in these docs.
Some examples:
Error seen:
org.elasticsearch.bootstrap.StartupException: StartingFailureException[Errors:
Malformed settings: proxy_auth:
- "*"
x_forwarded_for:- "*"
So it would seem that
proxy_auth: ["*"]
or
proxy_auth: *
are no longer valid under 1.18. Instead it seems the config is now to be expressed using sub components like:
proxy_auth:
users: ["*"]
proxy_auth_config: "someconf"
and a seperate top level section:
proxy_auth_configs:
- name: "someconf"
user_id_header: "x-forwarded-user"
Another error I have encountered is :
No order defined for rule: hosts
this seems like a warning as things still start however this is not documented and I have no idea how to resolve...
At Debian 9 your documentation doesn´t work. I´ve installed elasticsearch-6.1.0, but there is no service available whoch can install plugins. Have you forgotten to insert anything to your docs?
Am I correct in saying that replacing the .JKS file and restarting the node is all you need to do for RoR to pickup the new SSL?
Docker file to create image with ROR -
FROM dfw-gteo-hub-docker.prod.walmart.com:5000/elasticsearch:7.4.2
COPY --chown=elasticsearch:elasticsearch readonlyrest-1.18.9_es7.4.2.zip /tmp
WORKDIR /usr/share/elasticsearch
RUN bin/elasticsearch-plugin install --batch file:///tmp/readonlyrest-1.18.9_es7.4.2.zip
COPY --chown=elasticsearch:elasticsearch readonlyrest.yml /usr/share/elasticsearch/config
readonlyrest.yml
readonlyrest:
#optional
enable: true
response_if_req_forbidden: Sorry, your request is forbidden by ReadonlyREST ES plugin
access_control_rules:
# We trust Kibana's server side process, full access granted via HTTP authentication
- name: "::KIBANA-SRV::"
auth_key: kibana:kibana
verbosity: error # don't log successful request
- name: "::RO DEVELOPER::"
auth_key: readonly:readonly
kibana_access: ro_strict
indices: ["*"]
- name: "::RW::"
auth_key: readwrite:asd321
kibana_access: rw
indices: ["*"]
- name: "public access monitoring"
actions: ["indices:data/read/search"]
indices: [".monitoring*"]
- name: "Public Access Custom"
actions: ["indices:data/read/field_stats", "indices:admin/mappings/fields/get", "indices:admin/get", "indices:data/read/msearch", "indices:data/read/field_caps"]
indices: ["*"]
Sample HelmChart -
https://github.com/elastic/helm-charts/blob/master/elasticsearch/values.yaml
Getting below message in pod logs -
{"type": "server", "timestamp": "2019-12-02T15:22:50,189Z", "level": "INFO", "component": "t.b.r.a.l.AccessControlLoggingDecorator", "cluster.name": "mycluster", "node.name": "master-4", "message": "\u001B[35mFORBIDDEN by default req={ ID:239623908-1322721299#565, TYP:ClusterHealthRequest, CGR:N/A, USR:[user not logged], BRS:true, KDX:null, ACT:cluster:monitor/health, OA:127.0.0.1/32, XFF:null, DA:127.0.0.1/32, IDX:<N/A>, MET:GET, PTH:/_cluster/health, CNT:<N/A>, HDR:Accept=*/*, Host=127.0.0.1:9200, User-Agent=curl/7.29.0, content-length=0, HIS:[::KIBANA-SRV::-> RULES:[auth_key->false], RESOLVED:[]], [::RO DEVELOPER::-> RULES:[auth_key->false], RESOLVED:[]], [::RW::-> RULES:[auth_key->false], RESOLVED:[]], [public access monitoring-> RULES:[indices->true, actions->false], RESOLVED:[indices=.monitoring-kibana-7-2019.11.29,.monitoring-kibana-7-2019.11.28,.monitoring-kibana-7-2019.11.30,.monitoring-es-7-2019.11.27,.monitoring-kibana-7-2019.11.26,.monitoring-es-7-2019.11.29,.monitoring-es-7-2019.11.30,.monitoring-es-7-2019.12.02,.monitoring-es-7-2019.11.28,.monitoring-kibana-7-2019.12.01,.monitoring-es-7-2019.11.26,.monitoring-es-7-2019.12.01,.monitoring-kibana-7-2019.11.27,.monitoring-kibana-7-2019.12.02]], [Public Access Custom-> RULES:[indices->true, actions->false], RESOLVED:[]] }\u001B[0m", "cluster.uuid": "YsS3RfyoTvmAw6U8LEu9Tw", "node.id": "l1KKSm89RhW8Qo_MrDVyZw" }
POD is not coming up -
master-4 0/1 Running 0 47m
Can you please help me with this?
Hi! We use ELK 8.4.3 and enterprise version of plugin! When users from RO group try to do anything, for example go to discover tab after login, they logout!!! :(
In audit events i se that user try to /write/_bulk, update, and some _get actions, for example indices:data/write/bulk in index readonlyrest_audit-2022-11-01, but get FORBIDDEN
Hi,
I am using elasticsearch-oss-6.5.0 with readonlyrest-1.16.29_es6.5.0. When I stop running elasticsearch service I get this error. I am using java - "jre1.8.0_181" I also try OpenJDK "jdk-10.0.2" and "jdk-11.0.1". Still same error. Runing ES without readonlyrest working correct also old readonlyrest-1.16.29_es6.4.3 + elasticsearch-oss-6.4.3 working correct. Any idea?
[2018-11-26T10:37:14,138][ERROR][i.n.u.c.D.rejectedExecution] [w6u2Laz] Failed to submit a listener notification task. Event loop shut down? java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "setContextClassLoader") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) ~[?:?] at java.security.AccessController.checkPermission(AccessController.java:895) ~[?:?] at java.lang.SecurityManager.checkPermission(SecurityManager.java:335) ~[?:?] at java.lang.Thread.setContextClassLoader(Thread.java:1570) ~[?:?] at io.netty.util.concurrent.GlobalEventExecutor$2.run(GlobalEventExecutor.java:228) ~[netty-common-4.1.30.Final.jar:4.1.30.Final] at io.netty.util.concurrent.GlobalEventExecutor$2.run(GlobalEventExecutor.java:225) ~[netty-common-4.1.30.Final.jar:4.1.30.Final] at java.security.AccessController.doPrivileged(Native Method) ~[?:?] at io.netty.util.concurrent.GlobalEventExecutor.startThread(GlobalEventExecutor.java:225) ~[netty-common-4.1.30.Final.jar:4.1.30.Final] at io.netty.util.concurrent.GlobalEventExecutor.execute(GlobalEventExecutor.java:213) ~[netty-common-4.1.30.Final.jar:4.1.30.Final] at io.netty.util.concurrent.DefaultPromise.safeExecute(DefaultPromise.java:768) [netty-common-4.1.30.Final.jar:4.1.30.Final] at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:432) [netty-common-4.1.30.Final.jar:4.1.30.Final] at io.netty.util.concurrent.DefaultPromise.setSuccess(DefaultPromise.java:94) [netty-common-4.1.30.Final.jar:4.1.30.Final] at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:939) [netty-common-4.1.30.Final.jar:4.1.30.Final] at java.lang.Thread.run(Thread.java:844) [?:?]
As described in the docs, tried to set
xpack.security.enabled: false but es fail to start
java.lang.IllegalArgumentException: unknown setting [xpack.security.enabled] please check that any required plugins are installed, or check the breaking changes documentation for removed settings
Any ideas ?
Thanks
I might be wrong here, but both from observed behavior and reading the code it appears that socket and connection timeouts are missing for the ExternalAuthenticationServiceClient
. It appears to be set correctly for LDAP connections, but not for other external authentication services.
We've observed that after running ElasticSearch with ROR for about a week under moderately high load (nothing extreme, but definitely traffic), authentication stops working for some nodes in our cluster:
[2019-02-06T08:10:59,164][INFO ][t.b.r.h.ApacheHttpCoreClient] [servername] HTTP client failed to connect: [dce6ef35-f2c3-4700-a172-6f0bd2abcc41] GET https://full-hostname/api/auth reason: Connection closed
[2019-02-06T08:10:59,167][ERROR][t.b.r.a.b.Block ] [servername] es_admins: external_authentication rule matching got an error org.apache.http.ConnectionClosedException: Connection closed
java.util.concurrent.CompletionException: org.apache.http.ConnectionClosedException: Connection closed
... massive stack trace ...
at tech.beshu.ror.acl.definitions.externalauthenticationservices.ExternalAuthenticationServiceHttpClient.authenticate(ExternalAuthenticationServiceHttpClient.java:41) ~[?:?]
at tech.beshu.ror.acl.definitions.externalauthenticationservices.CachedExternalAuthenticationServiceClient.authenticate(CachedExternalAuthenticationServiceClient.java:68) ~[?:?]
...
The external authentication service is running fine, but a once a node starts failing it doesn't recover before it's restarted.
To me this seems indicative of stale connections in the connection pool, and reading the code seems to confirm this.
https://github.com/beshu-tech/readonlyrest-docs/blob/master/kibana.md
Setting force_load_from_file: true
doesn't prevent "Loading ReadonlyREST settings from index" later. When that index doesn't exist, it takes a lot longer for "ReadonlyREST core was loaded" to be reached.
I think something I can do in the meantime is set "com.readonlyrest.settings.loading.delay". Where do I set this? In a jvm.options.d file?
I just started using this plugin before committing to the enterprise version. Getting started wasn't as obvious as I was expecting for version 6.
The documentation seems to indicate $ES_HOME is the appropriate place for configuration. As far as I'm aware $ES_HOME usually point to the executable location, not where the config should go. This would give me Could not find required attribute 'readonlyrest'
I believe for version 6 at least it should be $ES_PATH_CONF or $CONF_DIR instead of $ES_HOME.
Putting readonlyrest.yml under $ES_PATH_CONF works correctly for me.
# echo $ES_HOME
/usr/share/elasticsearch
# echo $ES_PATH_CONF
/etc/elasticsearch
Happy to update the docs, just not sure how you want to handle covering discrepancies between versions.
It would be useful to include the limitations of using a Nginx proxy + Kibana setup with the open source version for ES 6.1.0. According to what I've seen, even when Kibana is configured to keep the x-forwarded-user header [1], it won't reach the ES server in all scenarios. E.g when saving a visualization:
[1] kibana parameter elasticsearch.requestHeadersWhitelist: [ authorization, x-forwarded-user ]
Best,
Luis
Hi Team,
Get below error installing plugin.
./elasticsearch-plugin install file:///tmp/elasticsearch-readonlyrest-plugin-master.zip
-> Downloading file:///tmp/elasticsearch-readonlyrest-plugin-master.zip
[=================================================] 100%
Exception in thread "main" java.nio.file.NoSuchFileException: /elastic/software/elasticsearch-6.5.0/plugins/.installing-2120567135259773208/plugin-descriptor.properties
at sun.nio.fs.UnixException.translateToIOException(UnixException.java:86)
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
at sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:214)
at java.nio.file.Files.newByteChannel(Files.java:361)
at java.nio.file.Files.newByteChannel(Files.java:407)
at java.nio.file.spi.FileSystemProvider.newInputStream(FileSystemProvider.java:384)
at java.nio.file.Files.newInputStream(Files.java:152)
at org.elasticsearch.plugins.PluginInfo.readFromProperties(PluginInfo.java:162)
at org.elasticsearch.plugins.InstallPluginCommand.loadPluginInfo(InstallPluginCommand.java:713)
at org.elasticsearch.plugins.InstallPluginCommand.installPlugin(InstallPluginCommand.java:792)
at org.elasticsearch.plugins.InstallPluginCommand.install(InstallPluginCommand.java:775)
at org.elasticsearch.plugins.InstallPluginCommand.execute(InstallPluginCommand.java:231)
at org.elasticsearch.plugins.InstallPluginCommand.execute(InstallPluginCommand.java:216)
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:77)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
at org.elasticsearch.cli.Command.main(Command.java:90)
at org.elasticsearch.plugins.PluginCli.main(PluginCli.java:47)
[elasticsearch@dxp-prd-md1 bin]$
java.util.concurrent.CompletionException: java.lang.NoClassDefFoundError: javax/xml/bind/DatatypeConverter
This seems similar, if not identical to #363.
I'm using the docker image at https://hub.docker.com/r/natewarr/elasticsearch-oss/ (natewarr/elasticsearch-oss:6.4.1) with the following Dockerfile:
FROM docker.elastic.co/elasticsearch/elasticsearch-oss:6.4.1
COPY ./plugins /install/plugins
RUN elasticsearch-plugin install --batch repository-s3
RUN for plugin in $(ls /install/plugins); do \
elasticsearch-plugin install --batch file:///install/plugins/${plugin}; \
done \
&& rm -rf /install/plugins
readonlyrest-1.16.27_es6.4.1 is the only plugin installed.
This is the official OSS elasticsearch docker image, modified with the readonlyrest plugin. When will it support Java 10?
{
"error" : {
"root_cause" : [
{
"reason" : "forbidden",
"due_to" : [
"OPERATION_NOT_ALLOWED"
]
}
],
"reason" : "forbidden",
"due_to" : [
"OPERATION_NOT_ALLOWED"
],
"status" : 401
}
}
I have not been able to install the plugin following the Download plugin zip instructions i receive in email. I am getting File Not Found exception . I tried using the below
C:\Program Files\elasticsearch-6.1.1\elasticsearch-6.1.1\bin>elasticsearch-plugi
n install "file:\c:\es_install\readonlyrest-1.16.15_es6.1.1.zip"
-> Downloading file:\c:\es_install\readonlyrest-1.16.15_es6.1.1.zip from mave
n central
Exception in thread "main" java.io.FileNotFoundException: https://repo1.maven.or
g/maven2/file/\c/\es_install\readonlyrest-1.16.15_es6.1.1.zip/\c-\es_instal
l\readonlyrest-1.16.15_es6.1.1.zip.zip
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
I don't know if this is the correct place to post this issue, but I am currently unable to download ReadonlyREST because Firefox and my WiFi router are rejecting https://readonlyrest.com/'s TLS certificate.
The Firefox error I'm getting is as follows:
https://readonlyrest.com/
Peer’s Certificate issuer is not recognized.
HTTP Strict Transport Security: false
HTTP Public Key Pinning: false
Certificate chain:
-----BEGIN CERTIFICATE-----
MIID4zCCAsugAwIBAgIRALub44QVvM8pAdYhoVesQlQwDQYJKoZIhvcNAQELBQAw
azELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFTATBgNVBAoTDFpz
Y2FsZXIgSW5jLjEQMA4GA1UECxMHWnNjYWxlcjEeMBwGA1UEAxMVYmxvY2tkLnBy
b2QuenBhdGgubmV0MB4XDTIwMTAxMzE3MzE1OVoXDTIxMTAxMzE3MzE1OVowTzEL
MAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEDAOBgNVBAoMB1pzY2Fs
ZXIxGTAXBgNVBAMMEHJlYWRvbmx5cmVzdC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmKVY4UAY5NZAR7yK9M27AApsdHs3bA3dWRCN9IdcHNupG
LOjY/GyfnoiJXJi7J3lFXfKevc/xLFl6/J4aU06Xzq6vYWqTKBNNy21Pn0Wq9RMy
nBV82z6H4Z9qIUZ95tpn97JhW0ZHS73UkwuBgQyb1htlbHUHxZL/ctwFJNaDq7/A
+Chkp8vA8NVG7lPWSmkPiL9kRx29EWZGl8RlNT0U1NeL0IVOpkbKSZ5SLTnQyVhD
0Z+Ly+VyNwk2v18mdu0m0QtsUlxYXYq+YJMz3p1FTWH9j+ZzYlrJy+lFTkWDn8UD
+tR27pnmugRysxlh9JGMIoGGrSiqAXcUu2f2gU11AgMBAAGjgZ0wgZowHwYDVR0j
BBgwFoAU2W+DtG8MMKyVFk8/snP1bvgH4DowHQYDVR0OBBYEFBWJcNdALYA89vwn
UVxCqC13+DkvMBsGA1UdEQQUMBKCEHJlYWRvbmx5cmVzdC5jb20wDgYDVR0PAQH/
BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8E
AjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCOlhuBYX9aTGWf3RFrGcztAvYsZqvWIaMq
sx5q5zlaQNMUdZvm76CPloREABS5tINsUZZtmIbyqAtAp+u8D1maRR5o3C7gjdg9
U9MbjCoK2m8T1zZPIU4xudCvAZcSZa+ufhNI57xpzxdvss0R/hPoBdtmQGruua7R
oRNuhasakKl1ZmS8JAwo71lXt4GF+o4gFOT0Oi2OtbsMY7XFD4SnVgZoPlia4NsS
5SVfbqlrkVK41b+b0/Oa8lK8yMDWtt3iLj5vJd7CiOet3F+lHTpO1ByaLpIhgTmF
ygtUvxabkEANPzza+tyaDfHu5EggOSeMrueYJvxGr5+JbUPerfIH
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDxzCCAq+gAwIBAgIEAPq83jANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMC
VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMRUwEwYD
VQQKEwxac2NhbGVyIEluYy4xFTATBgNVBAsTDFpzY2FsZXIgSW5jLjEYMBYGA1UE
AxMPWnNjYWxlciBSb290IENBMSIwIAYJKoZIhvcNAQkBFhNzdXBwb3J0QHpzY2Fs
ZXIuY29tMB4XDTE5MDIwNzIyNDU0OVoXDTQ2MDYyNTIyNDU0OVowazELMAkGA1UE
BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFTATBgNVBAoTDFpzY2FsZXIgSW5j
LjEQMA4GA1UECxMHWnNjYWxlcjEeMBwGA1UEAxMVYmxvY2tkLnByb2QuenBhdGgu
bmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhYCKYdi6OXJBmGp
LzefcxznZbzDYTupURn11cr8JYKjHNW3Kwf/VghBCtCZ8X5K+fiXbk9/MD5eXo93
2C6dzvR2QtHAXBUtQUCFPQyw0T7Zy7NjNQKd7d2CFlmxMq1eXxQoLk9Doa+Kef2T
PhsNpJWXKjcYmkfW5LCxDL+iZK+YeurlUDAxu4LLucqyqulzC8m0ubpSfpudXBAw
MSZB3nQ9K0zX0q/qpzhQyooFLkklQv9Y9IpSiPx0+hL6+b9f6GyCNN8NSsTkoziX
5ikeU19al53aGnRoFWx3roQTfaQTIHwULQxDEk1yWlvVq2fLIkFE9HurZwPgoxXu
kF/8pwIDAQABozwwOjAdBgNVHQ4EFgQU2W+DtG8MMKyVFk8/snP1bvgH4DowDAYD
VR0TBAUwAwEB/zALBgNVHQ8EBAMCAf4wDQYJKoZIhvcNAQELBQADggEBAJGkM48y
KMzMWHtNeAVAdLNKjxBZG5acZNBtNAzS27CSfuQls2F/6o5AznDsl0y7ePzLyjWT
083+kyr/R8wcPoigzva1JS2SMrrNoL/jwdf8uyKuswaj1aqOE98ow0w+KivOapNE
uneTW0V1z/BoFKgTXyurc0MByyhE2iAm9bHySPguboV5Ay0xZK+sxox3wqCLRqsU
wCXyf/iUR6hXpUMjSALtW719lIxNKHtEWRI341njzTzdszFm+vzejoWk0LsYs28/
vc9a2TfNXfjmlBgFs+RF/24oQPIQCycoIOYXrb7wK7fYUu4EzSslZc+0Pg8H4I30
OEmoec8umVMO52c=
-----END CERTIFICATE-----
If this is not the correct place to be posting this issue, could you forward/repost it wherever it would be? Thanks!
I have found the following issues with Elasticsearch plugin documentation:
log4j2.properties
, not a l4j2.properties
tech.beshu.ror.acl
, not org.elasticsearch.plugin.readonlyrest.acl
It is my understanding that the recommended place to put rules is a separate config file. However, most documentation still describes adding rules to elasticsearch.yml.
bin/elasticsearch-plugin install /tmp/readonlyrest-1.16.22_es6.3.0.zip
A tool for managing installed elasticsearch plugins
list - Lists installed elasticsearch plugins
install - Install a plugin
remove - removes a plugin from Elasticsearch
Non-option arguments:
command
Option Description
-h, --help show help
-s, --silent show minimal output
-v, --verbose show verbose output
ERROR: Unknown plugin /tmp/readonlyrest-1.16.22_es6.3.0.zip
hash is correct
I am using ReadonlyREST Free (ES) to force users to pass an api key for every request.
I've tried with versions 6.5.4 of Kibana, ES and plugin readonlyrest-1.16.33_es6.5.4.zip and also Kibana ES 6.2.4 with readonlyrest-1.16.33_es6.2.4.zip.
My readonlyrest.yml:
readonlyrest:
response_if_req_forbidden: "NOT ALLOWED!"
access_control_rules:
- name: "Accept all requests from localhost"
type: allow
hosts: [127.0.0.1]
uri_re: ^/*
- name: "Read key"
type: allow
api_keys: [myreadkey]
methods: [GET]
- name: "Write key"
type: allow
api_keys: [mywritekey]
It works for my REST quests:
curl -H 'X-Api-Key: myreadkey' http://10.XXX.XXX.XXX:9200/logs/_search?
kibana.yml has elasticsearch.customHeaders set to {"X-Api-Key":"myreadkey"}.
The problem is that Kibana does not work. Is there a way to configure Kibana to pass the keys for all of its requests? Do I have to create another kibana_access rule? How does it knows it really is Kibana calling? What is the recommended procedure in this case?
Hi,
I'm testing the ES plugin with elasticsearch 6.1.0 and kibana and I'm not able to get the kibana_access parameter working for read only operations.
According to the zip file, the version of the plugin is 1.16.15 with md5 93d5de0d2fe8315acbb2371d1f4bd9d6
This is the log I'm getting:
[2018-02-14T09:39:57,578][INFO ][t.b.r.a.ACL ] FORBIDDEN by default req={ ID:554508840-63789460#84, TYP:GetMappingsRequest, CGR:N/A, USR:bitergia, BRS:false, ACT:indices:admin/mappings/get, OA:172.17.0.3, IDX:.kibana, MET:GET, PTH:/.kibana/_mappings, CNT:<N/A>, HDR:Authorization,Connection,Content-Length,Host, HIS:[Accept requests from users in group admin->[groups->false]], [RO for Kibana->[kibana_access->false, auth_key->true]] }
And this is the setup I'm using:
readonlyrest:
#optional
response_if_req_forbidden: Sorry, your request is forbidden.
access_control_rules:
- name: Accept requests from users in group admin
groups: ["admin"]
- name: RO for Kibana
hosts: [172.17.0.3]
kibana_access: ro
kibana_index: ".kibana"
groups: ["readers"]
users:
- username: admin
auth_key_unix: admin:$6$rounds=65535$d07dnv4N$QeErsDT9Mz.ZoEPXW3dwQGL7tzwRz.eOrTBepIwfGEwdUAYSy/NirGoOaNyPx8lqiR6DYRSsDzVvVbhP4Y9wf0 #admin:test
groups: ["admin"]
- username: bitergia
auth_key: bitergia:bitergia # auth_key is good for testing but replace it with auth_key_sha1 for production!
groups: ["readers"]
Hi Team,
I'm using ELK with version 7.10.2 and after I execute kibana-plugin installation, i got this error
bash-4.4$ bin/kibana-plugin install "https://api.beshu.tech/download/trial?edition=kbn_enterprise&email=xxxxxx"
Attempting to transfer from https://api.beshu.tech/download/trial?edition=kbn_enterprise&email=xxxxxxx
Transferring 19357504 bytes....................
Transfer complete
Retrieving metadata from plugin archive
Plugin installation was unsuccessful due to error "No kibana plugins found in archive"
bash-4.4$ bin/kibana-plugin list
How to use this plugins?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.