7.0 Upgrade assistant cluster issue needs to be resolved

mattsdevop · August 13, 2019, 1:45pm

Correct, still getting that same message in the logs. Here’s what comes before and after it with debug logging enabled for SearchGuard. Line 15 in the log below is the warning.

[2019-08-13T09:10:52,181][DEBUG][c.f.s.a.BackendRegistry  ] [hostname] Check authdomain for rest internal/4 or 2 in total
[2019-08-13T09:10:52,182][DEBUG][c.f.s.a.BackendRegistry  ] [hostname] Rest user 'User [name=CN=LDAP User, backend_roles=[Elk-Admins, Web-Admins, Slack-Users, Operations, Employees, All, CustomerSupport, Other-Admins, Other-Users], requestedTenant=null]' is authenticated
[2019-08-13T09:10:52,182][DEBUG][c.f.s.a.BackendRegistry  ] [hostname] sgtenant 'null'
[2019-08-13T09:10:52,188][DEBUG][c.f.s.s.ConfigModelV7    ] [hostname] Pass backendroles from User [name=CN=LDAP User, backend_roles=[Elk-Admins, Web-Admins, Slack-Users, Operations, Employees, All, CustomerSupport, Other-Admins, Other-Users], requestedTenant=null]
[2019-08-13T09:10:52,188][DEBUG][c.f.s.p.PrivilegesEvaluator] [hostname] ### evaluate permissions for User [name=CN=LDAP User, backend_roles=[Elk-Admins, Web-Admins, Slack-Users, Operations, Employees, All, CustomerSupport, Other-Admins, Other-Users], requestedTenant=null] on hostname
[2019-08-13T09:10:52,188][DEBUG][c.f.s.p.PrivilegesEvaluator] [hostname] action: indices:data/write/update (UpdateRequest)
[2019-08-13T09:10:52,189][DEBUG][c.f.s.r.IndexResolverReplacer] [hostname] Resolve aliases, indices and types from UpdateRequest
[2019-08-13T09:10:52,189][DEBUG][c.f.s.r.IndexResolverReplacer] [hostname] Resolved pattern [.kibana] to [.kibana_4]
[2019-08-13T09:10:52,189][DEBUG][c.f.s.p.PrivilegesEvaluator] [hostname] requestedResolved : Resolved [aliases=[.kibana], indices=[], allIndices=[.kibana_4], types=[*], originalRequested=[.kibana], remoteIndices=[]]
[2019-08-13T09:10:52,189][DEBUG][c.f.s.p.PrivilegesEvaluator] [hostname] requested [indices:data/write/update] from 192.168.2.5:58022
[2019-08-13T09:10:52,189][DEBUG][c.f.s.p.PrivilegesEvaluator] [hostname] requested resolved indextypes: Resolved [aliases=[.kibana], indices=[], allIndices=[.kibana_4], types=[*], originalRequested=[.kibana], remoteIndices=[]]
[2019-08-13T09:10:52,190][DEBUG][c.f.s.p.PrivilegesEvaluator] [hostname] sgr: [sg_own_index, Elk-Admins]
[2019-08-13T09:10:52,190][DEBUG][c.f.s.c.PrivilegesInterceptorImpl] [hostname] raw requestedTenant: 'null'
[2019-08-13T09:10:52,190][DEBUG][c.f.s.c.PrivilegesInterceptorImpl] [hostname] request class org.elasticsearch.action.update.UpdateRequest
[2019-08-13T09:10:52,190][WARN ][c.f.s.c.PrivilegesInterceptorImpl] [hostname] Tenant SGS_GLOBAL_TENANT is not allowed to write (user: CN=LDAP User)
[2019-08-13T09:10:52,190][DEBUG][c.f.s.p.PrivilegesEvaluator] [hostname] Result from privileges interceptor: true
[2019-08-13T09:10:52,192][DEBUG][c.f.s.f.SearchGuardFilter] [hostname] PrivEvalResponse [allowed=false, missingPrivileges=[indices:data/write/update], allowedFlsFields=null, maskedFields=null, queries=null]
[2019-08-13T09:10:52,193][DEBUG][c.f.s.f.SearchGuardFilter] [hostname] no permissions for [indices:data/write/update]
[2019-08-13T09:10:52,201][DEBUG][c.f.s.a.BackendRegistry  ] [hostname] Check authdomain for rest internal/4 or 2 in total
[2019-08-13T09:10:52,201][DEBUG][c.f.s.a.BackendRegistry  ] [hostname] Rest user 'User [name=kibanaserver, backend_roles=[], requestedTenant=null]' is authenticated
[2019-08-13T09:10:52,202][DEBUG][c.f.s.a.BackendRegistry  ] [hostname] sgtenant 'null'
[2019-08-13T09:10:52,202][DEBUG][c.f.s.s.ConfigModelV7    ] [hostname] Pass backendroles from User [name=kibanaserver, backend_roles=[], requestedTenant=null]
[2019-08-13T09:10:52,202][DEBUG][c.f.s.p.PrivilegesEvaluator] [hostname] ### evaluate permissions for User [name=kibanaserver, backend_roles=[], requestedTenant=null] on hostname
[2019-08-13T09:10:52,202][DEBUG][c.f.s.p.PrivilegesEvaluator] [hostname] action: cluster:monitor/xpack/info (XPackInfoRequest)
[2019-08-13T09:10:52,202][DEBUG][c.f.s.r.IndexResolverReplacer] [hostname] Resolve aliases, indices and types from XPackInfoRequest
[2019-08-13T09:10:52,202][DEBUG][c.f.s.r.IndexResolverReplacer] [hostname] class org.elasticsearch.protocol.xpack.XPackInfoRequest not supported (It is likely not a indices related request)
[2019-08-13T09:10:52,202][DEBUG][c.f.s.p.PrivilegesEvaluator] [hostname] requestedResolved : Resolved [aliases=[*], indices=[*], allIndices=[*], types=[*], originalRequested=[], remoteIndices=[]]
[2019-08-13T09:10:52,203][DEBUG][c.f.s.c.PrivilegesInterceptorImpl] [hostname] raw requestedTenant: 'null'
[2019-08-13T09:10:52,203][DEBUG][c.f.s.p.PrivilegesEvaluator] [hostname] Result from privileges interceptor for cluster perm: null
[2019-08-13T09:10:52,203][DEBUG][c.f.s.p.PrivilegesEvaluator] [hostname] Allowed because we have cluster permissions for cluster:monitor/xpack/info
[2019-08-13T09:10:52,203][DEBUG][c.f.s.f.SearchGuardFilter] [hostname] PrivEvalResponse [allowed=true, missingPrivileges=[], allowedFlsFields=null, maskedFields=null, queries=null]
[2019-08-13T09:10:52,442][DEBUG][c.f.s.a.BackendRegistry  ] [hostname] Check authdomain for rest internal/4 or 2 in total
[2019-08-13T09:10:52,442][DEBUG][c.f.s.a.BackendRegistry  ] [hostname] Rest user 'User [name=logstash, backend_roles=[logstash], requestedTenant=null]' is authenticated
[2019-08-13T09:10:52,442][DEBUG][c.f.s.a.BackendRegistry  ] [hostname] sgtenant 'null'
[2019-08-13T09:10:52,442][DEBUG][c.f.s.s.ConfigModelV7    ] [hostname] Pass backendroles from User [name=logstash, backend_roles=[logstash], requestedTenant=null]
[2019-08-13T09:10:52,443][DEBUG][c.f.s.p.PrivilegesEvaluator] [hostname] ### evaluate permissions for User [name=logstash, backend_roles=[logstash], requestedTenant=null] on hostname
[2019-08-13T09:10:52,443][DEBUG][c.f.s.p.PrivilegesEvaluator] [hostname] action: indices:data/write/bulk (BulkRequest)
[2019-08-13T09:10:52,443][DEBUG][c.f.s.r.IndexResolverReplacer] [hostname] Resolve aliases, indices and types from BulkRequest
[2019-08-13T09:10:52,443][DEBUG][c.f.s.r.IndexResolverReplacer] [hostname] Resolved pattern [client-env-2019.08.13] to [client-env-2019.08.13]

Topic		Replies	Views
ELK 6.7.2 No permissions for [indices:data/read/search] on .kibana_task_manager index Search Guard	5	14261	July 1, 2019
Kibana status red - no permissions for [indices:admin/mappings/get] Search Guard	6	3195	May 4, 2018
SG 6.5.1 [security_exception] no permissions for [indices:admin/create] how to fix ? Search Guard	1	3099	December 3, 2018
Search guard kibana not working. Search Guard	4	405	January 25, 2018
internal users not working Search Guard	2	811	January 1, 2019

7.0 Upgrade assistant cluster issue needs to be resolved

Related topics