Elasticsearch version: 7.10.0
Kibana version (if relevant): 7.10.0
Describe the issue:
I have installed and configured searchguard for elasticsearch and kibana. The problem is that “Accountinfo” and “Multitenancy” are disabled at kibana.
I´ve configured multitenancy options at sg_config.yml and kibana.yml, but “Multitenancy” is still disabled.
¿How can I enable Multitenancy and Accountinfo at kibana?
Screenshots (if relevant):
Thanks,
AdminUnix.
Hi.
You have to do the following configurations to make it work.
sg_config.yml
sg_config:
dynamic:
kibana:
multitenancy_enabled: true
kibana.yml
elasticsearch.requestHeadersWhitelist: [ "sgtenant", "authorization" ]
searchguard.multitenancy.enabled: true
searchguard.accountinfo.enabled: true
If you still have the problem, share the following
Hi Sergii,
Thank you for your answer. I´ve configured all you posted but Accountinfo and Multitenancy are still disabled. I dont know why.
ELASTICSEARCH CONFIG
elasticsearch.yml (1.1 KB)
KIBANA CONFIG
Kibana has these environment variables:
SERVER_HOST=0.0.0.0
SERVER_NAME=kibana
XPACK_SECURITY_ENABLED=false
ELASTICSEARCH_USERNAME=kibanaserver
ELASTICSEARCH_PASSWORD=******
ELASTICSEARCH_HOSTS=https://myurl:9200
ELASTICSEARCH_SSL_VERIFICATIONMODE=none
SEARCHGUARD_AUTH_TYPE=basicauth
SEARCHGUARD_MULTITENANCY_ENABLED=true
SEARCHGUARD_ACCOUNTINFO_ENABLED=true
kibana.yml file has this line:
elasticsearch.requestHeadersWhitelist: [ "sgtenant", "Authorization", "authorization" ]
LOGS
kibana.log (12.2 KB) elasticsearch.log (146.8 KB)
Thank you,
Regards.
Can you share kibana.yml?
Are you sure the Kibana has access to the environment variables? Try to hardcode the the following values.
kibana.yml
searchguard.multitenancy.enabled: true
searchguard.accountinfo.enabled: true
I´ve configured searchguard.multitenancy.enabled and searchguard.accountinfo.enabled at kibana.yml and now are enable.
It seems Kibana not load correctly environment variables.
For example, multitenancy show me this error at kibana if I configure ELASTICSEARCH_USERNAME=kibanaserver environment variable:
Mismatch… Configured username on Kibana: ‘kibana_system’, configured username on Elasticsearch: ‘kibanaserver’
If I configure elasticsearch.username: kibanaserver at kibana.yml, everything works fine.
First, double-check that you put all the environment variables in the kibana.yml properly, for example, elasticsearch.username=${ELASTICSEARCH_USERNAME}. Read more Use environment variables in the configuration | Packetbeat Reference [8.4] | Elastic
Second, access the Kibana server as the Kibana system user. Then verify if you see the environment variables. For example, on Linux
su kibana
echo $ELASTICSEARCH_USERNAME
We have a infra with a kubernetes cluster so the environment variables we use are described at Install Kibana with Docker | Kibana Guide [8.4] | Elastic
Environment variables are not inside kibana.yml file in this case. The solution for us is configured kibana.yml file and copied it inside the container with the Dockerfile.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.