ELK 6.5.4 Search Guard 24.0 - missing Search Guard tab

I have four Ubuntu 18.04 systems that are updated regularly.

I installed Elasticsearch 6.5.4 and SearchGuard 24.0 on three of them.

I installed Kibana 6.5.4 on the fourth machine, which has much less disk space.

I get a Search Guard splash page for login, admin/admin works …

But there is no Search Guard tab. Kibana otherwise appears normal.

I had this same problem a few weeks ago, could really use a pointer here …

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version

  • Installed and used enterprise modules, if any

  • JVM version and operating system version

  • Search Guard configuration files

  • Elasticsearch log messages on debug level

  • Other installed Elasticsearch or Kibana plugins, if any

Can you post your elasticsearch.yml and kibana.yml?

···

Am 25.12.2018 um 07:32 schrieb Neal Rauhauser <nrauhauser@gmail.com>:

I have four Ubuntu 18.04 systems that are updated regularly.

I installed Elasticsearch 6.5.4 and SearchGuard 24.0 on three of them.

I installed Kibana 6.5.4 on the fourth machine, which has much less disk space.

I get a Search Guard splash page for login, admin/admin works ...

But there is no Search Guard tab. Kibana otherwise appears normal.

I had this same problem a few weeks ago, could really use a pointer here ...

When asking questions, please provide the following information:

* Search Guard and Elasticsearch version
* Installed and used enterprise modules, if any
* JVM version and operating system version
* Search Guard configuration files
* Elasticsearch log messages on debug level
* Other installed Elasticsearch or Kibana plugins, if any

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d6040c3c-1679-4ae5-914a-a8144de0ad2c%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.

I can do a bit better than that.

The Search Guard tab will be available if all three Elastic machines and the Kibana machine get restarted.

Some times it goes away again. A Kibana restart may fix it.

When the tab is not visible in Kibana, Search Guard is still there - I bookmarked it when it was active, and that bookmark works, even if the tab is hidden.

I am working on a how to install basic Search Guard document, if I can reproduce it with VMs I will detail what happens …

···

Wire:nrauhauser

sms:202-642-1717

mailto:nrauhauser@gmail.com//

can you file a github issue for this?

···

Am 26.12.2018 um 04:01 schrieb neal rauhauser <nrauhauser@gmail.com>:

I can do a bit better than that.

The Search Guard tab will be available if all three Elastic machines and the Kibana machine get restarted.

Some times it goes away again. A Kibana restart may fix it.

When the tab is not visible in Kibana, Search Guard is still there - I bookmarked it when it was active, and that bookmark works, even if the tab is hidden.

I am working on a how to install basic Search Guard document, if I can reproduce it with VMs I will detail what happens ...

On Tue, Dec 25, 2018 at 1:37 AM SG <info@search-guard.com> wrote:
Can you post your elasticsearch.yml and kibana.yml?

> Am 25.12.2018 um 07:32 schrieb Neal Rauhauser <nrauhauser@gmail.com>:
>
>
> I have four Ubuntu 18.04 systems that are updated regularly.
>
> I installed Elasticsearch 6.5.4 and SearchGuard 24.0 on three of them.
>
> I installed Kibana 6.5.4 on the fourth machine, which has much less disk space.
>
> I get a Search Guard splash page for login, admin/admin works ...
>
> But there is no Search Guard tab. Kibana otherwise appears normal.
>
>
> I had this same problem a few weeks ago, could really use a pointer here ...
>
>
>
>
> When asking questions, please provide the following information:
>
> * Search Guard and Elasticsearch version
> * Installed and used enterprise modules, if any
> * JVM version and operating system version
> * Search Guard configuration files
> * Elasticsearch log messages on debug level
> * Other installed Elasticsearch or Kibana plugins, if any
>
> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
> To post to this group, send email to search-guard@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d6040c3c-1679-4ae5-914a-a8144de0ad2c%40googlegroups.com\.
> For more options, visit https://groups.google.com/d/optout\.

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/02E36F2E-8255-4820-B31B-64CD1A0F2FA2%40search-guard.com\.
For more options, visit https://groups.google.com/d/optout\.

--
Wire:nrauhauser
sms:202-642-1717
mailto:nrauhauser@gmail.com//

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAMw-JPfPKo36kYF25f%3Dm4KrmWhHFGPCBPgMoH%2BiK1iJhpmi%2B3w%40mail.gmail.com\.
For more options, visit https://groups.google.com/d/optout\.

Yeah, this coming week I have much to do with Search Guard stuff, I will reproduce it, document the details, and submit.

···

Wire:nrauhauser

sms:202-642-1717

mailto:nrauhauser@gmail.com//

Sorry to be very late to the game, but I might be able to add a bit more context.

The Kibana plugin queries ES/SG on startup for a number of capabilities / active features (“systeminfo”), including the availability of the REST API and the installed license. Based on the response the SG navigation entry is either hidden or displayed. If the plugin cannot reach Elasticsearch or if the Search Guard fails to list the active modules, the nav link is hidden. The latter can happen when you run different SG version on your nodes for example.

The “systeminfo” JSON object is stored in the local storage of the browser and is fetched again when it is missing. So if this happens again the first thing you can check is the contents of the systeminfo in the local storage. Should look like:

{

"_nodes": {

	"total": 1,

	"successful": 1,

	"failed": 0

},

"cluster_name": "searchguard_demo",

"sg_license": {

	"uid": "00000000-0000-0000-0000-000000000000",

	"type": "TRIAL",

	"features": ["COMPLIANCE"],

	"issue_date": "2019-01-09",

	"expiry_date": "2019-03-10",

	"issued_to": "The world",

	"issuer": "floragunn GmbH",

	"start_date": "2019-01-09",

	"major_version": 6,

	"cluster_name": "*",

	"msgs": [],

	"expiry_in_days": 41,

	"is_expired": false,

	"is_valid": true,

	"action": "",

	"prod_usage": "Yes, one cluster with all commercial features and unlimited nodes per cluster.",

	"license_required": true,

	"allowed_node_count_per_cluster": "unlimited"

},

"modules": {

	"DLSFLS": {

		"default_implementation": "com.floragunn.searchguard.configuration.SearchGuardFlsDlsIndexSearcherWrapper",

		"gitsha1": "235bd4878e84466b7e5d1dfab0533c8a1085a4a2",

		"buildTime": "2018-12-20T14:12:55Z",

		"is_enterprise": "true",

		"actual_implementation": "com.floragunn.searchguard.configuration.SearchGuardFlsDlsIndexSearcherWrapper",

		"description": "Document- and Field-Level Security",

		"type": "DLSFLS",

		"version": "6.5.4-33.0"

	},

	"REST_MANAGEMENT_API": {

		"default_implementation": "com.floragunn.searchguard.dlic.rest.api.SearchGuardRestApiActions",

		"gitsha1": "235bd4878e84466b7e5d1dfab0533c8a1085a4a2",

		"buildTime": "2018-12-20T14:12:55Z",

		"is_enterprise": "true",

		"actual_implementation": "com.floragunn.searchguard.dlic.rest.api.SearchGuardRestApiActions",

		"description": "REST Management API",

		"type": "REST_MANAGEMENT_API",

		"version": "6.5.4-33.0"

	},

	"NOOP_AUTHENTICATION_BACKEND": {

		"default_implementation": "com.floragunn.searchguard.auth.internal.NoOpAuthenticationBackend",

		"gitsha1": "5b103dfc11acb01dfc020329925fb6d2f435a0f7",

		"buildTime": "2018-12-20T14:13:44Z",

		"is_enterprise": "false",

		"actual_implementation": "com.floragunn.searchguard.auth.internal.NoOpAuthenticationBackend",

		"description": "Noop authentication backend",

		"type": "NOOP_AUTHENTICATION_BACKEND",

		"version": "6.5.4-24.0"

	},

	"MULTITENANCY": {

		"default_implementation": "com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl",

		"gitsha1": "235bd4878e84466b7e5d1dfab0533c8a1085a4a2",

		"buildTime": "2018-12-20T14:12:55Z",

		"is_enterprise": "true",

		"actual_implementation": "com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl",

		"description": "Kibana Multitenancy",

		"type": "MULTITENANCY",

		"version": "6.5.4-33.0"

	},

	"AUDITLOG": {

		"default_implementation": "com.floragunn.searchguard.auditlog.impl.AuditLogImpl",

		"gitsha1": "235bd4878e84466b7e5d1dfab0533c8a1085a4a2",

		"buildTime": "2018-12-20T14:12:55Z",

		"is_enterprise": "true",

		"actual_implementation": "com.floragunn.searchguard.auditlog.impl.AuditLogImpl",

		"description": "Audit Logging",

		"type": "AUDITLOG",

		"version": "6.5.4-33.0"

	},

	"HTTP_PROXY_AUTHENTICATOR": {

		"default_implementation": "com.floragunn.searchguard.http.HTTPProxyAuthenticator",

		"gitsha1": "5b103dfc11acb01dfc020329925fb6d2f435a0f7",

		"buildTime": "2018-12-20T14:13:44Z",

		"is_enterprise": "false",

		"actual_implementation": "com.floragunn.searchguard.http.HTTPProxyAuthenticator",

		"description": "HTTP Proxy Authenticator",

		"type": "HTTP_PROXY_AUTHENTICATOR",

		"version": "6.5.4-24.0"

	},

	"INTERNAL_USERS_AUTHENTICATION_BACKEND": {

		"default_implementation": "com.floragunn.searchguard.auth.internal.InternalAuthenticationBackend",

		"gitsha1": "5b103dfc11acb01dfc020329925fb6d2f435a0f7",

		"buildTime": "2018-12-20T14:13:44Z",

		"is_enterprise": "false",

		"actual_implementation": "com.floragunn.searchguard.auth.internal.InternalAuthenticationBackend",

		"description": "Internal users authentication backend",

		"type": "INTERNAL_USERS_AUTHENTICATION_BACKEND",

		"version": "6.5.4-24.0"

	},

	"HTTP_BASIC_AUTHENTICATOR": {

		"default_implementation": "com.floragunn.searchguard.http.HTTPBasicAuthenticator",

		"gitsha1": "5b103dfc11acb01dfc020329925fb6d2f435a0f7",

		"buildTime": "2018-12-20T14:13:44Z",

		"is_enterprise": "false",

		"actual_implementation": "com.floragunn.searchguard.http.HTTPBasicAuthenticator",

		"description": "HTTP Basic Authenticator",

		"type": "HTTP_BASIC_AUTHENTICATOR",

		"version": "6.5.4-24.0"

	}

},

"compatibility": {

	"modules_mismatch": false

}

}

``

The REST_MANAGEMENT_API should be present, and modules_mismatch should be false.

I guess in the end we need a more robust check here which can also handle intermittent network/communication failures.

···

On Thursday, January 3, 2019 at 12:04:10 PM UTC+1, Neal Rauhauser wrote:

Yeah, this coming week I have much to do with Search Guard stuff, I will reproduce it, document the details, and submit.

On Thu, Jan 3, 2019 at 2:29 AM SG info@search-guard.com wrote:

can you file a github issue for this?

Am 26.12.2018 um 04:01 schrieb neal rauhauser nrauhauser@gmail.com:

I can do a bit better than that.

The Search Guard tab will be available if all three Elastic machines and the Kibana machine get restarted.

Some times it goes away again. A Kibana restart may fix it.

When the tab is not visible in Kibana, Search Guard is still there - I bookmarked it when it was active, and that bookmark works, even if the tab is hidden.

I am working on a how to install basic Search Guard document, if I can reproduce it with VMs I will detail what happens …

On Tue, Dec 25, 2018 at 1:37 AM SG info@search-guard.com wrote:

Can you post your elasticsearch.yml and kibana.yml?

Am 25.12.2018 um 07:32 schrieb Neal Rauhauser nrauhauser@gmail.com:

I have four Ubuntu 18.04 systems that are updated regularly.

I installed Elasticsearch 6.5.4 and SearchGuard 24.0 on three of them.

I installed Kibana 6.5.4 on the fourth machine, which has much less disk space.

I get a Search Guard splash page for login, admin/admin works …

But there is no Search Guard tab. Kibana otherwise appears normal.

I had this same problem a few weeks ago, could really use a pointer here …

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version
  • Installed and used enterprise modules, if any
  • JVM version and operating system version
  • Search Guard configuration files
  • Elasticsearch log messages on debug level
  • Other installed Elasticsearch or Kibana plugins, if any

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d6040c3c-1679-4ae5-914a-a8144de0ad2c%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/02E36F2E-8255-4820-B31B-64CD1A0F2FA2%40search-guard.com.

For more options, visit https://groups.google.com/d/optout.

Wire:nrauhauser

sms:202-642-1717

mailto:nrauhauser@gmail.com//

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAMw-JPfPKo36kYF25f%3Dm4KrmWhHFGPCBPgMoH%2BiK1iJhpmi%2B3w%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CC6DB879-2ADA-4211-A188-71A47F91BD96%40search-guard.com.

For more options, visit https://groups.google.com/d/optout.


Wire:nrauhauser

sms:202-642-1717

mailto:nrauhauser@gmail.com//

Thanks Jochen.

I find that I am seeing it much less now that I’ve upgraded hardware, and a single logout/log back in has fixed it. Startling to a new user, but not a major problem …

···

Wire:nrauhauser

sms:202-642-1717

mailto:nrauhauser@gmail.com//