No matter what I config elasticsearch.username and elasticsearch.password in kibana.yml and no matter what valid user I really use, Kibana access ES always with user “kibanaserver”.
such as I have logined in with admin, I want to view all indices in index management, then es log print error:
[2018-10-09T23:12:35,644][INFO ][c.f.s.c.PrivilegesEvaluator] No index-level perm match for User [name=kibanaserver, roles=, requestedTenant=null] Resolved [aliases=[], indices=[], allIndices=[], types=[], isAll()=true, isEmpty()=false] [Action [indices:monitor/stats]] [RolesChecked [sg_own_index, sg_kibana_server]]
[2018-10-09T23:12:35,644][INFO ][c.f.s.c.PrivilegesEvaluator] No permissions for [indices:monitor/stats]
When asking questions, please provide the following information:
- Search Guard and Elasticsearch version
SG 6.4.0.15 6.4.0
- Installed and used enterprise modules, if any
ES SG plugin, Kibana SG plugin
- JVM version and operating system version
jvm 8, centos 7
-
Search Guard configuration files
-
Elasticsearch log messages on debug level
-
Other installed Elasticsearch or Kibana plugins, if any
Can you please post your SG config files and the kibana.yml you are using?
···
On Tuesday, October 9, 2018 at 5:14:40 PM UTC+2, tuser4198@gmail.com wrote:
No matter what I config elasticsearch.username and elasticsearch.password in kibana.yml and no matter what valid user I really use, Kibana access ES always with user “kibanaserver”.
such as I have logined in with admin, I want to view all indices in index management, then es log print error:
[2018-10-09T23:12:35,644][INFO ][c.f.s.c.PrivilegesEvaluator] No index-level perm match for User [name=kibanaserver, roles=, requestedTenant=null] Resolved [aliases=[], indices=[], allIndices=[], types=[], isAll()=true, isEmpty()=false] [Action [indices:monitor/stats]] [RolesChecked [sg_own_index, sg_kibana_server]]
[2018-10-09T23:12:35,644][INFO ][c.f.s.c.PrivilegesEvaluator] No permissions for [indices:monitor/stats]
When asking questions, please provide the following information:
- Search Guard and Elasticsearch version
SG 6.4.0.15 6.4.0
- Installed and used enterprise modules, if any
ES SG plugin, Kibana SG plugin
- JVM version and operating system version
jvm 8, centos 7
- Search Guard configuration files
- Elasticsearch log messages on debug level
- Other installed Elasticsearch or Kibana plugins, if any
sg_config.yml is default.
kibana.yml:
server.port: 5601
server.host: “0.0.0.0”
server.name: “kibana-beta”
elasticsearch.username: “kibanaserver”
elasticsearch.password: “kibanaserver”
xpack.security.enabled: false
xpack.monitoring.kibana.collection.enabled: false
xpack.monitoring.ui.enabled: false
Optional setting that enables you to specify a path to the PEM file for the certificate
authority for your Elasticsearch instance.
elasticsearch.ssl.certificateAuthorities: [ “/usr/local/kibana/config/root-ca.pem” ]
elasticsearch.ssl.verificationMode: certificate
Specifies the path where Kibana creates the process ID file.
pid.file: /data/kibana/run/kibana.pid
Enables you specify a file where Kibana stores log output.
logging.dest: /data/kibana/logs/sys.log
path.data: /data/kibana/data/
searchguard.readonly_mode.roles: [“sg_readall”, …]
``
在 2018年10月10日星期三 UTC+8上午1:33:53,Jochen Kressin写道:
···
Can you please post your SG config files and the kibana.yml you are using?
On Tuesday, October 9, 2018 at 5:14:40 PM UTC+2, tuse...@gmail.com wrote:
No matter what I config elasticsearch.username and elasticsearch.password in kibana.yml and no matter what valid user I really use, Kibana access ES always with user “kibanaserver”.
such as I have logined in with admin, I want to view all indices in index management, then es log print error:
[2018-10-09T23:12:35,644][INFO ][c.f.s.c.PrivilegesEvaluator] No index-level perm match for User [name=kibanaserver, roles=, requestedTenant=null] Resolved [aliases=[], indices=[], allIndices=[], types=[], isAll()=true, isEmpty()=false] [Action [indices:monitor/stats]] [RolesChecked [sg_own_index, sg_kibana_server]]
[2018-10-09T23:12:35,644][INFO ][c.f.s.c.PrivilegesEvaluator] No permissions for [indices:monitor/stats]
When asking questions, please provide the following information:
- Search Guard and Elasticsearch version
SG 6.4.0.15 6.4.0
- Installed and used enterprise modules, if any
ES SG plugin, Kibana SG plugin
- JVM version and operating system version
jvm 8, centos 7
- Search Guard configuration files
- Elasticsearch log messages on debug level
- Other installed Elasticsearch or Kibana plugins, if any
hi,
I also have the same problem and I am troubleshooting since one week. did you find any solution?
thanks
···
Hi,
Did anyone find a solution for this? I’m also having the same problem.
Thanks
···
On Wednesday, October 10, 2018 at 8:48:20 AM UTC+8, tuse...@gmail.com wrote:
sg_config.yml is default.
kibana.yml:
server.port: 5601
server.host: “0.0.0.0”
server.name: “kibana-beta”
elasticsearch.username: “kibanaserver”
elasticsearch.password: “kibanaserver”
xpack.security.enabled: false
xpack.monitoring.kibana.collection.enabled: false
xpack.monitoring.ui.enabled: false
Optional setting that enables you to specify a path to the PEM file for the certificate
authority for your Elasticsearch instance.
elasticsearch.ssl.certificateAuthorities: [ “/usr/local/kibana/config/root-ca.pem” ]
elasticsearch.ssl.verificationMode: certificate
Specifies the path where Kibana creates the process ID file.
pid.file: /data/kibana/run/kibana.pid
Enables you specify a file where Kibana stores log output.
logging.dest: /data/kibana/logs/sys.log
path.data: /data/kibana/data/
searchguard.readonly_mode.roles: [“sg_readall”, …]
``
在 2018年10月10日星期三 UTC+8上午1:33:53,Jochen Kressin写道:
Can you please post your SG config files and the kibana.yml you are using?
On Tuesday, October 9, 2018 at 5:14:40 PM UTC+2, tuse...@gmail.com wrote:
No matter what I config elasticsearch.username and elasticsearch.password in kibana.yml and no matter what valid user I really use, Kibana access ES always with user “kibanaserver”.
such as I have logined in with admin, I want to view all indices in index management, then es log print error:
[2018-10-09T23:12:35,644][INFO ][c.f.s.c.PrivilegesEvaluator] No index-level perm match for User [name=kibanaserver, roles=, requestedTenant=null] Resolved [aliases=[], indices=[], allIndices=[], types=[], isAll()=true, isEmpty()=false] [Action [indices:monitor/stats]] [RolesChecked [sg_own_index, sg_kibana_server]]
[2018-10-09T23:12:35,644][INFO ][c.f.s.c.PrivilegesEvaluator] No permissions for [indices:monitor/stats]
When asking questions, please provide the following information:
- Search Guard and Elasticsearch version
SG 6.4.0.15 6.4.0
- Installed and used enterprise modules, if any
ES SG plugin, Kibana SG plugin
- JVM version and operating system version
jvm 8, centos 7
- Search Guard configuration files
- Elasticsearch log messages on debug level
- Other installed Elasticsearch or Kibana plugins, if any
Such an issue never surfaced anywhere in the integration tests, so we need to debug a bit.
A couple of questions:
You write: "No matter what I config elasticsearch.username and elasticsearch.password in kibana.yml … ". Do you mean that changing these values has no effect? So if you change kibanaserver to something else Kibana will still start? This should not be the case because if these credentials are not correct Kibana can’t connect to Elasticsearch at all.
You write " no matter what valid user I really use". This means you are using Basic Authentication and use the Search Guard login form to log in, correct?
Can you open the Developer Tools in your browser (Chrome example attached) and inspect the HTTP POST request that us authenticating the user (see screenshot)?
And can you inspect the session storage after you logged in? You should see a user entry, what is the value?
If you navigate to the “Tenants” page, what role is displayed in the upper right corner (also see Screenshot).
···
On Wednesday, October 10, 2018 at 2:48:20 AM UTC+2, tuser4198@gmail.com wrote:
sg_config.yml is default.
kibana.yml:
server.port: 5601
server.host: “0.0.0.0”
server.name: “kibana-beta”
elasticsearch.username: “kibanaserver”
elasticsearch.password: “kibanaserver”
xpack.security.enabled: false
xpack.monitoring.kibana.collection.enabled: false
xpack.monitoring.ui.enabled: false
Optional setting that enables you to specify a path to the PEM file for the certificate
authority for your Elasticsearch instance.
elasticsearch.ssl.certificateAuthorities: [ “/usr/local/kibana/config/root-ca.pem” ]
elasticsearch.ssl.verificationMode: certificate
Specifies the path where Kibana creates the process ID file.
pid.file: /data/kibana/run/kibana.pid
Enables you specify a file where Kibana stores log output.
logging.dest: /data/kibana/logs/sys.log
path.data: /data/kibana/data/
searchguard.readonly_mode.roles: [“sg_readall”, …]
``
在 2018年10月10日星期三 UTC+8上午1:33:53,Jochen Kressin写道:
Can you please post your SG config files and the kibana.yml you are using?
On Tuesday, October 9, 2018 at 5:14:40 PM UTC+2, tuse...@gmail.com wrote:
No matter what I config elasticsearch.username and elasticsearch.password in kibana.yml and no matter what valid user I really use, Kibana access ES always with user “kibanaserver”.
such as I have logined in with admin, I want to view all indices in index management, then es log print error:
[2018-10-09T23:12:35,644][INFO ][c.f.s.c.PrivilegesEvaluator] No index-level perm match for User [name=kibanaserver, roles=, requestedTenant=null] Resolved [aliases=[], indices=[], allIndices=[], types=[], isAll()=true, isEmpty()=false] [Action [indices:monitor/stats]] [RolesChecked [sg_own_index, sg_kibana_server]]
[2018-10-09T23:12:35,644][INFO ][c.f.s.c.PrivilegesEvaluator] No permissions for [indices:monitor/stats]
When asking questions, please provide the following information:
- Search Guard and Elasticsearch version
SG 6.4.0.15 6.4.0
- Installed and used enterprise modules, if any
ES SG plugin, Kibana SG plugin
- JVM version and operating system version
jvm 8, centos 7
- Search Guard configuration files
- Elasticsearch log messages on debug level
- Other installed Elasticsearch or Kibana plugins, if any
