Hi All,
I was checking SG’s product page and its info here Search Guard Security | Securing your Elasticsearch cluster with Search Guard
In the 3rd and 5th point it says that Role-based access control and HTTP Basic authentication is allowed in the community version.
So I removed enterprise version using :-
searchguard.enterprise_modules_enabled: false
in elasticsearch.yml file.
But when I try to start Kibana it shows the following huge error(Check Kibana Logs in the end of this post)
1) Can I have a simple authentication page for Kibana under Community version such that a user can log in before using anything?
MY USE CASE:-
My ES(community version as well) is non-prod node I installed for use in PoC. I have created a simple Dashboard and want only my Manager to log in and see my dashboard. So there is only 1 user i.e Manager with readall access and me as admin(defaultSG user) to upload data and create Dashboard.
I do not need Kibana Multitenancy, or other high end features as of now.
2) Is it possible to do this in Community version of SG, such that only me and my manager can access the link I share?
3) If not, is there an alternate option for this simple use case?
Kibana logs:-
C:\Users\path\Desktop\ELK Sandbox\kibana-6.2.4-windows-x86_64>bin\kibana.bat
error [06:40:04.058] [fatal] ValidationError: child "searchguard" fails becaus
e ["enterprise_modules_enabled" is not allowed]
at Object.exports.process (C:\Users\path\Desktop\ELK Sandbox\kibana-6.2.4
-windows-x86_64\node_modules\joi\lib\errors.js:181:19)
at _validateWithOptions (C:\Users\path\Desktop\ELK Sandbox\kibana-6.2.4-w
indows-x86_64\node_modules\joi\lib\any.js:651:31)
at root.validate (C:\Users\path\Desktop\ELK Sandbox\kibana-6.2.4-windows-
x86_64\node_modules\joi\lib\index.js:121:23)
at Config._commit (C:\Users\path\Desktop\ELK Sandbox\kibana-6.2.4-windows
-x86_64\src\server\config\config.js:119:35)
at Config.set (C:\Users\path\Desktop\ELK Sandbox\kibana-6.2.4-windows-x86
_64\src\server\config\config.js:89:10)
at Config.extendSchema (C:\Users\path\Desktop\ELK Sandbox\kibana-6.2.4-wi
ndows-x86_64\src\server\config\config.js:62:10)
at C:\Users\path\Desktop\ELK Sandbox\kibana-6.2.4-windows-x86_64\src\plug
in_discovery\plugin_config\extend_config_service.js:22:12
at next (native)
at step (C:\Users\path\Desktop\ELK Sandbox\kibana-6.2.4-windows-x86_64\sr
c\plugin_discovery\plugin_config\extend_config_service.js:45:191)
at C:\Users\path\Desktop\ELK Sandbox\kibana-6.2.4-windows-x86_64\src\plug
in_discovery\plugin_config\extend_config_service.js:45:361
FATAL { ValidationError: child "searchguard" fails because ["enterprise_modules_
enabled" is not allowed]
at Object.exports.process (C:\Users\path\Desktop\ELK Sandbox\kibana-6.2.4
-windows-x86_64\node_modules\joi\lib\errors.js:181:19)
at _validateWithOptions (C:\Users\path\Desktop\ELK Sandbox\kibana-6.2.4-w
indows-x86_64\node_modules\joi\lib\any.js:651:31)
at root.validate (C:\Users\path\Desktop\ELK Sandbox\kibana-6.2.4-windows-
x86_64\node_modules\joi\lib\index.js:121:23)
at Config._commit (C:\Users\path\Desktop\ELK Sandbox\kibana-6.2.4-windows
-x86_64\src\server\config\config.js:119:35)
at Config.set (C:\Users\path\Desktop\ELK Sandbox\kibana-6.2.4-windows-x86
_64\src\server\config\config.js:89:10)
at Config.extendSchema (C:\Users\path\Desktop\ELK Sandbox\kibana-6.2.4-wi
ndows-x86_64\src\server\config\config.js:62:10)
at C:\Users\path\Desktop\ELK Sandbox\kibana-6.2.4-windows-x86_64\src\plug
in_discovery\plugin_config\extend_config_service.js:22:12
at next (native)
at step (C:\Users\path\Desktop\ELK Sandbox\kibana-6.2.4-windows-x86_64\sr
c\plugin_discovery\plugin_config\extend_config_service.js:45:191)
at C:\Users\path\Desktop\ELK Sandbox\kibana-6.2.4-windows-x86_64\src\plug
in_discovery\plugin_config\extend_config_service.js:45:361
isJoi: true,
name: 'ValidationError',
details:
[ { message: '"enterprise_modules_enabled" is not allowed',
path: 'searchguard.enterprise_modules_enabled',
type: 'object.allowUnknown',
context: [Object] } ],
_object:
{ pkg:
{ version: '6.2.4',
branch: '6.x',
buildNum: 16627,
buildSha: 'ee501cfd9c1281cfbd6948e1c5f80dc9356ee56f' },
dev: { basePathProxyTarget: 5603 },
pid: { exclusive: false },
cpu: undefined,
cpuacct: undefined,
server:
{ port: 5601,
name: 'PC name',
host: 'localhost',
maxPayloadBytes: 1048576,
autoListen: true,
defaultRoute: '/app/kibana',
basePath: '',
customResponseHeaders: {},
ssl: [Object],
cors: false,
xsrf: [Object] },
logging:
{ silent: false,
quiet: false,
verbose: false,
events: {},
dest: 'stdout',
filter: {},
json: false,
useUTC: true },
ops: { interval: 5000 },
plugins: { scanDirs: [Object], paths: [], initialize: true },
path: { data: 'C:\\Users\\path\\Desktop\\ELK Sandbox\\kibana-6.2.4-windo
ws-x86_64\\data' },
optimize:
{ enabled: true,
bundleFilter: '!tests',
bundleDir: 'C:\\Users\\path\\Desktop\\ELK Sandbox\\kibana-6.2.4-windo
ws-x86_64\\optimize\\bundles',
viewCaching: true,
watch: false,
watchPort: 5602,
watchHost: 'localhost',
watchPrebuild: false,
watchProxyTimeout: 300000,
useBundleCache: true,
profile: false },
status: { allowAnonymous: false },
map:
{ manifestServiceUrl: 'https://catalogue.maps.elastic.co/v2/manifest',
includeElasticMapsService: true },
tilemap: { options: [Object] },
regionmap: { includeElasticMapsService: true },
i18n: { defaultLocale: 'en' },
elasticsearch:
{ url: 'https://localhost:9200',
username: 'kibanaserver',
password: 'kibanaserver',
ssl: [Object],
requestHeadersWhitelist: [Object],
enabled: true,
preserveHost: true,
shardTimeout: 0,
requestTimeout: 30000,
customHeaders: {},
pingTimeout: 30000,
startupTimeout: 5000,
logQueries: false,
apiVersion: 'master',
healthCheck: [Object],
tribe: [Object] },
input_control_vis: { enabled: true },
kbn_doc_views: { enabled: true },
kbn_vislib_vis_types: { enabled: true },
markdown_vis: { enabled: true },
metric_vis: { enabled: true },
region_map: { enabled: true },
spy_modes: { enabled: true },
state_session_storage_redirect: { enabled: true },
status_page: { enabled: true },
table_vis: { enabled: true },
tile_map: { enabled: true },
timelion: { enabled: true },
tagcloud: { enabled: true },
kibana: { enabled: true, defaultAppId: 'home', index: '.kibana' },
metrics: { enabled: true, chartResolution: 150, minimumBucketSize: 10 },
console: { enabled: true, proxyFilter: [Object], ssl: {} },
vega: { enabled: true, enableExternalUrls: false },
searchguard: { enterprise_modules_enabled: false } },
annotate: [Function] }