I am currently running 6.8.1 ES and Kibana with the Opendistro security plugin installed for both. I am using the local admin account for testing. The issue is that when I attempt to access Security → Authentication and Authorization, nothing on that page loads and the browser console shows 404 errors.
I also get errors in the Security page. Here is what the console looks like with all the 400 errors
I am currently using the following kibana.yml, elasticsearch.yml, and opendistro security plugin yml files as follows:
kibana.yml
xpack.security.enabled: false
# Copyright <2019> Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
# Release Note:
# Default Kibana configuration for Open Distro.
server.host: "hostname.com"
elasticsearch.url: https://hostname.com:9200
elasticsearch.ssl.verificationMode: none
elasticsearch.username: kibanaserver
elasticsearch.password: kibanaserver
elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
opendistro_security.multitenancy.enabled: false
#opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"]
opendistro_security.readonly_mode.roles: ["kibana_read_only"]
elasticsearch.yml
xpack.security.enabled: false
cluster.name: ELK
cluster.max_shards_per_node: 20000
node.name: ${HOSTNAME}
node.attr.box_type: hot
node.master: true
path.data: /home/elasticsearch
path.logs: /var/log/elasticsearch
thread_pool:
warmer:
core: 1
max: 6
keep_alive: 2m
network.host: hostname.com
discovery.zen.ping.unicast.hosts: ["hostname.com", "hostname2.com"]
opendistro_security.advanced_modules_enabled: true
opendistro_security.allow_unsafe_democertificates: false
opendistro_security.audit.type: internal_elasticsearch
opendistro_security.enable_snapshot_restore_privilege: true
opendistro_security.check_snapshot_restore_write_privileges: true
opendistro_security.restapi.roles_enabled: ["all_access","security_rest_api_access"]
cluster.routing.allocation.disk.threshold_enabled: false
discovery.zen.minimum_master_nodes: 1
node.max_local_storage_nodes: 3
opendistro_security.ssl.transport.pemcert_filepath: hostname.pem
opendistro_security.ssl.transport.pemkey_filepath: hostname.key
opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
opendistro_security.ssl.transport.enforce_hostname_verification: false
opendistro_security.ssl.transport.resolve_hostname: true
opendistro_security.ssl.http.enabled: true
opendistro_security.ssl.http.pemcert_filepath: hostname_http.pem
opendistro_security.ssl.http.pemkey_filepath: hostname_http.key
opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
opendistro_security.ssl.http.enabled_protocols:
- "TLSv1.1"
- "TLSv1.2"
opendistro_security.nodes_dn:
- -"CN=*.hostname.com,OU=Ops,O=hostname Net\\, Inc.,DC=hostname,DC=com"
- CN=hostname.com,OU=Ops,O=hostname com\, Inc.,DC=hostname,DC=com
- CN=hostname2.com,OU=Ops,O=hostname com\, Inc.,DC=hostname,DC=com
opendistro_security.authcz.admin_dn:
- CN=kirk.hostname.com,OU=Ops,O=hostname com\, Inc.,DC=hostname,DC=com
opendistro_security.roles_mapping_resolution: BOTH
The opendistro security plugin configurations I’m using are directly from security/securityconfig at opendistro-0.10 · opendistro-for-elasticsearch/security · GitHub
I’ve reviewed all the permissions/configurations and I can’t see anything that stands out as an issue. Especially since it’s pretty much a vanilla configuration/install.
