i can now configure monitors and trigger via kibana but they never fire. a little bit of debugging showed that there is a security exception in elasticsearch:
{“type”: “server”, “timestamp”: “2020-03-24T16:10:52,615Z”, “level”: “ERROR”, “component”: “c.a.o.a.MonitorRunner”, “cluster.name”: “es-cluster”, “node.name”: “es-node-1”, “message”: “Error loading alerts for monitor: PYIuDXEBAGaEE73To77I”, “cluster.uuid”: “pRQK8DpFTreUfIUHc4Cg0A”, “node.id”: “FsFKB9o-T9Gd6I58vkfqOQ” ,
“stacktrace”: [“org.elasticsearch.ElasticsearchSecurityException: action [indices:data/read/search] is unauthorized for user [_system]”,
can anyone point me to the right direction what i can do to eigher grant the _system user these permissions (not sure if that’s possible if i am reading the code of elasticsearch correctly [1]) or have this query running as another dedicated alarm user?
We do not have explicit integration support with x-pack security. It’s possible some other users have found a way around it, but not something that we can help with. We instead offer our own open source Apache 2.0 licensed security plugin.
uh okay thanks for answering my question. already tried my luck to replace xpack with the opendistro security plugin, but the certificate hassle is a bit too much for my setup (dedicated elastic network where i don’t want or need TLS and kibana exposed via traefik). guess i’ll have to go back to nagios and graylog
Sorry to hear that you ran into some issues with the certificates. Perhaps, you can post your concerns and challenges on GitHub? Our team member can help you out.
there are already two issues for that i think ([1] [2]). maybe to put it as a userstory:
i as a user want to deploy the security plugin without TLS, but with authentication configurable via environment variables inside a docker container
also the mentioned securityadmin.sh script does not work inside the elastic container as the binary ‘which’ is missing. ah yeah and the autodetection of the JAVA_HOME env is failing as well. Had to set it manually. should i create a PR in the documentation repo for that?
