I am trying to setup Opensearch to study feasibility of implementing read only access to couple of dashboards. I followed the steps as given here but I get “Application Not found” error.
Even some of the forum topics discuss that but the file they refer in github does not exist.
Here is the snippet of what i tried.
logged with admin/admin
created a sample dashboard with Ecommerce Revenue dashboard
created read only role “osreader” with below parameters/mapping cluster-permissions : all read permissions(indices:read, get, search* etc*) including cluster_composite_ops_ro index permissions : opensearch* (which is the default index for the ecommerce dashboard and available in index patterns page)
No Tenant selected
5 .mapped role to “osviewer” user for which i have selected osreader as backend role. and added osviewer user to other read only roles(kibana_user, kibana_read_only, readall)
I login with “osviewer” user
login successful, gets only dashboard in the menu
when I click dashboard, I get “Application Not Found” error.
when I view the roles and Identities for the user from the UI, it lists below Roles(5)
osreader
own_index
kibana_user
kibana_read_only
readall
Backend roles(1)
osreader
Still i get Application Not found error, what is the process to get this corrected? what all other permissions/roles am I missing here?
Is it possible for readonly user to view a dashboard created by admin? Even if it displays, is there a option to NOT to have “Edit” button for the dashboard?
Have not enabled multi tenancy after installation. I can see the current tenant selected is global in Security → Tenants. When i clicke View Dashboard in global tenant I can see the sample dashboard
I can see another tenant admin_tenant listed but not sure if it is created by default
Is there a tenant read permission that I have to enable>
ok sure
I get below in the URL when hitting dashboard using osviewer login
banner message = To visualize and explore data, you must create index pattern to retrieve data
osviewer is listed as private user when I click “roles and Identities”, should be be global user? if yes, how?
UPDATE:
Interestingly, when I share the dashboard as snapshot / permalink , they can login with osviewer credential and view the dashboard and playaround.
They were not able to save the changes if they do EDIT, which is fine.
but when they log out and log back in with osviewer and click dashboard → they get Application not found error again.
@guhan if you see multiple tenants it would indicate you have multitenancy enabled, can you share your config.yml and kibana.yml, can you also confirm which odfe/opensearch version you are using.
@Anthony ,
Sorry for the late reply as I got into some issues. I could not find /usr/share/opensearch or /usr/share/elasticsearch, but I see in the opensearch log with this path, is the folder hidden?
@guhan How are you running openSearch, is it via docker-compose, Kubernetes or an tar.gz? If you are using docker/k8s the path should be as mentioned above, however if you are running tar.gz, then naturally the path will be based on your current working directory.
@Anthony ,
I followed the same steps as given in the Opensearch installation page, and ran it via docker-compose up command
when I ran this command, I copy pasteed the log and there I can see this path for open search node, eg: [opensearch-node2] JVM home [/usr/share/opensearch/jdk],
@Anthony ,
I ran the command but I get file or directory not found, when I run ls I get below folders/files inside the docker
config
jdk
logs
plugins
bin
data
lib
modules
@Anthony ,
I was also going through setting up ldap/ad auth from page and it says we have to modify config.yml file for authx and authz.
Even if we modify it, will saving inside docker reflect the change? If we run docker-compose up command again, will it be reverted back to original state?
