When xpack security is disabled, kibana with search-guard became unavailable.

[ate]

Hi.

I have an issue about installing search-guard-plugin to elasticsearch and kibana.

When I installed it, Kibana said "plugin:searc...@6.3.2-15 X-Pack Security needs to be disabled for Search Guard to work properly. Please set 'xpack.security.enabled' to false in your kibana.yml" on kibana's web page.

After I added 'xpack.security.enabled: false' to kibana.yml, I could not access to kibana's web page.(denied connection)

Please let me know the solution.

<The step for installing search-guard-plugin>

[elasticsearch]

1. systemctl stop elasticsearch

2. /usr/share/elasticsearch/bin/elasticsearch-plugin install -b com.floragunn:search-guard-6:6.3.2-23.1

3. cd /usr/share/elasticsearch/plugins/search-guard-6/tools

4. sh install_demo_configuration.h

     y y N

5. systemctl start elasticsearch

6. sh sgadmin_demo.sh

[kibana]

1. cd /tmp/

2. wget https://oss.sonatype.org/service/local/repositories/releases/content/com/floragunn/search-guard-kibana-plugin/6.3.2-15/search-guard-kibana-plugin-6.3.2-15.zip

3. /usr/share/kibana/bin/kibana-plugin install file:///tmp/search-guard-kibana-plugin-6.3.2-15.zip

<adding to kibana.yml>

elasticsearch.url: "https://<elasticsearch IPaddr>:9200"

elasticsearch.username: "kibanaserver"

elasticsearch.password: "kibanaserver"

elasticsearch.ssl.verificationMode: none

xpack.security.enabled: false

Thank you.

---------

When asking questions, please provide the following information:

* Search Guard and Elasticsearch version

- search-guard-6:6.3.2-23.1

- elasticsearch 6.3.2

* Installed and used enterprise modules, if any

* JVM version and operating system version

- OpenJDK Runtime Environment (build 1.8.0_181-b13)

- CentOS7

* Search Guard configuration files

- I don't modify it.

* Elasticsearch log messages on debug level

* Other installed Elasticsearch or Kibana plugins, if any

[Jochen Kressin]

Can you please attach the Kibana logfiles as well? Are you using the regular Kibana binaries or the OSS flavour?

[ate]

Thank you for your reply.

I'm sorry that I couldn't find the Kibana logfiles and directories("/var/log/kibana").

I used the regular Kibana.

So I changed it to the Kibana(OSS only), the Search Guard began to work.

But I want to use the regular Kibana because I want to use both the Search Guard and the x-pack(only monitoring).

Can I try anything about this issue?

[Jochen Kressin]

In order to see what is going on we really need to see the Kibana logfile. You can configure the log file destination like:

logging.dest: /var/log/kibana.log

Note that the Kibana process needs write access to that file / directory.

On Friday, October 19,

[ate]

According to your advice, I could see the kibana logfile.

I add it to this topic as [kibana.log].

At first, without setting up xpack, I started the page of kibana,

then I set xpack.security.enabled: false to kibana.yml and restarted.

After setting xpack.security.enabled: false to kibana.yml, the following error continues to appear.

> permission denied, open '/usr/share/kibana/optimize/bundles/searchguard-login.entry.js

I tried executing the following command,
>chown 777 /usr/share/kibana/optimize/bundles/searchguard-login.entry.js

>chown kibana:kibana /usr/share/kibana/optimize/bundles/searchguard-login.entry.js

this error appears.

> permission denied, open '/usr/share/kibana/optimize/bundles/searchguard-customerror.entry.js

Next I executed follows,

>chown -R 777 /usr/share/kibana/optimize/bundles

>chown -R kibana:kibana /usr/share/kibana/optimize/bundles

the search-guard plugin now works correctly.

Is this the correct way to fix this issue?

In addition, I tried the same step using elasticsearch ver 6.4.2 and kibana ver 6.4.2, the search-guard plugin worked without problem.(I didn't execute chown command at all.)

2018年10月19日金曜日 18時30分22秒 UTC+9 Jochen Kressin: