Kibana Canvas 插件不适用于 SearchGuard

Question

I have installed ELK stack with version 6.3.0 and I also install Canvas plugin in Kibana.我已经安装了 6.3.0 版的 ELK 堆栈，并且还在 Kibana 中安装了 Canvas 插件。 But it seems does not works because there is authentication issues when Canvas create request to Elasticsearch.但它似乎不起作用，因为 Canvas 创建对 Elasticsearch 的请求时存在身份验证问题。 I am uses SearchGuard for authentication instead of X-Pack security.我使用 SearchGuard 进行身份验证而不是 X-Pack 安全性。

Below is my installation details:下面是我的安装细节：

1. Elasticsearch
    Version: 6.3.0
    Plugins: - search-guard-6

2. Kibana
    Version: 6.3.0
    Plugins: - canvas@0.1.2015
             - searchguard@6.3.0-13

And here is kibana log output:这是 kibana 日志输出：

common/interpret esdocs: invokeChain rejected { Authentication Exception :: {"path":"/memberbebe/_search","query":{},"body":"{\"_source\":[],\"query\":{\"bool\":{\"must\":[{\"query_string\":{\"query\":\"-_index:.kibana\"}}]}},\"size\":100}","statusCode":401,"response":"Unauthorized","wwwAuthenticateDirective":"Basic realm=\"Search Guard\""}
    at respond (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)
    at checkRespForFailure (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)
    at HttpConnector.<anonymous> (/usr/share/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)
    at IncomingMessage.bound (/usr/share/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)
    at emitNone (events.js:111:20)
    at IncomingMessage.emit (events.js:208:7)
    at endReadableNT (_stream_readable.js:1064:12)
    at _combinedTickCallback (internal/process/next_tick.js:138:11)
    at process._tickDomainCallback (internal/process/next_tick.js:218:9)
  status: 401,
  displayName: 'AuthenticationException',
  message: 'Authentication Exception',
  path: '/memberbebe/_search',
  query: {},
  body: 'Unauthorized',
  statusCode: 401,
  response: 'Unauthorized',
  wwwAuthenticateDirective: 'Basic realm="Search Guard"',
  toString: [Function],
  toJSON: [Function],
  isBoom: true,
  isServer: false,
  data: null,
  output: 
   { statusCode: 401,
     payload: 
      { statusCode: 401,
        error: 'Unauthorized',
        message: 'Authentication Exception' },
     headers: { 'WWW-Authenticate': 'Basic realm="Authorization Required"' } },
  reformat: [Function] }
common/interpret esdocs: invokeChain rejected { Authentication Exception :: {"path":"/memberbebe/_search","query":{},"body":"{\"_source\":[],\"query\":{\"bool\":{\"must\":[{\"query_string\":{\"query\":\"-_index:.kibana\"}}]}},\"size\":100}","statusCode":401,"response":"Unauthorized","wwwAuthenticateDirective":"Basic realm=\"Search Guard\""}
    at respond (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)
    at checkRespForFailure (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)
    at HttpConnector.<anonymous> (/usr/share/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)
    at IncomingMessage.bound (/usr/share/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)
    at emitNone (events.js:111:20)
    at IncomingMessage.emit (events.js:208:7)
    at endReadableNT (_stream_readable.js:1064:12)
    at _combinedTickCallback (internal/process/next_tick.js:138:11)
    at process._tickDomainCallback (internal/process/next_tick.js:218:9)
  status: 401,
  displayName: 'AuthenticationException',
  message: 'Authentication Exception',
  path: '/memberbebe/_search',
  query: {},
  body: 'Unauthorized',
  statusCode: 401,
  response: 'Unauthorized',
  wwwAuthenticateDirective: 'Basic realm="Search Guard"',
  toString: [Function],
  toJSON: [Function],
  isBoom: true,
  isServer: false,
  data: null,
  output: 
   { statusCode: 401,
     payload: 
      { statusCode: 401,
        error: 'Unauthorized',
        message: 'Authentication Exception' },
     headers: { 'WWW-Authenticate': 'Basic realm="Authorization Required"' } },
  reformat: [Function] }
common/interpret esdocs: invokeChain rejected { Authentication Exception :: {"path":"/memberbebe/_search","query":{},"body":"{\"_source\":[],\"query\":{\"bool\":{\"must\":[{\"query_string\":{\"query\":\"-_index:.kibana\"}}]}},\"size\":100}","statusCode":401,"response":"Unauthorized","wwwAuthenticateDirective":"Basic realm=\"Search Guard\""}
    at respond (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)
    at checkRespForFailure (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)
    at HttpConnector.<anonymous> (/usr/share/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)
    at IncomingMessage.bound (/usr/share/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)
    at emitNone (events.js:111:20)
    at IncomingMessage.emit (events.js:208:7)
    at endReadableNT (_stream_readable.js:1064:12)
    at _combinedTickCallback (internal/process/next_tick.js:138:11)
    at process._tickDomainCallback (internal/process/next_tick.js:218:9)
  status: 401,
  displayName: 'AuthenticationException',
  message: 'Authentication Exception',
  path: '/memberbebe/_search',
  query: {},
  body: 'Unauthorized',
  statusCode: 401,
  response: 'Unauthorized',
  wwwAuthenticateDirective: 'Basic realm="Search Guard"',
  toString: [Function],
  toJSON: [Function],
  isBoom: true,
  isServer: false,
  data: null,
  output: 
   { statusCode: 401,
     payload: 
      { statusCode: 401,
        error: 'Unauthorized',
        message: 'Authentication Exception' },
     headers: { 'WWW-Authenticate': 'Basic realm="Authorization Required"' } },
  reformat: [Function] }
common/interpret esdocs: invokeChain rejected { Authentication Exception :: {"path":"/memberbebe/_search","query":{},"body":"{\"_source\":[],\"query\":{\"bool\":{\"must\":[{\"query_string\":{\"query\":\"-_index:.kibana\"}}]}},\"size\":100}","statusCode":401,"response":"Unauthorized","wwwAuthenticateDirective":"Basic realm=\"Search Guard\""}
    at respond (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)
    at checkRespForFailure (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)
    at HttpConnector.<anonymous> (/usr/share/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)
    at IncomingMessage.bound (/usr/share/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)
    at emitNone (events.js:111:20)
    at IncomingMessage.emit (events.js:208:7)
    at endReadableNT (_stream_readable.js:1064:12)
    at _combinedTickCallback (internal/process/next_tick.js:138:11)
    at process._tickDomainCallback (internal/process/next_tick.js:218:9)
  status: 401,
  displayName: 'AuthenticationException',
  message: 'Authentication Exception',
  path: '/memberbebe/_search',
  query: {},
  body: 'Unauthorized',
  statusCode: 401,
  response: 'Unauthorized',
  wwwAuthenticateDirective: 'Basic realm="Search Guard"',
  toString: [Function],
  toJSON: [Function],
  isBoom: true,
  isServer: false,
  data: null,
  output: 
   { statusCode: 401,
     payload: 
      { statusCode: 401,
        error: 'Unauthorized',
        message: 'Authentication Exception' },
     headers: { 'WWW-Authenticate': 'Basic realm="Authorization Required"' } },
  reformat: [Function] }
common/interpret esdocs: invokeChain rejected { Authentication Exception :: {"path":"/memberbebe/_search","query":{},"body":"{\"_source\":[],\"query\":{\"bool\":{\"must\":[{\"query_string\":{\"query\":\"-_index:.kibana\"}}]}},\"size\":100}","statusCode":401,"response":"Unauthorized","wwwAuthenticateDirective":"Basic realm=\"Search Guard\""}
    at respond (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)
    at checkRespForFailure (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)
    at HttpConnector.<anonymous> (/usr/share/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)
    at IncomingMessage.bound (/usr/share/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)
    at emitNone (events.js:111:20)
    at IncomingMessage.emit (events.js:208:7)
    at endReadableNT (_stream_readable.js:1064:12)
    at _combinedTickCallback (internal/process/next_tick.js:138:11)
    at process._tickDomainCallback (internal/process/next_tick.js:218:9)
  status: 401,
  displayName: 'AuthenticationException',
  message: 'Authentication Exception',
  path: '/memberbebe/_search',
  query: {},
  body: 'Unauthorized',
  statusCode: 401,
  response: 'Unauthorized',
  wwwAuthenticateDirective: 'Basic realm="Search Guard"',
  toString: [Function],
  toJSON: [Function],
  isBoom: true,
  isServer: false,
  data: null,
  output: 
   { statusCode: 401,
     payload: 
      { statusCode: 401,
        error: 'Unauthorized',
        message: 'Authentication Exception' },
     headers: { 'WWW-Authenticate': 'Basic realm="Authorization Required"' } },
  reformat: [Function] }

How I can solve this issue?我该如何解决这个问题？ Any suggestions?有什么建议？

Thank you谢谢

Answer 1

Finally, I found temporary solution for this issue by myself.最后，我自己找到了这个问题的临时解决方案。

I am editing file /plugins/canvas/server/routes/socket.js in line 37:我正在编辑第 37 行中的文件/plugins/canvas/server/routes/socket.js ：

if (server.plugins.security) request.headers.authorization = authHeader;

to:到：

request.headers.authorization = "Basic <HASHED_USER_PASS>";

The is SearchGuard Username:SearchGuard Password encoded with Base64.是SearchGuard 用户名：用 Base64 编码的SearchGuard 密码。

I know that my solution maybe not the best solution and need to be improved but I hope it can help other users with the same issue.我知道我的解决方案可能不是最好的解决方案，需要改进，但我希望它可以帮助遇到相同问题的其他用户。

Thanks.谢谢。

Kibana Canvas 插件不适用于 SearchGuard

问题描述

1 个解决方案

解决方案1
0 2018-07-05 09:51:57

Kibana Canvas 插件不适用于 SearchGuard

问题描述

1 个解决方案

解决方案1 0 2018-07-05 09:51:57

解决方案1
0 2018-07-05 09:51:57