[英]Kibana Canvas plugin doesn't works with SearchGuard
我已经安装了 6.3.0 版的 ELK 堆栈,并且还在 Kibana 中安装了 Canvas 插件。 但它似乎不起作用,因为 Canvas 创建对 Elasticsearch 的请求时存在身份验证问题。 我使用 SearchGuard 进行身份验证而不是 X-Pack 安全性。
下面是我的安装细节:
1. Elasticsearch
Version: 6.3.0
Plugins: - search-guard-6
2. Kibana
Version: 6.3.0
Plugins: - canvas@0.1.2015
- searchguard@6.3.0-13
这是 kibana 日志输出:
common/interpret esdocs: invokeChain rejected { Authentication Exception :: {"path":"/memberbebe/_search","query":{},"body":"{\"_source\":[],\"query\":{\"bool\":{\"must\":[{\"query_string\":{\"query\":\"-_index:.kibana\"}}]}},\"size\":100}","statusCode":401,"response":"Unauthorized","wwwAuthenticateDirective":"Basic realm=\"Search Guard\""}
at respond (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)
at checkRespForFailure (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)
at HttpConnector.<anonymous> (/usr/share/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)
at IncomingMessage.bound (/usr/share/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)
at emitNone (events.js:111:20)
at IncomingMessage.emit (events.js:208:7)
at endReadableNT (_stream_readable.js:1064:12)
at _combinedTickCallback (internal/process/next_tick.js:138:11)
at process._tickDomainCallback (internal/process/next_tick.js:218:9)
status: 401,
displayName: 'AuthenticationException',
message: 'Authentication Exception',
path: '/memberbebe/_search',
query: {},
body: 'Unauthorized',
statusCode: 401,
response: 'Unauthorized',
wwwAuthenticateDirective: 'Basic realm="Search Guard"',
toString: [Function],
toJSON: [Function],
isBoom: true,
isServer: false,
data: null,
output:
{ statusCode: 401,
payload:
{ statusCode: 401,
error: 'Unauthorized',
message: 'Authentication Exception' },
headers: { 'WWW-Authenticate': 'Basic realm="Authorization Required"' } },
reformat: [Function] }
common/interpret esdocs: invokeChain rejected { Authentication Exception :: {"path":"/memberbebe/_search","query":{},"body":"{\"_source\":[],\"query\":{\"bool\":{\"must\":[{\"query_string\":{\"query\":\"-_index:.kibana\"}}]}},\"size\":100}","statusCode":401,"response":"Unauthorized","wwwAuthenticateDirective":"Basic realm=\"Search Guard\""}
at respond (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)
at checkRespForFailure (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)
at HttpConnector.<anonymous> (/usr/share/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)
at IncomingMessage.bound (/usr/share/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)
at emitNone (events.js:111:20)
at IncomingMessage.emit (events.js:208:7)
at endReadableNT (_stream_readable.js:1064:12)
at _combinedTickCallback (internal/process/next_tick.js:138:11)
at process._tickDomainCallback (internal/process/next_tick.js:218:9)
status: 401,
displayName: 'AuthenticationException',
message: 'Authentication Exception',
path: '/memberbebe/_search',
query: {},
body: 'Unauthorized',
statusCode: 401,
response: 'Unauthorized',
wwwAuthenticateDirective: 'Basic realm="Search Guard"',
toString: [Function],
toJSON: [Function],
isBoom: true,
isServer: false,
data: null,
output:
{ statusCode: 401,
payload:
{ statusCode: 401,
error: 'Unauthorized',
message: 'Authentication Exception' },
headers: { 'WWW-Authenticate': 'Basic realm="Authorization Required"' } },
reformat: [Function] }
common/interpret esdocs: invokeChain rejected { Authentication Exception :: {"path":"/memberbebe/_search","query":{},"body":"{\"_source\":[],\"query\":{\"bool\":{\"must\":[{\"query_string\":{\"query\":\"-_index:.kibana\"}}]}},\"size\":100}","statusCode":401,"response":"Unauthorized","wwwAuthenticateDirective":"Basic realm=\"Search Guard\""}
at respond (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)
at checkRespForFailure (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)
at HttpConnector.<anonymous> (/usr/share/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)
at IncomingMessage.bound (/usr/share/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)
at emitNone (events.js:111:20)
at IncomingMessage.emit (events.js:208:7)
at endReadableNT (_stream_readable.js:1064:12)
at _combinedTickCallback (internal/process/next_tick.js:138:11)
at process._tickDomainCallback (internal/process/next_tick.js:218:9)
status: 401,
displayName: 'AuthenticationException',
message: 'Authentication Exception',
path: '/memberbebe/_search',
query: {},
body: 'Unauthorized',
statusCode: 401,
response: 'Unauthorized',
wwwAuthenticateDirective: 'Basic realm="Search Guard"',
toString: [Function],
toJSON: [Function],
isBoom: true,
isServer: false,
data: null,
output:
{ statusCode: 401,
payload:
{ statusCode: 401,
error: 'Unauthorized',
message: 'Authentication Exception' },
headers: { 'WWW-Authenticate': 'Basic realm="Authorization Required"' } },
reformat: [Function] }
common/interpret esdocs: invokeChain rejected { Authentication Exception :: {"path":"/memberbebe/_search","query":{},"body":"{\"_source\":[],\"query\":{\"bool\":{\"must\":[{\"query_string\":{\"query\":\"-_index:.kibana\"}}]}},\"size\":100}","statusCode":401,"response":"Unauthorized","wwwAuthenticateDirective":"Basic realm=\"Search Guard\""}
at respond (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)
at checkRespForFailure (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)
at HttpConnector.<anonymous> (/usr/share/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)
at IncomingMessage.bound (/usr/share/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)
at emitNone (events.js:111:20)
at IncomingMessage.emit (events.js:208:7)
at endReadableNT (_stream_readable.js:1064:12)
at _combinedTickCallback (internal/process/next_tick.js:138:11)
at process._tickDomainCallback (internal/process/next_tick.js:218:9)
status: 401,
displayName: 'AuthenticationException',
message: 'Authentication Exception',
path: '/memberbebe/_search',
query: {},
body: 'Unauthorized',
statusCode: 401,
response: 'Unauthorized',
wwwAuthenticateDirective: 'Basic realm="Search Guard"',
toString: [Function],
toJSON: [Function],
isBoom: true,
isServer: false,
data: null,
output:
{ statusCode: 401,
payload:
{ statusCode: 401,
error: 'Unauthorized',
message: 'Authentication Exception' },
headers: { 'WWW-Authenticate': 'Basic realm="Authorization Required"' } },
reformat: [Function] }
common/interpret esdocs: invokeChain rejected { Authentication Exception :: {"path":"/memberbebe/_search","query":{},"body":"{\"_source\":[],\"query\":{\"bool\":{\"must\":[{\"query_string\":{\"query\":\"-_index:.kibana\"}}]}},\"size\":100}","statusCode":401,"response":"Unauthorized","wwwAuthenticateDirective":"Basic realm=\"Search Guard\""}
at respond (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)
at checkRespForFailure (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)
at HttpConnector.<anonymous> (/usr/share/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)
at IncomingMessage.bound (/usr/share/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)
at emitNone (events.js:111:20)
at IncomingMessage.emit (events.js:208:7)
at endReadableNT (_stream_readable.js:1064:12)
at _combinedTickCallback (internal/process/next_tick.js:138:11)
at process._tickDomainCallback (internal/process/next_tick.js:218:9)
status: 401,
displayName: 'AuthenticationException',
message: 'Authentication Exception',
path: '/memberbebe/_search',
query: {},
body: 'Unauthorized',
statusCode: 401,
response: 'Unauthorized',
wwwAuthenticateDirective: 'Basic realm="Search Guard"',
toString: [Function],
toJSON: [Function],
isBoom: true,
isServer: false,
data: null,
output:
{ statusCode: 401,
payload:
{ statusCode: 401,
error: 'Unauthorized',
message: 'Authentication Exception' },
headers: { 'WWW-Authenticate': 'Basic realm="Authorization Required"' } },
reformat: [Function] }
我该如何解决这个问题? 有什么建议?
谢谢
最后,我自己找到了这个问题的临时解决方案。
我正在编辑第 37 行中的文件/plugins/canvas/server/routes/socket.js :
if (server.plugins.security) request.headers.authorization = authHeader;
到:
request.headers.authorization = "Basic <HASHED_USER_PASS>";
是SearchGuard 用户名:用 Base64 编码的SearchGuard 密码。
我知道我的解决方案可能不是最好的解决方案,需要改进,但我希望它可以帮助遇到相同问题的其他用户。
谢谢。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.