christian-marie / kibana3_auth Goto Github PK

Hi @christian-marie (or anyone else)

If I want to use it work with Kibana4, do I just need to update kibana config file (config/kibana.yml) and nginx config (if used)?

When one presses the 'share' button in Kibana, a temporary dashboard should be created in the kibana-int ES index. This request doesn't get forwarded through kibana3_auth because the URL /kibana-int/temp isn't forwarded.

It's trivial to fix (add another regex to lib/router.rb), I'm going to fix this and send a pull request this week.

Looks like there are issues with Kibana milestone 4 and ES 1.0.1 that are fixed in milestone 5. For instance filtering on fields is broken.

Would this work with kibana 4?

Hello,

today i tried to attach an Counter, to the Table Fields,
.

My idea was to use the one which is currently impelemented in the dropdown menu of the table field,

I tried to configure the html-code of the table panel, located in the kibana folder, but didnt have any success.

How can i configure it to show the counter in the selected area?

Thanks for your response.

Regards.

Franz

Hi,

I am trying to setup an ES/kibana environment using kibana3_auth as a proxy (tried master and v.1.0.0milestone4. I am using windows with cygwin and I finally installed the kibana3auth according to the readme-instruction.
using the exec rackup command, I get this error:

$ bundle exec rackup -p 8000
bundler: command not found: rackup
Install missing gem executables with bundle install

If i install the binstubs and run bin/rackup -p 8000 it works.
$ bundle install --binstubs
$ bin/rackup -p 8000

Login/logout also works and I can open different dashboards. The main problem is, that if I am accessing elasticsearch on port 8000 in kibana config.js, I can't see any logs even if the user is "unfiltered" and all requests from kibana return with 405.
127.0.0.1 - - [19/Sep/2014 11:03:02] "POST /_all/_search HTTP/1.1" 405 19 0.0010

Any ideas how to fix?

Thanks in advance

Hey,

first off i know you no longer support this project. But maybe others encountered this problem too.

We run the auth_module with ES 2.4 so far and it works fine. As we try to upgrade to ES5.X we run into this problem:

[23/Jul/2018 13:50:05] "GET /_nodes HTTP/1.1" 200 ["2733"] 0.0082
[2018-07-23 13:50:05] ERROR Rack::Lint::LintError: Content-Length header was 2733, but should be 18947
        /var/lib/gems/2.3.0/gems/rack-1.5.2/lib/rack/lint.rb:20:in `assert'
        /var/lib/gems/2.3.0/gems/rack-1.5.2/lib/rack/lint.rb:631:in `verify_content_length'
        /var/lib/gems/2.3.0/gems/rack-1.5.2/lib/rack/lint.rb:655:in `each'
        /var/lib/gems/2.3.0/gems/rack-1.5.2/lib/rack/body_proxy.rb:31:in `each'
        /var/lib/gems/2.3.0/gems/rack-1.5.2/lib/rack/handler/webrick.rb:72:in `service'
        /usr/lib/ruby/2.3.0/webrick/httpserver.rb:140:in `service'
        /usr/lib/ruby/2.3.0/webrick/httpserver.rb:96:in `run'
        /usr/lib/ruby/2.3.0/webrick/server.rb:296:in `block in start_thread'

The problems seems to be the change of the _nodes API in ES5.X.

Old _nodes response:

{
  "cluster_name": "clustername",
  "nodes": {
    "y1F7B0edRxiW5Bzoiwr0kw": {
      "name": "node1",
      "transport_address": "192.168.55.5:9307",
      "host": "192.168.55.5",
      "ip": "192.168.55.5",
      "version": "2.4.0",
      "build": "ce9f0c7",
      "http_address": "192.168.55.5:9207",
      "attributes": {
        "tag": "node1",
        "master": "false"
      },

New ES5.X response:

{
  "_nodes": {
    "total": 3,
    "successful": 3,
    "failed": 0
  },
  "cluster_name": "clustername",
  "nodes": {
    "QCDpwJg1RDW8Dkf7Bu95VA": {
      "name": "node1",
      "transport_address": "192.168.55.5:9300",
      "host": "192.168.55.5",
      "ip": "192.168.55.5",
      "version": "5.6.10",
      "build_hash": "b727a60",
      "total_indexing_buffer": 308700774,
      "roles": [
        "master",
        "ingest"
      ],

I think the auth_module just uses the 1st new part (with the amount of nodes) and thus the content-length check fails.

I dont expect a solution, but maybe some hints at which files i should look. I try to find a solution myself than and make a fork.

Thank you very much.

Hi~
I can see data from logstash.json. (can see data that index is logstash)
But I cannot see data from sample dashboard which index is other than logstash.
Is this module support this function or can just use logstash.json?
Is there any way that I can see other data that index isn't logstash.
I try to change source code from router.rb. LOGSTASH_INDEX = %r{(_all)}
But it doesn't work. (404 not found).
It works when using normal kibana not proxy it.
If you have any idea or solution, I would be appreciate.
Thanks a lot.

I have a setup where my kibana3 talks to nginx which proxies all the ES requests to the cluster. (I have firewall rules that only allow that nginx host to talk to ES)

Trying to use your project here. Does the rack app also do the job of sending on all the requests? For some reason I'm not even getting the login form.

In webrick, I'm seeing the request with a 200 status. On the browser, it's a blank page, and the error console says:

Failed to load resource: The network connection was lost.

Anything I should look at? Thanks!

Hello,

today I tried the current version of kibana3_auth with the newest elasticsearch 0.90.5.
During my test I've got following problem:

In my config.rb I added something like this into my login - function:

    if user == 'xxxx' and pass == 'yyyy' then
     return({
                    'terms' => {
                            'tags' => [ 'secret' ]
                    }
            })
    end

When I login with that user I get the elasticsearch error - message "Oops! IndexMissingException[[logstash-2013.10.03_fc1e2e99abf9a5fe5049c9916a327743e2549e83] missing] ". With an "UNFILTERED" user I can see all.

I think the Problem is, that no Alias was created on my elasticsearch - instance for this user.

What can be the problem here? Do I need to manually create the filtered alias into elasticsearch.

Thank you for your response.

Regards.

Florian

Hi guys,

just upgraded to the new version of Kibana3_auth with the implemented Kibana3.1.

Everything is working fine but it looks like Kibana have changed the way they call for ES-aliases and since them if you select a wide timerange ( 14days+ ) you´ll get the following error in the apache log:

(36)File name too long: access to /logstash-2014.06.25,logstash-2014.06.26,logstash-2014.06.27,logstash-2014.06.28,logstash-2014.06.29,logstash-2014.06.30,logstash-2014.07.01,logstash-2014.07.02,logstash-2014.07.03,logstash-2014.07.04,logstash-2014.07.05,logstash-2014.07.06,logstash-2014.07.07,logstash-2014.07.08,logstash-2014.07.09,logstash-2014.07.10,logstash-2014.07.11,logstash-2014.07.12,logstash-2014.07.13,logstash-2014.07.14,logstash-2014.07.15,logstash-2014.07.16,logstash-2014.07.17,logstash-2014.07.18,logstash-2014.07.19,logstash-2014.07.20,logstash-2014.07.21,logstash-2014.07.22,logstash-2014.07.23,logstash-2014.07.24,logstash-2014.07.25/_aliases failed, referer: https://servername/

Well what i tried so far is to increase the http-request length of elasticsearch ( http.max_initial_line_length: 64kb ) and the one of Apache
(LimitRequestLine 1638000000000
LimitRequestFieldSize 163800000000
LimitXMLRequestBody 163800000000
LimitRequestBody 0
LimitRequestFields 5000000
)
but none of them worked.

Anyone got any help?

Hi,

I tried the current version of kibana3_auth with the elasticsearch 0.20.6.
Currently I am facing the following problem:

In my config.rb I have added this into my login - function:

if user == 'peter' and pass == 'password' then
return({
'terms' => {
'tags' => [ 'nagios-messages' ]
}
})
end

When I login using the username and password (peter/password) I could see the default dashboard and all the logs. Filtered access is not working as intended. I tried using host instead of tags but was of no help.

if user == 'peter' and pass == 'password' then
return({
'terms' => {
'host' => [ 'nagios.abc.com' ]
}
})
end

No matter what I try I can see full dashboard with all the controls enabled and full access. I would like to have control on what different users can see based on tags, also a normal user must not be able to edit or configure the dashboard. Would appreciate any help.

Thank you for your response.

Regards.

Ron

When I try, I just get:

File not found: /logout

then even when I restart rack, I am still logged in

When I log in to the Kibana for the first time, everything works as expected: I get the index.html page. The problem starts when I click "Logout" and then type localhost:8080 (my Kibana server). I get immediately to the index.html page and can access the dashboards, but I would expect to get only login page until I the valid username-password are given.
Could you help with identifying the problem: my understanding of the feature, a bug, configuration problem, etc?

Hello Christian,

I want to combine in my login - function different filter-terms (like user1 should only have access to events matching "type networkdevices" or/and "host 192.168.2.2".

How can I define that?
I tried something like the following example but that didn't worked:

config.rb

    if user == 'alice' then
                    return({
                    'terms' => {
                            'type' => [ 'networkdevices' ],
                            'host' => [ '192.168.2.2' ]
                    }
            })
    end

With this example I got only filtered to 192.168.2.2....

Thanks for your help.

Regards

Florian

Hi,
Kibana3_auth has request timeout 60 sec.
how is possible to increase the value ?

Hi,
I'm using Kibana for long time and now decided to implement kibana3_auth in my environment. As its seem Good one who decides/needs Authentication for Kibana

I'm new to this kibana3_auth. Readme file doesn't give enough info for newbie who willing to make use of this one.

If possible, could you please share add more documentation on this. ? How we have to set it up .

Issue in my Lab setup:

1. How do I add the login user's IDs ?., and where users details will be stored.

I like to be a copy paste guy but when its wrong in the code fields you have to know.
In your instruction it says to run following after enered the downloaded repo:
git submodule init && gitsubmodule update
Shouldn't it be:
git submodule init && git submodule update
instead?

From: rubynoob
Subject: ruby or gems version too old?

Hi, I followed the README, and get the following error:

config/config.rb:19: compile error (SyntaxError)
config/config.rb:19: syntax error, unexpected tSYMBEG, expecting '}'
        :backend        => 'http://localhost:9200',
         ^
        from ~/kibana3_auth/config.ru:6
        from /usr/lib/ruby/gems/1.8/gems/rack-1.5.2/lib/rack/builder.rb:55:in `instance_eval'
        from /usr/lib/ruby/gems/1.8/gems/rack-1.5.2/lib/rack/builder.rb:55:in `initialize'
        from ~/kibana3_auth/config.ru:0:in `new'
        from ~/kibana3_auth/config.ru:0

I guess it's some trivial dependency issue

Hi there,

kibana3_auth(v1.0.0milestone4) is not using the ES :backend that I specified in kibana3_auth/config/config.rb; it's contacting what's in kibana3_auth/kibana/src/config.js.

I've added some binding.pry breakpoints in kibana3_auth/lib/forwader.rb and the @uri.host/@uri.port is correct, but kibana falls back to what's defined in kibana3_auth/kibana/src/config.js. So basically, it's complaining that it can't hit the ES backend.

tl;dr:
kibana3_auth/config/config.rb:
:backend => 'http://my_es_server:9200',

kibana3_auth/kibana/src/config.js:
elasticsearch: "http://"+window.location.hostname+":8000",

bundle exec rackup -p 8000

Error in kibana:
"Error: could not contact ElasticSearch at http://localhost:8000". Please ensure ...."

It's worth noting that if I plug the ES path into config.js, kibana is fine. But then it's hitting ES directly and I get no tag filtering. Just thought I'd mention that to express that our ES/kibana works but we'd like to get the kibana3_auth functionality in our environment.

Any help would be greatly appreciated.
Thanks!

I need some help to deploy it on Passenger-nginx.

someone have done this? I got no experience with Passenger-nginx

Hello and thanks for this. I'll describe my setup:

Both logs.example.com and search.example.com are served via an nginx proxy. Each service resides on its own node behind the proxy. I can GET from elasticsearch as expected and if I run Kibana on port 80, all is good.

I stopped Kibana (nginx) and am attempting to use kibana3_auth instead. Followed the instructions in issue #19 and starting the rack instance on port 80

kibana/src/config.js contains:
elasticsearch: "http://search.example.com:9200"

config/config.rb contains:
:backend => "http://search.example.com:9200"

Problem 1: Pointing my browser to logs.example.com does not result in a redirect to logs.example.com/login

So now I add the path manually

Problem 2: Now I can login (yay!) but nothing happens. On the rack side, I see this 302:

$forwarded_for - - [18/Aug/2014 17:08:08] "POST /login HTTP/1.1" 302 - 0.0024

I suspect this may be related to the proxy but could use some help.

Hi Christian,

You suggest to change the port in kibana config.js to 8000. It doesn't work as the rewrites fail.
If I set elasticsearch: '127.0.0.1:8000', what actually happens when I directlly connect to unicorn instance with the debug output:

/127.0.0.1:8000/_aliases
upstream_kibana
[404, {"Content-Type"=>"text/plain", "Content-Length"=>"41", "X-Cascade"=>"pass"}, ["File not found: /127.0.0.1:8000/_aliases\n"]]
127.0.0.1 - - [23/Sep/2013 17:10:59] "GET /127.0.0.1:8000/_aliases HTTP/1.1" 404 41 0.0020

So here it's seen that upstream_kibana is chosen, because regexp matches from the beginning (\A). Consequently 404, since the request should choose upstream_elasticsearch.

auth works only if I setup proxy in front of unicorn instance and set elasticsearch in config.js to window.location.protocol+"//"+window.location.host

Sample config of nginx proxying kibana3_auth can look like this:
server {
listen 80;
server_name logs.example.net ;
location / {
proxy_pass http://localhost:8000;
}
}

Maybe it's worth reflecting in the documentation, if my assumptions are right. Or rewrite should handle the leading hostname and port.
Would you please comment on this?

Thank you,
Denis

Looking at kibana and kibana+kibana3_auth, the user interfaces are different.
The top header only has 'Log Out' link which I think it should be able to adjust and add more panels like dashboard control, timestamp, etc.. as original one can do.

This will greatly ease the usability.

Please consider, thanks!