Kibana Canvas插件不适用于SearchGuard

时间:2018-07-05 04:27:51

标签: javascript elasticsearch elastic-stack kibana-6

我已经安装了版本6.3.0的ELK堆栈,并且还在Kibana中安装了Canvas插件。但它似乎不起作用,因为在Canvas创建对Elasticsearch的请求时存在身份验证问题。我使用SearchGuard进行身份验证,而不是使用X-Pack安全性。

以下是我的安装详细信息:

1. Elasticsearch
    Version: 6.3.0
    Plugins: - search-guard-6

2. Kibana
    Version: 6.3.0
    Plugins: - canvas@0.1.2015
             - searchguard@6.3.0-13

这是kibana日志输出:

common/interpret esdocs: invokeChain rejected { Authentication Exception :: {"path":"/memberbebe/_search","query":{},"body":"{\"_source\":[],\"query\":{\"bool\":{\"must\":[{\"query_string\":{\"query\":\"-_index:.kibana\"}}]}},\"size\":100}","statusCode":401,"response":"Unauthorized","wwwAuthenticateDirective":"Basic realm=\"Search Guard\""}
    at respond (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)
    at checkRespForFailure (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)
    at HttpConnector.<anonymous> (/usr/share/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)
    at IncomingMessage.bound (/usr/share/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)
    at emitNone (events.js:111:20)
    at IncomingMessage.emit (events.js:208:7)
    at endReadableNT (_stream_readable.js:1064:12)
    at _combinedTickCallback (internal/process/next_tick.js:138:11)
    at process._tickDomainCallback (internal/process/next_tick.js:218:9)
  status: 401,
  displayName: 'AuthenticationException',
  message: 'Authentication Exception',
  path: '/memberbebe/_search',
  query: {},
  body: 'Unauthorized',
  statusCode: 401,
  response: 'Unauthorized',
  wwwAuthenticateDirective: 'Basic realm="Search Guard"',
  toString: [Function],
  toJSON: [Function],
  isBoom: true,
  isServer: false,
  data: null,
  output: 
   { statusCode: 401,
     payload: 
      { statusCode: 401,
        error: 'Unauthorized',
        message: 'Authentication Exception' },
     headers: { 'WWW-Authenticate': 'Basic realm="Authorization Required"' } },
  reformat: [Function] }
common/interpret esdocs: invokeChain rejected { Authentication Exception :: {"path":"/memberbebe/_search","query":{},"body":"{\"_source\":[],\"query\":{\"bool\":{\"must\":[{\"query_string\":{\"query\":\"-_index:.kibana\"}}]}},\"size\":100}","statusCode":401,"response":"Unauthorized","wwwAuthenticateDirective":"Basic realm=\"Search Guard\""}
    at respond (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)
    at checkRespForFailure (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)
    at HttpConnector.<anonymous> (/usr/share/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)
    at IncomingMessage.bound (/usr/share/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)
    at emitNone (events.js:111:20)
    at IncomingMessage.emit (events.js:208:7)
    at endReadableNT (_stream_readable.js:1064:12)
    at _combinedTickCallback (internal/process/next_tick.js:138:11)
    at process._tickDomainCallback (internal/process/next_tick.js:218:9)
  status: 401,
  displayName: 'AuthenticationException',
  message: 'Authentication Exception',
  path: '/memberbebe/_search',
  query: {},
  body: 'Unauthorized',
  statusCode: 401,
  response: 'Unauthorized',
  wwwAuthenticateDirective: 'Basic realm="Search Guard"',
  toString: [Function],
  toJSON: [Function],
  isBoom: true,
  isServer: false,
  data: null,
  output: 
   { statusCode: 401,
     payload: 
      { statusCode: 401,
        error: 'Unauthorized',
        message: 'Authentication Exception' },
     headers: { 'WWW-Authenticate': 'Basic realm="Authorization Required"' } },
  reformat: [Function] }
common/interpret esdocs: invokeChain rejected { Authentication Exception :: {"path":"/memberbebe/_search","query":{},"body":"{\"_source\":[],\"query\":{\"bool\":{\"must\":[{\"query_string\":{\"query\":\"-_index:.kibana\"}}]}},\"size\":100}","statusCode":401,"response":"Unauthorized","wwwAuthenticateDirective":"Basic realm=\"Search Guard\""}
    at respond (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)
    at checkRespForFailure (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)
    at HttpConnector.<anonymous> (/usr/share/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)
    at IncomingMessage.bound (/usr/share/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)
    at emitNone (events.js:111:20)
    at IncomingMessage.emit (events.js:208:7)
    at endReadableNT (_stream_readable.js:1064:12)
    at _combinedTickCallback (internal/process/next_tick.js:138:11)
    at process._tickDomainCallback (internal/process/next_tick.js:218:9)
  status: 401,
  displayName: 'AuthenticationException',
  message: 'Authentication Exception',
  path: '/memberbebe/_search',
  query: {},
  body: 'Unauthorized',
  statusCode: 401,
  response: 'Unauthorized',
  wwwAuthenticateDirective: 'Basic realm="Search Guard"',
  toString: [Function],
  toJSON: [Function],
  isBoom: true,
  isServer: false,
  data: null,
  output: 
   { statusCode: 401,
     payload: 
      { statusCode: 401,
        error: 'Unauthorized',
        message: 'Authentication Exception' },
     headers: { 'WWW-Authenticate': 'Basic realm="Authorization Required"' } },
  reformat: [Function] }
common/interpret esdocs: invokeChain rejected { Authentication Exception :: {"path":"/memberbebe/_search","query":{},"body":"{\"_source\":[],\"query\":{\"bool\":{\"must\":[{\"query_string\":{\"query\":\"-_index:.kibana\"}}]}},\"size\":100}","statusCode":401,"response":"Unauthorized","wwwAuthenticateDirective":"Basic realm=\"Search Guard\""}
    at respond (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)
    at checkRespForFailure (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)
    at HttpConnector.<anonymous> (/usr/share/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)
    at IncomingMessage.bound (/usr/share/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)
    at emitNone (events.js:111:20)
    at IncomingMessage.emit (events.js:208:7)
    at endReadableNT (_stream_readable.js:1064:12)
    at _combinedTickCallback (internal/process/next_tick.js:138:11)
    at process._tickDomainCallback (internal/process/next_tick.js:218:9)
  status: 401,
  displayName: 'AuthenticationException',
  message: 'Authentication Exception',
  path: '/memberbebe/_search',
  query: {},
  body: 'Unauthorized',
  statusCode: 401,
  response: 'Unauthorized',
  wwwAuthenticateDirective: 'Basic realm="Search Guard"',
  toString: [Function],
  toJSON: [Function],
  isBoom: true,
  isServer: false,
  data: null,
  output: 
   { statusCode: 401,
     payload: 
      { statusCode: 401,
        error: 'Unauthorized',
        message: 'Authentication Exception' },
     headers: { 'WWW-Authenticate': 'Basic realm="Authorization Required"' } },
  reformat: [Function] }
common/interpret esdocs: invokeChain rejected { Authentication Exception :: {"path":"/memberbebe/_search","query":{},"body":"{\"_source\":[],\"query\":{\"bool\":{\"must\":[{\"query_string\":{\"query\":\"-_index:.kibana\"}}]}},\"size\":100}","statusCode":401,"response":"Unauthorized","wwwAuthenticateDirective":"Basic realm=\"Search Guard\""}
    at respond (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)
    at checkRespForFailure (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)
    at HttpConnector.<anonymous> (/usr/share/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)
    at IncomingMessage.bound (/usr/share/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)
    at emitNone (events.js:111:20)
    at IncomingMessage.emit (events.js:208:7)
    at endReadableNT (_stream_readable.js:1064:12)
    at _combinedTickCallback (internal/process/next_tick.js:138:11)
    at process._tickDomainCallback (internal/process/next_tick.js:218:9)
  status: 401,
  displayName: 'AuthenticationException',
  message: 'Authentication Exception',
  path: '/memberbebe/_search',
  query: {},
  body: 'Unauthorized',
  statusCode: 401,
  response: 'Unauthorized',
  wwwAuthenticateDirective: 'Basic realm="Search Guard"',
  toString: [Function],
  toJSON: [Function],
  isBoom: true,
  isServer: false,
  data: null,
  output: 
   { statusCode: 401,
     payload: 
      { statusCode: 401,
        error: 'Unauthorized',
        message: 'Authentication Exception' },
     headers: { 'WWW-Authenticate': 'Basic realm="Authorization Required"' } },
  reformat: [Function] }

如何解决此问题?有什么建议吗?

谢谢

1 个答案:

答案 0 :(得分:0)

最后,我自己找到了临时解决方案。

我正在第37行中编辑文件 /plugins/canvas/server/routes/socket.js 

if (server.plugins.security) request.headers.authorization = authHeader;

收件人:

request.headers.authorization = "Basic <HASHED_USER_PASS>";

SearchGuard用户名:SearchGuard密码,该密码使用Base64编码。

我知道我的解决方案可能不是最好的解决方案,需要改进,但我希望它可以帮助其他遇到相同问题的用户。

谢谢。

相关问题
最新问题