Hey guys,
I have a user setup with the logstash role:
[root@logs:~] #esusers list|grep ls_admin
ls_admin : logstash
I've got him defined in my elasticsearch section of my output filter:
output {
elasticsearch {
hosts => ["xxx.xxx.xx.xxx:9200", "xx.xx.xx.xxx:9200", "xx.xx.xx.xx:9200"]
user => "ls_admin"
password => "secret"
}
And in my roles.yml fie I have my logstash role defined defined this way:
The required role for logstash users
logstash:
cluster:
- manage_index_templates
indices:
- names: 'logstash-*'
privileges:
- write
- read
- create_index
- cluster:monitor/nodes/info
- cluster:monitor/health
Restarted elasticsearch. And I am still unable to create indexes with the ls_admin user and I am still unable to access the monitoring API's.
[root@logs:~] #curl -u ls_admin:$ES_PASS localhost:9200/test_index -XPUT
{"error":{"root_cause":[{"type":"security_exception","reason":"action [indices:admin/create] is unauthorized for user [ls_admin]"}],"type":"security_exception","reason":"action [indices:admin/create] is unauthorized for user [ls_admin]"},"status":403}[root@logs:~] #
[root@logs:~] #curl -u ls_admin:$ES_PASS localhost:9200/_cluster/health?pretty
{
"error" : {
"root_cause" : [ {
"type" : "security_exception",
"reason" : "action [cluster:monitor/health] is unauthorized for user [ls_admin]"
} ],
"type" : "security_exception",
"reason" : "action [cluster:monitor/health] is unauthorized for user [ls_admin]"
},
"status" : 403
}
What am I doing wrong and how can I correct this?
Thanks