Can't get logstash user to authenticate to ES

security

(Tim Dunphy) #1

Hey guys,

I have a user setup with the logstash role:

[root@logs:~] #esusers list|grep ls_admin
ls_admin : logstash

I've got him defined in my elasticsearch section of my output filter:

output {
elasticsearch {
hosts => ["xxx.xxx.xx.xxx:9200", "xx.xx.xx.xxx:9200", "xx.xx.xx.xx:9200"]
user => "ls_admin"
password => "secret"
}

And in my roles.yml fie I have my logstash role defined defined this way:

The required role for logstash users

logstash:
cluster:
- manage_index_templates
indices:
- names: 'logstash-*'
privileges:
- write
- read
- create_index
- cluster:monitor/nodes/info
- cluster:monitor/health

Restarted elasticsearch. And I am still unable to create indexes with the ls_admin user and I am still unable to access the monitoring API's.

[root@logs:~] #curl -u ls_admin:$ES_PASS localhost:9200/test_index -XPUT
{"error":{"root_cause":[{"type":"security_exception","reason":"action [indices:admin/create] is unauthorized for user [ls_admin]"}],"type":"security_exception","reason":"action [indices:admin/create] is unauthorized for user [ls_admin]"},"status":403}[root@logs:~] #

[root@logs:~] #curl -u ls_admin:$ES_PASS localhost:9200/_cluster/health?pretty
{
"error" : {
"root_cause" : [ {
"type" : "security_exception",
"reason" : "action [cluster:monitor/health] is unauthorized for user [ls_admin]"
} ],
"type" : "security_exception",
"reason" : "action [cluster:monitor/health] is unauthorized for user [ls_admin]"
},
"status" : 403
}

What am I doing wrong and how can I correct this?

Thanks


(Jay Modi) #2

The two apis that you tried to use are not authorized for the logstash user based on the role.

Maybe try curl -u ls_admin:$ES_PASS localhost:9200/logstash-test -XPUT and see if that works. This way we can tell if they user is working.


(Tim Dunphy) #3

Yeah I just tried that and it's still not working!

[root@logs:~] #curl -u ls_admin:$ES_PASS localhost:9200/logstash-test -XPUT
{"error":{"root_cause":[{"type":"security_exception","reason":"action [indices:admin/create] is unauthorized for user [ls_admin]"}],"type":"security_exception","reason":"action [indices:admin/create] is unauthorized for user [ls_admin]"},"status":403}

Any ideas how I can correct this?


(Dev Day) #4

Did you manage to find a solution for this?
I've got the same issue.


(Tim Vernum) #5

Please start a new thread for your issue, and provide as much detail as you can.


(system) #6