Elasticsearch version (bin/elasticsearch --version
):
Version: 6.2.2, Build: 10b1edd/2018-02-16T19:01:30.685723Z, JVM: 1.8.0_121
and
Version: 5.6.6, Build: 7d99d36/2018-01-09T23:55:47.880Z, JVM: 1.8.0_121
Plugins installed: [x-pack, repository-hdfs]
JVM version (java -version
):
java version "1.8.0_121"
Java(TM) SE Runtime Environment (build 1.8.0_121-tdc1-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.121-b13, mixed mode)
OS version (uname -a
if on a Unix-like system):
SLES Linux 3.0.101-0.113.TDC.1.R.0-default SMP Fri Dec 9 04:51:20 PST 2016 (ca32437) x86_64 x86_64 x86_64 GNU/Linux
Chrome version:
Version 65.0.3325.181 (Official Build) (64-bit)
Description of the problem including expected versus actual behavior:
We setup a proof of concept Cross-cluster search between our "local" 6x cluster and "remote" 5x cluster.
We were able to achieve the same results described in the examples.
However did some additional exploration of how cross-cluster search behaves.
In Chrome:
https://our.elastic.url/5x:remote_index,local_index/_search
behaves as expected but searching the remote index alone
https://our.elastic.url/5x:remote_index/_search
returns
{
"error": {
"root_cause": [
{
"type": "security_exception",
"reason": "action [indices:admin/shards/search_shards] requires authentication",
"header": {
"WWW-Authenticate": "Basic realm=\"security\" charset=\"UTF-8\""
}
}
],
"type": "transport_exception",
"reason": "unable to communicate with remote cluster [DEV35x]",
"caused_by": {
"type": "security_exception",
"reason": "action [indices:admin/shards/search_shards] requires authentication",
"header": {
"WWW-Authenticate": "Basic realm=\"security\" charset=\"UTF-8\""
}
}
},
"status": 500
}
Chrome developer tools show that the authenticate header is not being sent in the request (missing a 401 check/response?).
The same call (searching the remote index alone) return results in Kibana DEV tools, Internet Explorer and curl.
While the behavior seems to be limited to Chrome I thought it was still good to share.
Thank you.
Steps to reproduce:
Initially both clusters were hosted on the same set of machines. Later tested on separate machines, today I tested between two 6x clusters and continue to see the security exception.
- Setup Cross-cluster search to a
remote_cluster
and create aremote_index
where authentication will be required - In Kibana DEV tools
GET /remote_cluster:remote_index/_search
should return results - Access from Chrome
https://elastichost:port/remote_cluster:remote_index/_search
should return the security exception