[internal:discovery/zen/unicast] is unauthorized for user [anonymous_user]

I have configured X-Pack in my ES Cluster and enabled anonymous_user with the following privileges,

'{"cluster":["monitor","monitor_ml","monitor_watcher","cluster:admin/xpack/monitoring/bulk","internal:discovery/zen/unicast"],"indices":[{"names":["*"],"privileges":["create_index","monitor","view_index_metadata","read","write","indices:admin/refresh"]}]}'
I am getting the following error in Elasticsearch log file,
Caused by: org.elasticsearch.ElasticsearchSecurityException: action [internal:discovery/zen/unicast] is unauthorized for user [anonymous_user]

How I can include "internal:discovery/zen/unicast" in anonymous_user privileges.

Hi @sukeshss ,

This might be a bug, but we need more information.
Can you please share the elasticsearch.log file and the elasticsearch.yml files?
Role definitions for the roles of the xpack.security.authc.anonymous.roles config key will also
help us a bunch.

Thank you,
Albert

Hi @Albert_Zaharovits,

Thanks for the quick response. Please find the elasticsearch.yml. elasticsearch.log and xpack.security.authc.anonymous.roles details below,

elasticsearch.yml

cluster.name: test_cluster
node.name: stg-master
node.master: true
node.data: true
path.data: /es_data/elasticsearch
http.port: 9090
network.host: 0.0.0.0
action.auto_create_index: true
discovery.zen.ping.unicast.hosts: ["192.168.1.147"]
discovery.zen.minimum_master_nodes: 1
script.engine.groovy.inline.aggs: true
bootstrap.memory_lock: true
thread_pool.bulk.queue_size: 5000
thread_pool.search.queue_size: 5000

xpack.security.enabled: true
xpack.monitoring.enabled: true
xpack.security.audit.enabled: true
xpack.security.audit.outputs: [ index, logfile ]

xpack.security.authc:
anonymous:
username: anonymous_user
roles: ES_Readonly
authz_exception: true

elasticsearch log

[2018-09-12T08:25:41,765][WARN ][o.e.d.z.UnicastZenPing ] [stg-master] failed to send ping to [{stg-data}{MW7bCfSGQZ-sMNpvvqr7gQ}{UttkJZ6ySTeLzcVcw-W-Uw}{192.168.1.157}{192.168.1.157:9300}{ml.max_open_jobs=10, ml.enabled=true}]
org.elasticsearch.transport.RemoteTransportException: [stg-pacman-data][192.168.1.157:9300][internal:discovery/zen/unicast]
Caused by: org.elasticsearch.ElasticsearchSecurityException: action [internal:discovery/zen/unicast] is unauthorized for user [anonymous_user]
at org.elasticsearch.xpack.security.support.Exceptions.authorizationError(Exceptions.java:45) ~[?:?]
at org.elasticsearch.xpack.security.authz.AuthorizationService.denialException(AuthorizationService.java:511) ~[?:?]
at org.elasticsearch.xpack.security.authz.AuthorizationService.denial(AuthorizationService.java:482) ~[?:?]
at org.elasticsearch.xpack.security.authz.AuthorizationService.authorize(AuthorizationService.java:195) ~[?:?]
at org.elasticsearch.xpack.security.transport.ServerTransportFilter$NodeProfile.lambda$authorizeAsync$5(ServerTransportFilter.java:190) ~[?:?]
at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.maybeRun(AuthorizationUtils.java:127) ~[?:?]
at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.setRunAsRoles(AuthorizationUtils.java:121) ~[?:?]
at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.authorize(AuthorizationUtils.java:109) ~[?:?]
at org.elasticsearch.xpack.security.transport.ServerTransportFilter$NodeProfile.authorizeAsync(ServerTransportFilter.java:193) ~[?:?]
at org.elasticsearch.xpack.security.transport.ServerTransportFilter$NodeProfile.lambda$inbound$2(ServerTransportFilter.java:162) ~[?:?]
at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:59) ~[elasticsearch-5.5.3.jar:5.5.3]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$writeAuthToContext$22(AuthenticationService.java:465) ~[?:?]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.writeAuthToContext(AuthenticationService.java:474) ~[?:?]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$handleNullToken$15(AuthenticationService.java:361) ~[?:?]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.handleNullToken(AuthenticationService.java:368) ~[?:?]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.consumeToken(AuthenticationService.java:295) ~[?:?]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$extractToken$7(AuthenticationService.java:267) ~[?:?]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.extractToken(AuthenticationService.java:284) ~[?:?]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$null$0(AuthenticationService.java:218) ~[?:?]
at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:59) ~[elasticsearch-5.5.3.jar:5.5.3]

xpack.security.authc.anonymous.roles

{
"cluster": [
"monitor",
"monitor_ml",
"monitor_watcher",
"cluster:admin/xpack/monitoring/bulk"
],
"indices": [
{
"names": [
"*"
],
"privileges": [
"create_index",
"monitor",
"view_index_metadata",
"read",
"write",
"indices:admin/refresh"
]
}
]
}

I am getting the following error while trying to configure X-pack in one of our ES Data node.
[2018-09-27T03:54:39,876][DEBUG][o.e.a.b.TransportBulkAction] [data-a] failed to execute pipeline [xpack_monitoring_6] for document [.monitoring-es-6-2018.09.27/doc/null]
java.lang.IllegalArgumentException: pipeline with id [xpack_monitoring_6] does not exist
at org.elasticsearch.ingest.PipelineExecutionService.getPipeline(PipelineExecutionService.java:194) ~[elasticsearch-5.5.1.jar:5.5.1]
at org.elasticsearch.ingest.PipelineExecutionService.access$100(PipelineExecutionService.java:41) ~[elasticsearch-5.5.1.jar:5.5.1]
at org.elasticsearch.ingest.PipelineExecutionService$2.doRun(PipelineExecutionService.java:88) [elasticsearch-5.5.1.jar:5.5.1]
at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:638) [elasticsearch-5.5.1.jar:5.5.1]
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) [elasticsearch-5.5.1.jar:5.5.1]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_141]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_141]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_141]

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.