We have ES configured to allow a light amount of anonymous access to the cluster for the simplest types of debugging, monitoring, etc.
elasticsearch.yaml
shield.authc.anonymous.roles: monitoring
shield.authc.anonymous.username: anonymous_user
shield.authc.authz_exception.authz_exception: true
roles.yaml
monitoring:
cluster: monitor
indices:
"*": monitor
So simple curl calls work just fine..
[root@staging-us1-search-es-uswest2-9:/etc/elasticsearch/staging-us1-search/shield:60]# curl --insecure https://localhost:9200/_cluster/health?pretty
{
"cluster_name" : "staging-us1-search",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 2,
"number_of_data_nodes" : 2,
"active_primary_shards" : 2,
"active_shards" : 4,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
We can also access the kopf plugin.. but when we do, it fails to load any data with the following error (ignore the URL .. thats me doing some tunneling to get to the server)
If we switch the anonymous access to use the admin role, it works fine .. so im pretty sure this is just a role issue. Can someone help me create a role that will give the kopf plugin access to the data it needs?