Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Opendistro tenants: Error opening the app #1890

Closed
jesuslinares opened this issue Nov 12, 2019 · 4 comments
Closed

Opendistro tenants: Error opening the app #1890

jesuslinares opened this issue Nov 12, 2019 · 4 comments
Assignees
@pablotr9
Labels
type/bug Bug issue
Milestone
Sprint 110 - Kibana

Comments

@jesuslinares
Copy link
Contributor

Hi team,

Opendistro has the tenant feature that is similar to spaces in the official Elastic version.

When it is enabled, opendistro uses a .kibana-x-username index to store the user information. Example:

.kibana_1
.kibana_-1666338091_elastic
.kibana_231986579_wazuhadmin

As you can see, only .kibana_1 has the index-pattern config object.

curl -k -u xxx_xxx "https://odfe:9200/.kibana_-1666338091_elastic/_search?pretty" | grep '"_id" :'
"_id" : "config:7.2.0",

curl -k -u xxx:xxx "https://odfe:9200/.kibana_1/_search?pretty" | grep '"_id" :'
"_id" : "index-pattern:wazuh-monitoring-3.x-*",
"_id" : "config:7.2.0",
"_id" : "index-pattern:wazuh-alerts",

So, if I open the app using the elastic user, I see the following error:

image

If I create the index pattern manually for that user, it works properly. But, this should be performed by the app.
@jesuslinares jesuslinares added the type/bug Bug issue label Nov 12, 2019
@juankaromo juankaromo added this to the Sprint 104 - Kibana App milestone Dec 2, 2019
@rlk5546
Copy link

rlk5546 commented Dec 6, 2019

Related to #1319

@pablotr9
Copy link
Contributor

pablotr9 commented Apr 13, 2020
edited
Loading

As mentioned in the description of the issue when using the Wazuh app with a tenant, the Wazuh app is not able to find the Wazuh template nor the Wazuh alert's index pattern.

Our app currently creates and fetch that data from the .kibana index but when using tenants in Opendistro, this information is stored in the .kibana_XXXX_<tenant> index instead of the .kibana index as Kibana does.

Steps to reproduce:

  1. Create a tenant:
PUT _opendistro/_security/api/tenants/example_tenant-2
{
  "description": "example tenant"
}
  1. Check the new .kibana_XXXX_tenantname index was created:
    image
  2. See Wazuh app error:
    image

server.plugins.opendistro_security doesn't contain anything that could be helpful

odfe-kibana   |    { status:
odfe-kibana   |    Status {
odfe-kibana   |      _events: [Object: null prototype] { change: [Function] },
odfe-kibana   |      _eventsCount: 1,
odfe-kibana   |      _maxListeners: undefined,
odfe-kibana   |      id: 'plugin:[email protected]',
odfe-kibana   |      since: 2020-04-13T15:10:42.878Z,
odfe-kibana   |      state: 'yellow',
odfe-kibana   |      message: 'Routes for Security configuration GUI registered.',
odfe-kibana   |      plugin:
odfe-kibana   |       Plugin {
odfe-kibana   |         kbnServer: [KbnServer],
odfe-kibana   |         spec: [ScopedPluginSpec],
odfe-kibana   |         pkg: [Object],
odfe-kibana   |         path: '/usr/share/kibana/plugins/opendistro_security',
odfe-kibana   |         id: 'opendistro_security',
odfe-kibana   |         version: '1.6.0.0',
odfe-kibana   |         requiredIds: [Array],
odfe-kibana   |         externalPreInit: undefined,
odfe-kibana   |         externalInit: [AsyncFunction: init],
odfe-kibana   |         externalPostInit: undefined,
odfe-kibana   |         enabled: true,
odfe-kibana   |         configPrefix: 'opendistro_security',
odfe-kibana   |         publicDir: '/usr/share/kibana/plugins/opendistro_security/public',
odfe-kibana   |         preInit: [Function],
odfe-kibana   |         init: [Function],
odfe-kibana   |         postInit: [Function],
odfe-kibana   |         _server: [Object],
odfe-kibana   |         _options: [Object],
odfe-kibana   |         status: [Circular] },
odfe-kibana   |      error: null },
odfe-kibana   |   getSecurityBackend: [Function],
odfe-kibana   |   getSecurityConfigurationBackend: [Function] }

Possible solutions

  1. Reindex the .kibana into .kibana_XXXX_tenantname index. This one is NOT RECOMMENDED but can be used as a workaround to make the Wazuh app works until this is fixed.

  2. We can know the current tenant with this request:

GET _opendistro/_security/api/account

image

With that information, we can change our backend to create and get data from the index: .kibana_XXXX_<user_requested_tenant>* instead of the .kibana index.

  1. We are manually inserting the index patter into the .kibana index, which is not recommended, instead, we should use the Saved Object Apis. This is how the Kibana UI adds new index patterns so they are stored in the correct tenant user: https://www.elastic.co/guide/en/kibana/master/saved-objects-api-create.html#saved-objects-api-create-example

@pablotr9 pablotr9 mentioned this issue Apr 15, 2020
Closed
@kernel-sanders
Copy link

kernel-sanders commented Apr 16, 2020
edited
Loading

I am having this issue on OpenDistro without tenants enabled. If I create the index manually with a PUT of https://github.com/wazuh/wazuh/blob/master/extensions/elasticsearch/7.x/wazuh-template.json to /_template/wazuh I can open the app but it is blank and the console shows:

kbn-ui-shared-deps.js:368 TypeError: Cannot read property 'type' of undefined
    at isDefaultTypeIndexPattern (commons.bundle.js:formatted:34743)
    at discoverController (wazuh.bundle.js:35)
    at Object.invoke (kbn-ui-shared-deps.js:368)
    at kbn-ui-shared-deps.js:368
    at ae (kbn-ui-shared-deps.js:368)
    at kbn-ui-shared-deps.js:368
    at ae (kbn-ui-shared-deps.js:368)
    at kbn-ui-shared-deps.js:368
    at ae (kbn-ui-shared-deps.js:368)
    at kbn-ui-shared-deps.js:368 "<div ng-view="" data-ng-animate="1">"

which is the same error seen here: #1234

Is there a trick to getting Wazuh working with OpenDistro?

OpenDistro v1.6 (ES/kibana 7.6.1)
Logstash (oos) 7.6.1
wazuh-kibana 3.12.2_7.6.1
Wazuh Manager version 3.12.2-1

EDIT: I was actually using tenants/spaces (its on by default). Disable it with the following in plugins/opendistro_security/securityconfig/config.yml:

config:
  dynamic:
    kibana:
      multitenancy_enabled: false
      server_username: kibanaserver
      index: '.kibana'

It looks like #2197 will fix this issue.

@pablotr9
Copy link
Contributor

Hi @kernel-sanders ,

Yes, multinenancy is enabled by default, you can use the Wazuh App if multitenancy is disabled or if you want to use it with multitenancy enabled you can reindex the .kibana into .kibana_XXXX_tenantname index.

To do that, just list the indices:
GET _cat/indices
then find the .kibana_XXXX_tenantname index for your current tenant, then reindex .kibana index in it:

POST _reindex
{
  "source": {
    "index": ".kibana"
  },
  "dest": {
    "index": ".kibana_XXXX_tenantname"
  }
}

If the reindex was successfull the Wazuh app can now be used in that tenant,

We are currently working on this issue #2197 so the app will work correctly in Opendistro with multitenancy enabled.

Please let us know if have any other doubt!
Regards,

@juankaromo juankaromo mentioned this issue Apr 22, 2020
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pablotr9 pablotr9

Labels
type/bug Bug issue
Projects
None yet
Milestone
Sprint 110 - Kibana
Development

No branches or pull requests
5 participants
@kernel-sanders @jesuslinares @juankaromo @pablotr9 @rlk5546