Index migration failed

Security
1

Hi! I’m working with docker and 1.1.0 opendistro for es version, i noticed that if i put on kibana.yml

opendistro_security.multitenancy.enabled: true

i get this error:

index migration failed for opendistro 7.1.1

i checked migrate_tenants.js:

/*
 * Copyright 2015-2018 _floragunn_ GmbH
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 */
/*
 * Portions Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License").
 * You may not use this file except in compliance with the License.
 * A copy of the License is located at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * or in the "license" file accompanying this file. This file is distributed
 * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
 * express or implied. See the License for the specific language governing
 * permissions and limitations under the License.
 */

import _ from 'lodash';
import Boom from 'boom';
import elasticsearch from 'elasticsearch';
import wrapElasticsearchError from './../backend/errors/wrap_elasticsearch_error';
import { KibanaMigrator} from "../../../../src/legacy/server/saved_objects/migrations/kibana";

async function migrateTenants (server) {

    const backend = server.plugins.opendistro_security.getSecurityBackend();

    try {
        let tenantInfo = await backend.getTenantInfoWithInternalUser();

        if (tenantInfo) {
             let indexNames = Object.keys(tenantInfo);
             for (var index = 0; index < indexNames.length; ++index) {
                 await migrateTenantIndex(indexNames[index], server);
             }
         }
    } catch (error) {
        server.log(['error', 'migration'], error);
        throw error;
    }
}

async function migrateTenantIndex(tenantIndexName, server) {
    const {kbnServer} = mockKbnServer(server.kibanaMigrator.kbnServer, server, tenantIndexName);
    const migrator = new KibanaMigrator({kbnServer});
    await  migrator.awaitMigration();
}

async function migrateTenant(tenantIndexName, force, server) {
    const backend = server.plugins.opendistro_security.getSecurityBackend();
    try {
        let tenantInfo = await backend.getTenantInfoWithInternalUser();
        if (tenantInfo) {
            if (tenantInfo[tenantIndexName] || (force == true)) {
                await migrateTenantIndex(tenantIndexName, server);
                return {statusCode:200, message: tenantIndexName + " migrated."}
            } else {
                return Boom.badRequest('Index ' + tenantIndexName + ' not found or not a tenand index. Force migration: ' + force);
            }
        } else {
            return Boom.badImplementation("Could not fetch tenant info.");
        }
    } catch (error) {
        server.log(['error', 'migration'], error);
        return wrapElasticsearchError(error);
    }
}

function mockKbnServer(originalKbnServer, server, indexname) {

    const kbnServer = {
        version: originalKbnServer.version,
        ready: originalKbnServer.ready,
        uiExports: originalKbnServer.uiExports,
        server: {
            config: () => ({
                get: ((name) => {
                    switch (name) {
                        case 'kibana.index':
                            return indexname;
                        case 'migrations.batchSize':
                            return originalKbnServer.server.config().get("migrations.batchSize");
                        case 'migrations.pollInterval':
                            return originalKbnServer.server.config().get("migrations.pollInterval");
                        case 'migrations.scrollDuration':
                            return originalKbnServer.server.config().get("migrations.scrollDuration");
                        default:
                            throw new Error(`Unexpected config ${name}`);
                    }
                })
            }),
            log: function (tags, data, timestamp, _internal) {
                server.log(tags, data, timestamp, _internal);
            },
            plugins: originalKbnServer.server.plugins
        }
    };

    return { kbnServer };
}

module.exports.migrateTenants=migrateTenants;
module.exports.migrateTenant=migrateTenant;

kibana returns this error in logs:

kibana               | {"type":"log","@timestamp":"2019-08-06T09:36:33Z","tags":["status","plugin:opendistro_security@7.1.1","info"],"pid":1,"state":"yellow","message":"Status changed from yellow to yellow - Tenant indices migration failed","prevState":"yellow","prevMsg":"Setting up index template."}
kibana               | {"type":"log","@timestamp":"2019-08-06T09:36:34Z","tags":["info","migrations"],"pid":1,"message":"Creating index .kibana_1."}
kibana               | {"type":"log","@timestamp":"2019-08-06T09:36:34Z","tags":["info","migrations"],"pid":1,"message":"Pointing alias .kibana to .kibana_1."}

if i disable multitenancy by putting opendistro_security.multitenancy.enabled: false, when i try to login with users that are not admin i get this error:

elasticsearch | [2019-08-06T09:24:30,239][WARN ][c.a.o.s.c.PrivilegesInterceptorImpl] [a5790f362956] Tenant global_tenant is not allowed for user cn=user,ou=people,dc=example,dc=com

How can i fix this?

2

Hi! how did you fix this?

3

Is it fresh install or upgrade? If upgrade, what was the previous version?