Hi! I’m working with docker and 1.1.0 opendistro for es version, i noticed that if i put on kibana.yml
opendistro_security.multitenancy.enabled: true
i get this error:
index migration failed for opendistro 7.1.1
i checked migrate_tenants.js:
/*
* Copyright 2015-2018 _floragunn_ GmbH
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
/*
* Portions Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License").
* You may not use this file except in compliance with the License.
* A copy of the License is located at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* or in the "license" file accompanying this file. This file is distributed
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
import _ from 'lodash';
import Boom from 'boom';
import elasticsearch from 'elasticsearch';
import wrapElasticsearchError from './../backend/errors/wrap_elasticsearch_error';
import { KibanaMigrator} from "../../../../src/legacy/server/saved_objects/migrations/kibana";
async function migrateTenants (server) {
const backend = server.plugins.opendistro_security.getSecurityBackend();
try {
let tenantInfo = await backend.getTenantInfoWithInternalUser();
if (tenantInfo) {
let indexNames = Object.keys(tenantInfo);
for (var index = 0; index < indexNames.length; ++index) {
await migrateTenantIndex(indexNames[index], server);
}
}
} catch (error) {
server.log(['error', 'migration'], error);
throw error;
}
}
async function migrateTenantIndex(tenantIndexName, server) {
const {kbnServer} = mockKbnServer(server.kibanaMigrator.kbnServer, server, tenantIndexName);
const migrator = new KibanaMigrator({kbnServer});
await migrator.awaitMigration();
}
async function migrateTenant(tenantIndexName, force, server) {
const backend = server.plugins.opendistro_security.getSecurityBackend();
try {
let tenantInfo = await backend.getTenantInfoWithInternalUser();
if (tenantInfo) {
if (tenantInfo[tenantIndexName] || (force == true)) {
await migrateTenantIndex(tenantIndexName, server);
return {statusCode:200, message: tenantIndexName + " migrated."}
} else {
return Boom.badRequest('Index ' + tenantIndexName + ' not found or not a tenand index. Force migration: ' + force);
}
} else {
return Boom.badImplementation("Could not fetch tenant info.");
}
} catch (error) {
server.log(['error', 'migration'], error);
return wrapElasticsearchError(error);
}
}
function mockKbnServer(originalKbnServer, server, indexname) {
const kbnServer = {
version: originalKbnServer.version,
ready: originalKbnServer.ready,
uiExports: originalKbnServer.uiExports,
server: {
config: () => ({
get: ((name) => {
switch (name) {
case 'kibana.index':
return indexname;
case 'migrations.batchSize':
return originalKbnServer.server.config().get("migrations.batchSize");
case 'migrations.pollInterval':
return originalKbnServer.server.config().get("migrations.pollInterval");
case 'migrations.scrollDuration':
return originalKbnServer.server.config().get("migrations.scrollDuration");
default:
throw new Error(`Unexpected config ${name}`);
}
})
}),
log: function (tags, data, timestamp, _internal) {
server.log(tags, data, timestamp, _internal);
},
plugins: originalKbnServer.server.plugins
}
};
return { kbnServer };
}
module.exports.migrateTenants=migrateTenants;
module.exports.migrateTenant=migrateTenant;
kibana returns this error in logs:
kibana | {"type":"log","@timestamp":"2019-08-06T09:36:33Z","tags":["status","plugin:opendistro_security@7.1.1","info"],"pid":1,"state":"yellow","message":"Status changed from yellow to yellow - Tenant indices migration failed","prevState":"yellow","prevMsg":"Setting up index template."}
kibana | {"type":"log","@timestamp":"2019-08-06T09:36:34Z","tags":["info","migrations"],"pid":1,"message":"Creating index .kibana_1."}
kibana | {"type":"log","@timestamp":"2019-08-06T09:36:34Z","tags":["info","migrations"],"pid":1,"message":"Pointing alias .kibana to .kibana_1."}
if i disable multitenancy by putting opendistro_security.multitenancy.enabled: false
, when i try to login with users that are not admin i get this error:
elasticsearch | [2019-08-06T09:24:30,239][WARN ][c.a.o.s.c.PrivilegesInterceptorImpl] [a5790f362956] Tenant global_tenant is not allowed for user cn=user,ou=people,dc=example,dc=com
How can i fix this?