search

sscarduzio / elasticsearch-readonlyrest-plugin

Free Elasticsearch security plugin and Kibana security plugin: super-easy Kibana multi-tenancy, Encryption, Authentication, Authorization, Auditing
https://readonlyrest.com
GNU General Public License v3.0
952 stars 165 forks source link

RoR only partially filter data #251

Closed parosio closed 7 years ago

parosio commented 7 years ago

Hello, I'm using readonlyrest-1.16.6_es5.4.0 on elastic 5.4.

I've got a dashboard with several visualizations showing data from multiple indices with the same initial part (index-pattern: logstash-va-*-alias). I want to limit access to a subset of the data to users belonging to a particular group, and set the following rules in elasticsearch.yml:

    access_control_rules:
       ...
    - name: Norge
      type: allow
      kibana_access: ro
      groups: ["Norge_ro"]
      indices: ["logstash-va-all-norge*", "logstash-va-score-norge*", ".kibana", ".kibana-devnull"]

       ...
    users:
    - username: norgeUsers
      proxy_auth: ["user_no_1", "user_no_2"]
      groups: ["Norge_ro"]

The problem is that the user user_no_1 sees also the data from other indices (ex: logstash-va-all-ghana)

I've tried to narrow down the problem to a dashboard with a single view, and the behavior was as expected, but after adding again some other vis objects I obtained a mixed situation, with some views limited to user's index, some others showing data from all the indices.

In the elastic logfile I find:

2017-07-06T17:32:31,700][ERROR][o.e.p.r.e.r.RCTransactionalIndices] Failed to set indices for type MultiSearchRequest
[2017-07-06T17:32:31,700][INFO ][o.e.p.r.e.r.SubRCTransactionalIndices] committing subrequest indices
[2017-07-06T17:32:31,700][INFO ][o.e.p.r.e.r.SubRCTransactionalIndices] committing subrequest indices
[2017-07-06T17:32:31,701][INFO ][o.e.p.r.e.r.SubRCTransactionalIndices] committing subrequest indices
[2017-07-06T17:32:31,701][INFO ][o.e.p.r.e.r.SubRCTransactionalIndices] committing subrequest indices
[2017-07-06T17:32:31,701][INFO ][o.e.p.r.e.r.SubRCTransactionalIndices] committing subrequest indices
sscarduzio commented 7 years ago

Hi @parosio thanks for reporting this, I think that ERROR log line is causing the problem. What version of ROR, ES, Kibana are you using?

TRISAF commented 7 years ago

Hello Simone, Paolo and me are using this versions: Ealsticsearch: 5.4.0 Kibana: 5.4.0 ReadOnlyrest: readonlyrest-1.16.6_es5.4.0

on a suse 11 server. Do you need more infos?

sscarduzio commented 7 years ago

Thanks, will try to reproduce.

Since you are at it, if you have the log line of the MultiSearchRequest that caused the issue? I mean, if you find the first occurrence of "MultiSearchRequest" with a sort of JSON log that exactly describes the reproducer requests would be awesome :)

Note to self: print also the request ID wherever in the code I print that error message...

TRISAF commented 7 years ago

@sscarduzio no json structure in the log.. i'm in tail -f and this is the output: [2017-07-06T18:44:10,761][INFO ][o.e.p.r.e.r.SubRCTransactionalIndices] committing subrequest indices [2017-07-06T18:44:10,762][INFO ][o.e.p.r.e.r.SubRCTransactionalIndices] committing subrequest indices

[2017-07-06T18:57:34,655][ERROR][o.e.p.r.e.r.RCTransactionalIndices] Failed to set indices for type MultiSearchRequest [2017-07-06T18:57:34,655][INFO ][o.e.p.r.e.r.SubRCTransactionalIndices] committing subrequest indices [2017-07-06T18:57:34,656][INFO ][o.e.p.r.e.r.SubRCTransactionalIndices] committing subrequest indices [2017-07-06T18:57:34,656][INFO ][o.e.p.r.e.r.SubRCTransactionalIndices] committing subrequest indices

... white line are enters in tail -f

TRISAF commented 7 years ago

This is the new full log: [2017-07-06T19:04:10,759][INFO ][o.e.c.r.a.AllocationService] [mCMhoMa] Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[.kibana][0]] ...]). [2017-07-06T19:04:25,451][INFO ][o.e.p.r.a.ACL ] request: { ID:1099131568-421457327, TYP:GetRequest, USR:UID0396181, BRS:false, ACT:indices:data/read/get, OA:127.0.0.1, IDX:.kibana, MET:GET, PTH:/.kibana/config/5.4.0, CNT:<OMITTED, LENGTH=0>, HDR:Connection,Content-Length,Host,x-forwarded-user, HIS:[HQ ReadOnly->[groups->false]], [::LOGSTASH::->[auth_key->false]], [Norge->[kibana_access->true, indices->true, proxy_auth->true]], [::KIBANA-SRV::->[auth_key->false]], [HQ Admins->[groups->false]] } matched block: Norge match: true} [2017-07-06T19:04:29,720][INFO ][o.e.p.r.a.ACL ] request: { ID:2095604348--510635281, TYP:SearchRequest, USR:UID0396181, BRS:false, ACT:indices:data/read/search, OA:127.0.0.1, IDX:.kibana, MET:POST, PTH:/.kibana/index-pattern/_search, CNT:<OMITTED, LENGTH=39>, HDR:Connection,content-length,content-type,Host,x-forwarded-for,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS:[HQ Admins->[groups->false]], [Norge->[kibana_access->true, indices->true, proxy_auth->true]], [HQ ReadOnly->[groups->false]], [::LOGSTASH::->[auth_key->false]], [::KIBANA-SRV::->[auth_key->false]] } matched block: Norge match: true} [2017-07-06T19:04:31,929][INFO ][o.e.p.r.a.ACL ] request: { ID:2133981836-368087516, TYP:GetFieldMappingsRequest, USR:UID0396181, BRS:false, ACT:indices:admin/mappings/fields/get, OA:127.0.0.1, IDX:.kibana, MET:GET, PTH:/.kibana/_mapping//field/_source, CNT:<OMITTED, LENGTH=0>, HDR:Connection,content-length,Host,x-forwarded-for,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS:[HQ Admins->[groups->false]], [Norge->[kibana_access->true, indices->true, proxy_auth->true]], [::LOGSTASH::->[auth_key->false]], [HQ ReadOnly->[groups->false]], [::KIBANA-SRV::->[auth_key->false]] } matched block: Norge match: true} [2017-07-06T19:04:31,935][INFO ][o.e.p.r.a.ACL ] request: { ID:2133981836-1186324545, TYP:GetFieldMappingsIndexRequest, USR:UID0396181, BRS:false, ACT:indices:admin/mappings/fields/get[index], OA:127.0.0.1, IDX:.kibana, MET:GET, PTH:/.kibana/_mapping//field/_source, CNT:<OMITTED, LENGTH=0>, HDR:Connection,content-length,Host,x-forwarded-for,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS:[::KIBANA-SRV::->[auth_key->false]], [HQ Admins->[groups->false]], [HQ ReadOnly->[groups->false]], [::LOGSTASH::->[auth_key->false]], [Norge->[kibana_access->true, indices->true, proxy_auth->true]] } matched block: Norge match: true} [2017-07-06T19:04:36,066][INFO ][o.e.p.r.a.ACL ] request: { ID:565708459-1824780536, TYP:MultiGetRequest, USR:UID0396181, BRS:false, ACT:indices:data/read/mget, OA:127.0.0.1, IDX:.kibana, MET:POST, PTH:/_mget, CNT:<OMITTED, LENGTH=96>, HDR:Connection,content-length,content-type,Host,x-forwarded-for,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS:[HQ ReadOnly->[groups->false]], [Norge->[kibana_access->true, indices->true, proxy_auth->true]], [::KIBANA-SRV::->[auth_key->false]], [::LOGSTASH::->[auth_key->false]], [HQ Admins->[groups->false]] } matched block: Norge match: true} [2017-07-06T19:04:36,070][INFO ][o.e.p.r.a.ACL ] request: { ID:565708459-267138138, TYP:MultiGetShardRequest, USR:UID0396181, BRS:false, ACT:indices:data/read/mget[shard], OA:127.0.0.1, IDX:.kibana, MET:POST, PTH:/_mget, CNT:<OMITTED, LENGTH=96>, HDR:Connection,content-length,content-type,Host,x-forwarded-for,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS:[HQ Admins->[groups->false]], [HQ ReadOnly->[groups->false]], [Norge->[kibana_access->true, indices->true, proxy_auth->true]], [::KIBANA-SRV::->[auth_key->false]], [::LOGSTASH::->[auth_key->false]] } matched block: Norge match: true} [2017-07-06T19:04:39,159][INFO ][o.e.p.r.a.ACL ] request: { ID:588649781-899029184, TYP:MultiGetRequest, USR:UID0396181, BRS:false, ACT:indices:data/read/mget, OA:127.0.0.1, IDX:.kibana, MET:POST, PTH:/_mget, CNT:<OMITTED, LENGTH=273>, HDR:Connection,content-length,content-type,Host,x-forwarded-for,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS:[::KIBANA-SRV::->[auth_key->false]], [::LOGSTASH::->[auth_key->false]], [HQ Admins->[groups->false]], [HQ ReadOnly->[groups->false]], [Norge->[kibana_access->true, indices->true, proxy_auth->true]] } matched block: Norge match: true} [2017-07-06T19:04:39,163][INFO ][o.e.p.r.a.ACL ] request: { ID:588649781-1117091340, TYP:MultiGetShardRequest, USR:UID0396181, BRS:false, ACT:indices:data/read/mget[shard], OA:127.0.0.1, IDX:.kibana, MET:POST, PTH:/_mget, CNT:<OMITTED, LENGTH=273>, HDR:Connection,content-length,content-type,Host,x-forwarded-for,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS:[::KIBANA-SRV::->[auth_key->false]], [HQ ReadOnly->[groups->false]], [Norge->[kibana_access->true, indices->true, proxy_auth->true]], [::LOGSTASH::->[auth_key->false]], [HQ Admins->[groups->false]] } matched block: Norge match: true} [2017-07-06T19:04:42,162][INFO ][o.e.p.r.a.ACL ] request: { ID:1166344069-698284200, TYP:MultiGetRequest, USR:UID0396181, BRS:false, ACT:indices:data/read/mget, OA:127.0.0.1, IDX:.kibana, MET:POST, PTH:/_mget, CNT:<OMITTED, LENGTH=248>, HDR:Connection,content-length,content-type,Host,x-forwarded-for,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS:[Norge->[kibana_access->true, indices->true, proxy_auth->true]], [::KIBANA-SRV::->[auth_key->false]], [::LOGSTASH::->[auth_key->false]], [HQ ReadOnly->[groups->false]], [HQ Admins->[groups->false]] } matched block: Norge match: true} [2017-07-06T19:04:42,166][INFO ][o.e.p.r.a.ACL ] request: { ID:1166344069-560167823, TYP:MultiGetShardRequest, USR:UID0396181, BRS:false, ACT:indices:data/read/mget[shard], OA:127.0.0.1, IDX:.kibana, MET:POST, PTH:/_mget, CNT:<OMITTED, LENGTH=248>, HDR:Connection,content-length,content-type,Host,x-forwarded-for,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS:[::KIBANA-SRV::->[auth_key->false]], [HQ ReadOnly->[groups->false]], [HQ Admins->[groups->false]], [::LOGSTASH::->[auth_key->false]], [Norge->[kibana_access->true, indices->true, proxy_auth->true]] } matched block: Norge match: true} [2017-07-06T19:04:45,183][INFO ][o.e.p.r.a.ACL ] request: { ID:1456885186-357884115, TYP:MultiGetRequest, USR:UID0396181, BRS:false, ACT:indices:data/read/mget, OA:127.0.0.1, IDX:.kibana, MET:POST, PTH:/_mget, CNT:<OMITTED, LENGTH=88>, HDR:Connection,content-length,content-type,Host,x-forwarded-for,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS:[Norge->[kibana_access->true, indices->true, proxy_auth->true]], [::KIBANA-SRV::->[auth_key->false]], [HQ ReadOnly->[groups->false]], [::LOGSTASH::->[auth_key->false]], [HQ Admins->[groups->false]] } matched block: Norge match: true} [2017-07-06T19:04:45,186][INFO ][o.e.p.r.a.ACL ] request: { ID:1456885186-714888556, TYP:MultiGetShardRequest, USR:UID0396181, BRS:false, ACT:indices:data/read/mget[shard], OA:127.0.0.1, IDX:.kibana, MET:POST, PTH:/_mget, CNT:<OMITTED, LENGTH=88>, HDR:Connection,content-length,content-type,Host,x-forwarded-for,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS:[HQ Admins->[groups->false]], [Norge->[kibana_access->true, indices->true, proxy_auth->true]], [HQ ReadOnly->[groups->false]], [::LOGSTASH::->[auth_key->false]], [::KIBANA-SRV::->[auth_key->false]] } matched block: Norge match: true} [2017-07-06T19:04:48,140][INFO ][o.e.p.r.a.ACL ] request: { ID:794354227-199736521, TYP:MultiSearchRequest, USR:UID0396181, BRS:false, ACT:indices:data/read/msearch, OA:127.0.0.1, IDX:eni-vuln-ass-all-norge-alias,eni-vuln-ass-all-norge, MET:POST, PTH:/_msearch, CNT:<OMITTED, LENGTH=3028>, HDR:Connection,content-length,content-type,Host,x-forwarded-for,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS:[Norge->[kibana_access->true, indices->true, proxy_auth->true]], [HQ Admins->[groups->false]], [::LOGSTASH::->[auth_key->false]], [::KIBANA-SRV::->[auth_key->false]], [HQ ReadOnly->[groups->false]] } matched block: Norge match: true} [2017-07-06T19:04:48,164][ERROR][o.e.p.r.e.r.RCTransactionalIndices] Failed to set indices for type MultiSearchRequest [2017-07-06T19:04:48,164][INFO ][o.e.p.r.e.r.SubRCTransactionalIndices] committing subrequest indices [2017-07-06T19:04:48,165][INFO ][o.e.p.r.e.r.SubRCTransactionalIndices] committing subrequest indices [2017-07-06T19:04:48,165][INFO ][o.e.p.r.e.r.SubRCTransactionalIndices] committing subrequest indices [2017-07-06T19:04:48,173][INFO ][o.e.p.r.a.ACL ] request: { ID:794354227-835204980, TYP:SearchRequest, USR:UID0396181, BRS:false, ACT:indices:data/read/search, OA:127.0.0.1, IDX:eni-vuln-ass-all-norge-alias,eni-vuln-ass-all-norge, MET:POST, PTH:/_msearch, CNT:<OMITTED, LENGTH=3028>, HDR:Connection,content-length,content-type,Host,x-forwarded-for,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS:[::LOGSTASH::->[auth_key->false]], [::KIBANA-SRV::->[auth_key->false]], [HQ Admins->[groups->false]], [HQ ReadOnly->[groups->false]], [Norge->[kibana_access->true, indices->true, proxy_auth->true]] } matched block: Norge match: true} [2017-07-06T19:04:48,238][INFO ][o.e.p.r.a.ACL ] request: { ID:794354227--1038901372, TYP:SearchRequest, USR:UID0396181, BRS:false, ACT:indices:data/read/search, OA:127.0.0.1, IDX:eni-vuln-ass-all-norge-alias,eni-vuln-ass-all-norge, MET:POST, PTH:/_msearch, CNT:<OMITTED, LENGTH=3028>, HDR:Connection,content-length,content-type,Host,x-forwarded-for,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS:[HQ ReadOnly->[groups->false]], [::KIBANA-SRV::->[auth_key->false]], [Norge->[kibana_access->true, indices->true, proxy_auth->true]], [HQ Admins->[groups->false]], [::LOGSTASH::->[auth_key->false]] } matched block: Norge match: true} [2017-07-06T19:04:48,241][INFO ][o.e.p.r.a.ACL ] request: { ID:794354227-988371324, TYP:SearchRequest, USR:UID0396181, BRS:false, ACT:indices:data/read/search, OA:127.0.0.1, IDX:eni-vuln-ass-all-norge-alias,eni-vuln-ass-all-norge, MET:POST, PTH:/_msearch, CNT:<OMITTED, LENGTH=3028>, HDR:Connection,content-length,content-type,Host,x-forwarded-for,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS:[HQ ReadOnly->[groups->false]], [::LOGSTASH::->[auth_key->false]], [Norge->[kibana_access->true, indices->true, proxy_auth->true]], [::KIBANA-SRV::->[auth_key->false]], [HQ Admins->[groups->false]] } matched block: Norge match: true}

TRISAF commented 7 years ago

Hi @sscarduzio, I see that every request before the "Failed to set indices for type MultiSearchRequest" is validateted by ror with:" matched block: Norge match: true" Is that correct?

TRISAF commented 7 years ago

@sscarduzio i found that: new dashboard , add one graph, test --> RoR works add to the same dsh the same graph , test --> RoR works adding other 4 times the same graph to the same dashbord, test RoR --> fails Here the log for a single request of a dashboard containing one graph six times.

[2017-07-06T19:35:16,902][INFO ][o.e.p.r.a.ACL ] request: { ID:227799532-1142252636, TYP:GetRequest, USR:UID0396181, BRS:false, ACT:indices:data/read/get, OA:127.0.0.1, IDX:.kibana, MET:GET, PTH:/.kibana/config/5.4.0, CNT:<OMITTED, LENGTH=0>, HDR:Connection,Content-Length,Host,x-forwarded-user, HIS:[::LOGSTASH::->[auth_key->false]], [HQ Admins->[groups->false]], [HQ ReadOnly->[groups->false]], [::KIBANA-SRV::->[auth_key->false]], [Norge->[kibana_access->true, indices->true, proxy_auth->true]] } matched block: Norge match: true} [2017-07-06T19:35:19,500][INFO ][o.e.p.r.a.ACL ] request: { ID:1846429920--510635281, TYP:SearchRequest, USR:UID0396181, BRS:false, ACT:indices:data/read/search, OA:127.0.0.1, IDX:.kibana, MET:POST, PTH:/.kibana/index-pattern/_search, CNT:<OMITTED, LENGTH=39>, HDR:Connection,content-length,content-type,Host,x-forwarded-for,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS:[HQ Admins->[groups->false]], [Norge->[kibana_access->true, indices->true, proxy_auth->true]], [::LOGSTASH::->[auth_key->false]], [::KIBANA-SRV::->[auth_key->false]], [HQ ReadOnly->[groups->false]] } matched block: Norge match: true} [2017-07-06T19:35:19,615][INFO ][o.e.p.r.a.ACL ] request: { ID:2022791747-369007352, TYP:GetFieldMappingsRequest, USR:UID0396181, BRS:false, ACT:indices:admin/mappings/fields/get, OA:127.0.0.1, IDX:.kibana, MET:GET, PTH:/.kibana/_mapping//field/_source, CNT:<OMITTED, LENGTH=0>, HDR:Connection,content-length,Host,x-forwarded-for,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS:[::KIBANA-SRV::->[auth_key->false]], [::LOGSTASH::->[auth_key->false]], [HQ Admins->[groups->false]], [HQ ReadOnly->[groups->false]], [Norge->[kibana_access->true, indices->true, proxy_auth->true]] } matched block: Norge match: true} [2017-07-06T19:35:19,616][INFO ][o.e.p.r.a.ACL ] request: { ID:2022791747-1479728108, TYP:GetFieldMappingsIndexRequest, USR:UID0396181, BRS:false, ACT:indices:admin/mappings/fields/get[index], OA:127.0.0.1, IDX:.kibana, MET:GET, PTH:/.kibana/_mapping//field/_source, CNT:<OMITTED, LENGTH=0>, HDR:Connection,content-length,Host,x-forwarded-for,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS:[::LOGSTASH::->[auth_key->false]], [HQ Admins->[groups->false]], [::KIBANA-SRV::->[auth_key->false]], [HQ ReadOnly->[groups->false]], [Norge->[kibana_access->true, indices->true, proxy_auth->true]] } matched block: Norge match: true} [2017-07-06T19:35:19,702][INFO ][o.e.p.r.a.ACL ] request: { ID:1746398366-1307213588, TYP:MultiGetRequest, USR:UID0396181, BRS:false, ACT:indices:data/read/mget, OA:127.0.0.1, IDX:.kibana, MET:POST, PTH:/_mget, CNT:<OMITTED, LENGTH=96>, HDR:Connection,content-length,content-type,Host,x-forwarded-for,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS:[Norge->[kibana_access->true, indices->true, proxy_auth->true]], [::LOGSTASH::->[auth_key->false]], [::KIBANA-SRV::->[auth_key->false]], [HQ Admins->[groups->false]], [HQ ReadOnly->[groups->false]] } matched block: Norge match: true} [2017-07-06T19:35:19,703][INFO ][o.e.p.r.a.ACL ] request: { ID:1746398366-63864456, TYP:MultiGetShardRequest, USR:UID0396181, BRS:false, ACT:indices:data/read/mget[shard], OA:127.0.0.1, IDX:.kibana, MET:POST, PTH:/_mget, CNT:<OMITTED, LENGTH=96>, HDR:Connection,content-length,content-type,Host,x-forwarded-for,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS:[Norge->[kibana_access->true, indices->true, proxy_auth->true]], [HQ ReadOnly->[groups->false]], [HQ Admins->[groups->false]], [::LOGSTASH::->[auth_key->false]], [::KIBANA-SRV::->[auth_key->false]] } matched block: Norge match: true} [2017-07-06T19:35:21,019][INFO ][o.e.p.r.a.ACL ] request: { ID:1465796153-834467464, TYP:MultiGetRequest, USR:UID0396181, BRS:false, ACT:indices:data/read/mget, OA:127.0.0.1, IDX:.kibana, MET:POST, PTH:/_mget, CNT:<OMITTED, LENGTH=550>, HDR:Connection,content-length,content-type,Host,x-forwarded-for,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS:[::KIBANA-SRV::->[auth_key->false]], [HQ ReadOnly->[groups->false]], [Norge->[kibana_access->true, indices->true, proxy_auth->true]], [HQ Admins->[groups->false]], [::LOGSTASH::->[auth_key->false]] } matched block: Norge match: true} [2017-07-06T19:35:21,020][INFO ][o.e.p.r.a.ACL ] request: { ID:1465796153-132469854, TYP:MultiGetShardRequest, USR:UID0396181, BRS:false, ACT:indices:data/read/mget[shard], OA:127.0.0.1, IDX:.kibana, MET:POST, PTH:/_mget, CNT:<OMITTED, LENGTH=550>, HDR:Connection,content-length,content-type,Host,x-forwarded-for,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS:[::KIBANA-SRV::->[auth_key->false]], [HQ ReadOnly->[groups->false]], [Norge->[kibana_access->true, indices->true, proxy_auth->true]], [::LOGSTASH::->[auth_key->false]], [HQ Admins->[groups->false]] } matched block: Norge match: true} [2017-07-06T19:35:21,212][INFO ][o.e.p.r.a.ACL ] request: { ID:755746575-263512876, TYP:MultiGetRequest, USR:UID0396181, BRS:false, ACT:indices:data/read/mget, OA:127.0.0.1, IDX:.kibana, MET:POST, PTH:/_mget, CNT:<OMITTED, LENGTH=508>, HDR:Connection,content-length,content-type,Host,x-forwarded-for,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS:[HQ Admins->[groups->false]], [Norge->[kibana_access->true, indices->true, proxy_auth->true]], [::LOGSTASH::->[auth_key->false]], [::KIBANA-SRV::->[auth_key->false]], [HQ ReadOnly->[groups->false]] } matched block: Norge match: true} [2017-07-06T19:35:21,214][INFO ][o.e.p.r.a.ACL ] request: { ID:755746575-758047665, TYP:MultiGetShardRequest, USR:UID0396181, BRS:false, ACT:indices:data/read/mget[shard], OA:127.0.0.1, IDX:.kibana, MET:POST, PTH:/_mget, CNT:<OMITTED, LENGTH=508>, HDR:Connection,content-length,content-type,Host,x-forwarded-for,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS:[::LOGSTASH::->[auth_key->false]], [::KIBANA-SRV::->[auth_key->false]], [HQ ReadOnly->[groups->false]], [Norge->[kibana_access->true, indices->true, proxy_auth->true]], [HQ Admins->[groups->false]] } matched block: Norge match: true} [2017-07-06T19:35:21,297][INFO ][o.e.p.r.a.ACL ] request: { ID:1714982815-141238369, TYP:MultiGetRequest, USR:UID0396181, BRS:false, ACT:indices:data/read/mget, OA:127.0.0.1, IDX:.kibana, MET:POST, PTH:/_mget, CNT:<OMITTED, LENGTH=82>, HDR:Connection,content-length,content-type,Host,x-forwarded-for,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS:[HQ Admins->[groups->false]], [::LOGSTASH::->[auth_key->false]], [Norge->[kibana_access->true, indices->true, proxy_auth->true]], [HQ ReadOnly->[groups->false]], [::KIBANA-SRV::->[auth_key->false]] } matched block: Norge match: true} [2017-07-06T19:35:21,298][INFO ][o.e.p.r.a.ACL ] request: { ID:1714982815-445266222, TYP:MultiGetShardRequest, USR:UID0396181, BRS:false, ACT:indices:data/read/mget[shard], OA:127.0.0.1, IDX:.kibana, MET:POST, PTH:/_mget, CNT:<OMITTED, LENGTH=82>, HDR:Connection,content-length,content-type,Host,x-forwarded-for,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS:[::KIBANA-SRV::->[auth_key->false]], [HQ Admins->[groups->false]], [Norge->[kibana_access->true, indices->true, proxy_auth->true]], [::LOGSTASH::->[auth_key->false]], [HQ ReadOnly->[groups->false]] } matched block: Norge match: true} [2017-07-06T19:35:21,733][INFO ][o.e.p.r.a.ACL ] request: { ID:990294358-2127398072, TYP:MultiSearchRequest, USR:UID0396181, BRS:false, ACT:indices:data/read/msearch, OA:127.0.0.1, IDX:eni-vuln-ass-all-norge-alias,eni-vuln-ass-all-norge, MET:POST, PTH:/_msearch, CNT:<OMITTED, LENGTH=6390>, HDR:Connection,content-length,content-type,Host,x-forwarded-for,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS:[HQ Admins->[groups->false]], [Norge->[kibana_access->true, indices->true, proxy_auth->true]], [HQ ReadOnly->[groups->false]], [::LOGSTASH::->[auth_key->false]], [::KIBANA-SRV::->[auth_key->false]] } matched block: Norge match: true} [2017-07-06T19:35:21,734][ERROR][o.e.p.r.e.r.RCTransactionalIndices] Failed to set indices for type MultiSearchRequest [2017-07-06T19:35:21,734][INFO ][o.e.p.r.e.r.SubRCTransactionalIndices] committing subrequest indices [2017-07-06T19:35:21,735][INFO ][o.e.p.r.e.r.SubRCTransactionalIndices] committing subrequest indices [2017-07-06T19:35:21,735][INFO ][o.e.p.r.e.r.SubRCTransactionalIndices] committing subrequest indices [2017-07-06T19:35:21,736][INFO ][o.e.p.r.e.r.SubRCTransactionalIndices] committing subrequest indices [2017-07-06T19:35:21,736][INFO ][o.e.p.r.e.r.SubRCTransactionalIndices] committing subrequest indices [2017-07-06T19:35:21,736][INFO ][o.e.p.r.e.r.SubRCTransactionalIndices] committing subrequest indices [2017-07-06T19:35:21,739][INFO ][o.e.p.r.a.ACL ] request: { ID:990294358--273096995, TYP:SearchRequest, USR:UID0396181, BRS:false, ACT:indices:data/read/search, OA:127.0.0.1, IDX:eni-vuln-ass-all-norge-alias,eni-vuln-ass-all-norge, MET:POST, PTH:/_msearch, CNT:<OMITTED, LENGTH=6390>, HDR:Connection,content-length,content-type,Host,x-forwarded-for,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS:[HQ ReadOnly->[groups->false]], [::LOGSTASH::->[auth_key->false]], [::KIBANA-SRV::->[auth_key->false]], [HQ Admins->[groups->false]], [Norge->[kibana_access->true, indices->true, proxy_auth->true]] } matched block: Norge match: true} [2017-07-06T19:35:21,825][INFO ][o.e.p.r.a.ACL ] request: { ID:990294358-1941570999, TYP:SearchRequest, USR:UID0396181, BRS:false, ACT:indices:data/read/search, OA:127.0.0.1, IDX:eni-vuln-ass-all-norge-alias,eni-vuln-ass-all-norge, MET:POST, PTH:/_msearch, CNT:<OMITTED, LENGTH=6390>, HDR:Connection,content-length,content-type,Host,x-forwarded-for,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS:[HQ ReadOnly->[groups->false]], [::LOGSTASH::->[auth_key->false]], [HQ Admins->[groups->false]], [::KIBANA-SRV::->[auth_key->false]], [Norge->[kibana_access->true, indices->true, proxy_auth->true]] } matched block: Norge match: true} [2017-07-06T19:35:21,828][INFO ][o.e.p.r.a.ACL ] request: { ID:990294358-656414575, TYP:SearchRequest, USR:UID0396181, BRS:false, ACT:indices:data/read/search, OA:127.0.0.1, IDX:eni-vuln-ass-all-norge-alias,eni-vuln-ass-all-norge, MET:POST, PTH:/_msearch, CNT:<OMITTED, LENGTH=6390>, HDR:Connection,content-length,content-type,Host,x-forwarded-for,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS:[::LOGSTASH::->[auth_key->false]], [HQ ReadOnly->[groups->false]], [HQ Admins->[groups->false]], [Norge->[kibana_access->true, indices->true, proxy_auth->true]], [::KIBANA-SRV::->[auth_key->false]] } matched block: Norge match: true} [2017-07-06T19:35:21,829][INFO ][o.e.p.r.a.ACL ] request: { ID:990294358-1113090473, TYP:SearchRequest, USR:UID0396181, BRS:false, ACT:indices:data/read/search, OA:127.0.0.1, IDX:eni-vuln-ass-all-norge-alias,eni-vuln-ass-all-norge, MET:POST, PTH:/_msearch, CNT:<OMITTED, LENGTH=6390>, HDR:Connection,content-length,content-type,Host,x-forwarded-for,x-forwarded-port,x-forwarded-proto,x-forwarded-user, HIS:[::LOGSTASH::->[auth_key->false]], [::KIBANA-SRV::->[auth_key->false]], [HQ Admins->[groups->false]], [Norge->[kibana_access->true, indices->true, proxy_auth->true]], [HQ ReadOnly->[groups->false]] } matched block: Norge match: true}

Any suggestion?

sscarduzio commented 7 years ago

Hey @TRISAF and @parosio: good news I found the bug! Will tidy the code up and give you a build first thing tomorrow. Super late now.

TRISAF commented 7 years ago

Hi simon, sorry for the incorrect reply to another thread.. Did you find the "bug" ?

sscarduzio commented 7 years ago

hey, yes I did. You need a build for ES 5.4.0, right? Please try the following:

https://readonlyrest-data.s3-eu-west-1.amazonaws.com/build/1.16.7-pre6/readonlyrest-1.16.7-pre6_es5.4.0.zip?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJEKIPNTOTIVGQ4EQ/20170707/eu-west-1/s3/aws4_request&X-Amz-Date=20170707T095523Z&X-Amz-Expires=86400&X-Amz-SignedHeaders=host&X-Amz-Signature=e3c57b04f9ca777c695f6025c49fafb45b75ddfc5661173feb31e3ebffe3505f

TRISAF commented 7 years ago

how to unistall the actual plugin ?

TRISAF commented 7 years ago

elasticsearch-plugin renome readonlyrest rest DONE

But ... the install says:

pentaho@02srv0090h:~/elk/elasticsearch-5.4.0/bin> ./elasticsearch-plugin install file:///pentaho/elk_sw/readonlyrest-1.16.7-pre6_es5.4.0.zip -> Downloading file:///pentaho/elk_sw/readonlyrest-1.16.7-pre6_es5.4.0.zip [=================================================] 100%   Exception in thread "main" java.lang.IllegalStateException: jar hell! class: com.fasterxml.jackson.core.Base64Variant jar1: /pentaho/elk/elasticsearch-5.4.0/lib/jackson-core-2.8.6.jar jar2: /pentaho/elk/elasticsearch-5.4.0/plugins/.installing-7139301859871032718/jackson-core-2.8.2.jar at org.elasticsearch.bootstrap.JarHell.checkClass(JarHell.java:282) at org.elasticsearch.bootstrap.JarHell.checkJarHell(JarHell.java:192) at org.elasticsearch.plugins.InstallPluginCommand.jarHellCheck(InstallPluginCommand.java:483) at org.elasticsearch.plugins.InstallPluginCommand.verify(InstallPluginCommand.java:452) at org.elasticsearch.plugins.InstallPluginCommand.install(InstallPluginCommand.java:495) at org.elasticsearch.plugins.InstallPluginCommand.execute(InstallPluginCommand.java:215) at org.elasticsearch.plugins.InstallPluginCommand.execute(InstallPluginCommand.java:199) at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:67) at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:122) at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:69) at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:122) at org.elasticsearch.cli.Command.main(Command.java:88) at org.elasticsearch.plugins.PluginCli.main(PluginCli.java:47) pentaho@02srv0090h:~/elk/elasticsearch-5.4.0/bin>

sscarduzio commented 7 years ago

@parosio hold on, the new build system is injecting a jar too much.. Sorry about that!

sscarduzio commented 7 years ago

Here you go, now it installs.

https://readonlyrest-data.s3-eu-west-1.amazonaws.com/build/1.16.7-pre7/readonlyrest-1.16.7-pre7_es5.4.0.zip?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJEKIPNTOTIVGQ4EQ/20170707/eu-west-1/s3/aws4_request&X-Amz-Date=20170707T131834Z&X-Amz-Expires=86400&X-Amz-SignedHeaders=host&X-Amz-Signature=5e302b9d53138e2fb3a38edd79b111a807e57a5b8c51d19be6228dc1f1f0181c

TRISAF commented 7 years ago

Hi @sscarduzio, installed correctly but ...

first restart of elastic : SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder". SLF4J: Defaulting to no-operation (NOP) logger implementation SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.

second restart in not deamon mode: [2017-07-07T15:36:01,477][WARN ][o.e.b.JNANatives ] unable to install syscall filter: java.lang.UnsupportedOperationException: seccomp unavailable: requires kernel 3.5+ with CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER compiled in at org.elasticsearch.bootstrap.SystemCallFilter.linuxImpl(SystemCallFilter.java:350) ~[elasticsearch-5.4.0.jar:5.4.0] at org.elasticsearch.bootstrap.SystemCallFilter.init(SystemCallFilter.java:638) ~[elasticsearch-5.4.0.jar:5.4.0] at org.elasticsearch.bootstrap.JNANatives.tryInstallSystemCallFilter(JNANatives.java:215) [elasticsearch-5.4.0.jar:5.4.0] at org.elasticsearch.bootstrap.Natives.tryInstallSystemCallFilter(Natives.java:99) [elasticsearch-5.4.0.jar:5.4.0] at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:111) [elasticsearch-5.4.0.jar:5.4.0] at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:204) [elasticsearch-5.4.0.jar:5.4.0] at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:360) [elasticsearch-5.4.0.jar:5.4.0] at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:123) [elasticsearch-5.4.0.jar:5.4.0] at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:114) [elasticsearch-5.4.0.jar:5.4.0] at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:67) [elasticsearch-5.4.0.jar:5.4.0] at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:122) [elasticsearch-5.4.0.jar:5.4.0] at org.elasticsearch.cli.Command.main(Command.java:88) [elasticsearch-5.4.0.jar:5.4.0] at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:91) [elasticsearch-5.4.0.jar:5.4.0] at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:84) [elasticsearch-5.4.0.jar:5.4.0] [2017-07-07T15:36:01,674][INFO ][o.e.n.Node ] [] initializing ... [2017-07-07T15:36:01,774][INFO ][o.e.e.NodeEnvironment ] [mCMhoMa] using [1] data paths, mounts [[/pentaho (/dev/vx/dsk/dg01/pentahovol)]], net usable_space [20.2gb], net total_space [30gb], spins? [possibly], types [vxfs] [2017-07-07T15:36:01,774][INFO ][o.e.e.NodeEnvironment ] [mCMhoMa] heap size [1.9gb], compressed ordinary object pointers [true] [2017-07-07T15:36:02,580][INFO ][o.e.n.Node ] node name [mCMhoMa] derived from node ID [mCMhoMaJT7CziGuj0GxZ2g]; set [node.name] to override [2017-07-07T15:36:02,581][INFO ][o.e.n.Node ] version[5.4.0], pid[19404], build[780f8c4/2017-04-28T17:43:27.229Z], OS[Linux/2.6.32.59-0.7-default/amd64], JVM[Oracle Corporation/Java HotSpot(TM) 64-Bit Server VM/1.8.0_121/25.121-b13] [2017-07-07T15:36:03,768][INFO ][o.e.p.PluginsService ] [mCMhoMa] loaded module [aggs-matrix-stats] [2017-07-07T15:36:03,768][INFO ][o.e.p.PluginsService ] [mCMhoMa] loaded module [ingest-common] [2017-07-07T15:36:03,768][INFO ][o.e.p.PluginsService ] [mCMhoMa] loaded module [lang-expression] [2017-07-07T15:36:03,768][INFO ][o.e.p.PluginsService ] [mCMhoMa] loaded module [lang-groovy] [2017-07-07T15:36:03,768][INFO ][o.e.p.PluginsService ] [mCMhoMa] loaded module [lang-mustache] [2017-07-07T15:36:03,768][INFO ][o.e.p.PluginsService ] [mCMhoMa] loaded module [lang-painless] [2017-07-07T15:36:03,768][INFO ][o.e.p.PluginsService ] [mCMhoMa] loaded module [percolator] [2017-07-07T15:36:03,769][INFO ][o.e.p.PluginsService ] [mCMhoMa] loaded module [reindex] [2017-07-07T15:36:03,769][INFO ][o.e.p.PluginsService ] [mCMhoMa] loaded module [transport-netty3] [2017-07-07T15:36:03,769][INFO ][o.e.p.PluginsService ] [mCMhoMa] loaded module [transport-netty4] [2017-07-07T15:36:03,770][INFO ][o.e.p.PluginsService ] [mCMhoMa] loaded plugin [readonlyrest] [2017-07-07T15:36:05,455][DEBUG][o.e.a.ActionModule ] Using REST wrapper from plugin org.elasticsearch.plugin.readonlyrest.es.ReadonlyRestPlugin [2017-07-07T15:36:05,542][INFO ][o.e.d.DiscoveryModule ] [mCMhoMa] using discovery type [zen] SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder". SLF4J: Defaulting to no-operation (NOP) logger implementation SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details. [2017-07-07T15:36:06,764][INFO ][o.e.p.r.a.ACL ] ADDING BLOCK #::LOGSTASH::: { name: '::LOGSTASH::', policy: ALLOW} [2017-07-07T15:36:06,765][INFO ][o.e.p.r.a.ACL ] ADDING BLOCK #::KIBANA-SRV::: { name: '::KIBANA-SRV::', policy: ALLOW} [2017-07-07T15:36:06,765][INFO ][o.e.p.r.a.ACL ] ADDING BLOCK #HQ Admins: { name: 'HQ Admins', policy: ALLOW} [2017-07-07T15:36:06,766][INFO ][o.e.p.r.a.ACL ] ADDING BLOCK #HQ ReadOnly: { name: 'HQ ReadOnly', policy: ALLOW} [2017-07-07T15:36:06,777][INFO ][o.e.p.r.a.ACL ] ADDING BLOCK #Norge: { name: 'Norge', policy: ALLOW} [2017-07-07T15:36:06,777][INFO ][o.e.p.r.a.ACL ] ADDING BLOCK #China: { name: 'China', policy: ALLOW} [2017-07-07T15:36:06,778][INFO ][o.e.p.r.a.ACL ] ADDING BLOCK #Perin: { name: 'Perin', policy: ALLOW} [2017-07-07T15:36:06,778][INFO ][o.e.p.r.a.ACL ] ADDING BLOCK #Perin2: { name: 'Perin2', policy: FORBID} [2017-07-07T15:36:06,778][INFO ][o.e.p.r.e.IndexLevelActionFilter] Configuration reloaded - ReadonlyREST enabled [2017-07-07T15:36:06,792][INFO ][o.e.p.r.e.IndexLevelActionFilter] Readonly REST plugin was loaded... [2017-07-07T15:36:06,997][INFO ][o.e.p.r.e.IndexLevelActionFilter] [CLUSTERWIDE SETTINGS] index settings not found, have you installed ReadonlyREST Kibana plugin? Will keep on using elasticearch.yml. Learn more at https://readonlyrest.com [2017-07-07T15:36:08,150][INFO ][o.e.n.Node ] initialized [2017-07-07T15:36:08,151][INFO ][o.e.n.Node ] [mCMhoMa] starting ... [2017-07-07T15:36:08,337][INFO ][o.e.t.TransportService ] [mCMhoMa] publish_address {127.0.0.1:9300}, bound_addresses {127.0.0.1:9300}, {127.0.0.2:9300} [2017-07-07T15:36:08,346][WARN ][o.e.b.BootstrapChecks ] [mCMhoMa] system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk [2017-07-07T15:36:11,434][INFO ][o.e.c.s.ClusterService ] [mCMhoMa] new_master {mCMhoMa}{mCMhoMaJT7CziGuj0GxZ2g}{q56Vi4miRF67ivygRjnP2A}{127.0.0.1}{127.0.0.1:9300}, reason: zen-disco-elected-as-master ([0] nodes joined) [2017-07-07T15:36:11,597][INFO ][o.e.h.n.Netty4HttpServerTransport] [mCMhoMa] publish_address {127.0.0.1:9200}, bound_addresses {127.0.0.1:9200}, {127.0.0.2:9200} [2017-07-07T15:36:11,599][INFO ][o.e.n.Node ] [mCMhoMa] started [2017-07-07T15:36:14,511][INFO ][o.e.g.GatewayService ] [mCMhoMa] recovered [122] indices into cluster_state [2017-07-07T15:36:34,182][INFO ][o.e.c.r.a.AllocationService] [mCMhoMa] Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[logstash-ib-blue-coat-2016][3], [logstash-ib-blue-coat-2016][0], [.kibana][0]] ...]). [2017-07-07T15:42:47,404][WARN ][r.suppressed ] path: /_search/template, params: {} org.elasticsearch.ElasticsearchException: request body is required at org.elasticsearch.script.mustache.RestSearchTemplateAction.prepareRequest(RestSearchTemplateAction.java:95) ~[?:?] at org.elasticsearch.rest.BaseRestHandler.handleRequest(BaseRestHandler.java:64) ~[elasticsearch-5.4.0.jar:5.4.0] at org.elasticsearch.plugin.readonlyrest.es.ReadonlyRestPlugin.lambda$null$3(ReadonlyRestPlugin.java:133) ~[?:?] at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:260) ~[elasticsearch-5.4.0.jar:5.4.0] at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:199) [elasticsearch-5.4.0.jar:5.4.0] at org.elasticsearch.http.netty4.Netty4HttpServerTransport.dispatchRequest(Netty4HttpServerTransport.java:504) [transport-netty4-5.4.0.jar:5.4.0] at org.elasticsearch.http.netty4.Netty4HttpRequestHandler.channelRead0(Netty4HttpRequestHandler.java:72) [transport-netty4-5.4.0.jar:5.4.0] at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:105) [netty-transport-4.1.9.Final.jar:4.1.9.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.9.Final.jar:4.1.9.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.9.Final.jar:4.1.9.Final] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-transport-4.1.9.Final.jar:4.1.9.Final] at org.elasticsearch.http.netty4.pipelining.HttpPipeliningHandler.channelRead(HttpPipeliningHandler.java:63) [transport-netty4-5.4.0.jar:5.4.0] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.9.Final.jar:4.1.9.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.9.Final.jar:4.1.9.Final] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-transport-4.1.9.Final.jar:4.1.9.Final] at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:102) [netty-codec-4.1.9.Final.jar:4.1.9.Final] at io.netty.handler.codec.MessageToMessageCodec.channelRead(MessageToMessageCodec.java:111) [netty-codec-4.1.9.Final.jar:4.1.9.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.9.Final.jar:4.1.9.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.9.Final.jar:4.1.9.Final] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-transport-4.1.9.Final.jar:4.1.9.Final] at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:102) [netty-codec-4.1.9.Final.jar:4.1.9.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.9.Final.jar:4.1.9.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.9.Final.jar:4.1.9.Final] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-transport-4.1.9.Final.jar:4.1.9.Final] at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:102) [netty-codec-4.1.9.Final.jar:4.1.9.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.9.Final.jar:4.1.9.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.9.Final.jar:4.1.9.Final] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-transport-4.1.9.Final.jar:4.1.9.Final] at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:293) [netty-codec-4.1.9.Final.jar:4.1.9.Final] at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:267) [netty-codec-4.1.9.Final.jar:4.1.9.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.9.Final.jar:4.1.9.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.9.Final.jar:4.1.9.Final] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-transport-4.1.9.Final.jar:4.1.9.Final] at io.netty.channel.ChannelInboundHandlerAdapter.channelRead(ChannelInboundHandlerAdapter.java:86) [netty-transport-4.1.9.Final.jar:4.1.9.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.9.Final.jar:4.1.9.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.9.Final.jar:4.1.9.Final] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-transport-4.1.9.Final.jar:4.1.9.Final] at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334) [netty-transport-4.1.9.Final.jar:4.1.9.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.9.Final.jar:4.1.9.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.9.Final.jar:4.1.9.Final] at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926) [netty-transport-4.1.9.Final.jar:4.1.9.Final] at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:134) [netty-transport-4.1.9.Final.jar:4.1.9.Final] at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:624) [netty-transport-4.1.9.Final.jar:4.1.9.Final] at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:524) [netty-transport-4.1.9.Final.jar:4.1.9.Final] at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:478) [netty-transport-4.1.9.Final.jar:4.1.9.Final] at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:438) [netty-transport-4.1.9.Final.jar:4.1.9.Final] at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858) [netty-common-4.1.9.Final.jar:4.1.9.Final] at java.lang.Thread.run(Thread.java:745) [?:1.8.0_121]

sscarduzio commented 7 years ago

SECCOMP is just a warning (https://discuss.elastic.co/t/java-lang-unsupportedoperationexception-on-starting-elasticsearch/64548)

[2017-07-07T15:42:47,404][WARN ][r.suppressed ] path: /_search/template, params: {} org.elasticsearch.ElasticsearchException: request body is required

This looks an input validation failure (bad request, can't parse)

TRISAF commented 7 years ago

NO SImon, i have disabled your last version of plugin. it doesn't work. Did you have tried it? Can you run your elk stack 5.4.0 with tjhis plugin?

sscarduzio commented 7 years ago

will do right now

sscarduzio commented 7 years ago

discovered another bug in the new code, working on it

TRISAF commented 7 years ago

Great Simon

sscarduzio commented 7 years ago

So the issue was that jackson-databind jar was required AT RUNTIME. And the integration tests are breaking (JVM crash) so it didn't catch it.

https://readonlyrest-data.s3-eu-west-1.amazonaws.com/build/1.16.7-pre8/readonlyrest-1.16.7-pre8_es5.4.0.zip?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJEKIPNTOTIVGQ4EQ/20170707/eu-west-1/s3/aws4_request&X-Amz-Date=20170707T162356Z&X-Amz-Expires=86400&X-Amz-SignedHeaders=host&X-Amz-Signature=36db8a855fa195265157d8056325a7c3c813c3f5c661419cf40a7d7a6c86f8ac

TRISAF commented 7 years ago

Hi @sscarduzio , installed and it works! great Simone !!

we will more accurate tests next week

many thanks

Filippo and Paolo

parosio commented 7 years ago

Thank you Simone, all our tests are green.