Skip to content

Instantly share code, notes, and snippets.

@scampi

scampi/Shield-and-Kibi.md

Last active April 1, 2016 13:21
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save scampi/bc25ffb40843fe6cf66b to your computer and use it in GitHub Desktop.
Save scampi/bc25ffb40843fe6cf66b to your computer and use it in GitHub Desktop.
Download ZIP
Kibi bits and pieces
Raw
Shield-and-Kibi.md

Steps

Config

Kibi

  • Edit config/kibi.dev.yml:

The server.key and server.crt files were generated above.

elasticsearch.username: "kibana4-server"
elasticsearch.password: "grishka"
shield.encryptionKey: "stinky grishka"
server.ssl.key: /path/to/server.key
server.ssl.cert: /path/to/server.crt

Elasticsearch

  • Edit config/shield/roles.yml. I added some authorization for various actions performed in Kibi (listing plugins, getting stats, ...); these are shown with <?> at the end of a line.
# The required permissions for kibana 4 users.
kibana4:
  cluster: 
      - cluster:monitor/nodes/info
      - cluster:monitor/health 
  indices:
    '*':
      privileges: indices:admin/mappings/fields/get, indices:admin/validate/query, indices:data/read/search, indices:data/read/msearch, indices:data/read/field_stats, indices:admin/get, indices:data/read/coordinate-search, indices:data/read/coordinate-msearch <1>
    '.kibi':
      privileges: indices:admin/exists, indices:admin/mapping/put, indices:admin/mappings/fields/get, indices:admin/refresh, indices:admin/validate/query, indices:data/read/get, indices:data/read/mget, indices:data/read/search, indices:data/write/delete, indices:data/write/index, indices:data/write/update

# The required permissions for the kibana 4 server
kibana4_server:
  cluster:
      - cluster:monitor/nodes/info
      - cluster:monitor/health
      - cluster:monitor/state <2>
      - cluster:monitor/nodes/stats <3>
  indices:
    '*': 
      privileges: indices:monitor/stats <4>
    '.kibi':
      privileges: indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/mappings/fields/get, indices:admin/refresh, indices:admin/validate/query, indices:data/read/get, indices:data/read/mget, indices:data/read/search, indices:data/write/delete, indices:data/write/index, indices:data/write/update
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment