- Install Shield plugin for elasticsearch https://www.elastic.co/guide/en/shield/current/getting-started.html
- Follow https://www.elastic.co/guide/en/shield/current/kibana.html to install the Shield plugin for Kibi
- SSL in points (4) and (5) are not the same
- Kibana does not support SSL with a passphrase
- Create server.{key,crt} using http://blog.justin.kelly.org.au/how-to-create-a-self-sign-ssl-cert-with-no-pa/
- Edit
config/kibi.dev.yml
:
The server.key
and server.crt
files were generated above.
elasticsearch.username: "kibana4-server"
elasticsearch.password: "grishka"
shield.encryptionKey: "stinky grishka"
server.ssl.key: /path/to/server.key
server.ssl.cert: /path/to/server.crt
- Edit
config/shield/roles.yml
. I added some authorization for various actions performed in Kibi (listing plugins, getting stats, ...); these are shown with<?>
at the end of a line.
# The required permissions for kibana 4 users.
kibana4:
cluster:
- cluster:monitor/nodes/info
- cluster:monitor/health
indices:
'*':
privileges: indices:admin/mappings/fields/get, indices:admin/validate/query, indices:data/read/search, indices:data/read/msearch, indices:data/read/field_stats, indices:admin/get, indices:data/read/coordinate-search, indices:data/read/coordinate-msearch <1>
'.kibi':
privileges: indices:admin/exists, indices:admin/mapping/put, indices:admin/mappings/fields/get, indices:admin/refresh, indices:admin/validate/query, indices:data/read/get, indices:data/read/mget, indices:data/read/search, indices:data/write/delete, indices:data/write/index, indices:data/write/update
# The required permissions for the kibana 4 server
kibana4_server:
cluster:
- cluster:monitor/nodes/info
- cluster:monitor/health
- cluster:monitor/state <2>
- cluster:monitor/nodes/stats <3>
indices:
'*':
privileges: indices:monitor/stats <4>
'.kibi':
privileges: indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/mappings/fields/get, indices:admin/refresh, indices:admin/validate/query, indices:data/read/get, indices:data/read/mget, indices:data/read/search, indices:data/write/delete, indices:data/write/index, indices:data/write/update