From 2b8133ee48a1e89bc6307cf61b04379e75226880 Mon Sep 17 00:00:00 2001 From: Dawid Poliszak Date: Fri, 9 Jan 2026 08:37:47 +0100 Subject: [PATCH 1/8] adjust config --- .../conf/es/readonlyrest.yml | 11 ++++++++++- .../conf/kbn/free-ror-newplatform-kibana.yml | 4 ++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/examples/ror-with-kibana-reverse-proxy-demo/conf/es/readonlyrest.yml b/examples/ror-with-kibana-reverse-proxy-demo/conf/es/readonlyrest.yml index f52599b..a008d77 100644 --- a/examples/ror-with-kibana-reverse-proxy-demo/conf/es/readonlyrest.yml +++ b/examples/ror-with-kibana-reverse-proxy-demo/conf/es/readonlyrest.yml @@ -10,7 +10,16 @@ readonlyrest: type: allow auth_key: kibana:kibana verbosity: error - + - name: USER_DEFAULT + auth_key: user2:dev + verbosity: error + indices: [".kibana*",".reporting-*", ".ds-.kibana-*", ".kibana-reporting-*", "xxx-*", "kibana_sample_data_*"] + # uri_re: [ "^/_(?:alias|nodes|cat|cluster|ml|ilm|license|mapping|settings|sql|analyze|autoscaling|ccr|component_template|dangling|data_stream|flush| + # enrich|eql|ilm|ingest|index_template|migration|mtermvectors|processor|recovery|refresh|rank_eval|remote|rollup|script_context|script_language|scripts|se + # arch_shards|searcheable_snapshots|security|segments|shard_stores|slm|snapshot|ssl|stats|tasks|template|transform|validate|watcher|xpack)" ] + kibana: + access: rw + index: ".kibana-xxx" - name: "Admins" groups: [Administrators] kibana: diff --git a/examples/ror-with-kibana-reverse-proxy-demo/conf/kbn/free-ror-newplatform-kibana.yml b/examples/ror-with-kibana-reverse-proxy-demo/conf/kbn/free-ror-newplatform-kibana.yml index b594eb7..8707e71 100644 --- a/examples/ror-with-kibana-reverse-proxy-demo/conf/kbn/free-ror-newplatform-kibana.yml +++ b/examples/ror-with-kibana-reverse-proxy-demo/conf/kbn/free-ror-newplatform-kibana.yml @@ -15,5 +15,9 @@ server.ssl.certificate: /usr/share/kibana/config/kibana.crt server.ssl.key: /usr/share/kibana/config/kibana.key server.ssl.redirectHttpFromPort: 80 +xpack.reporting.encryptionKey: "19+230i1902i310293213i109312i31209302193219039120i3j23h31h3h213h123!" +xpack.encryptedSavedObjects.encryptionKey: "39+230i1902i310293213i109312i31209302193219039120i3j23h31h3h213h123!" +kibana.index: .kibana-xxx + readonlyrest_kbn.logLevel: info readonlyrest_kbn.cookiePass: '12312313123213123213123abcdefghijklm' From d8c6c68abf68375e46d3ee829a1955b491b70ad6 Mon Sep 17 00:00:00 2001 From: coutoPL Date: Thu, 15 Jan 2026 23:35:06 +0100 Subject: [PATCH 2/8] wip --- ror-demo-cluster/conf/es/readonlyrest.yml | 58 ++------------- .../enterprise-ror-newplatform-kibana.yml | 0 .../kbn-01/free-ror-newplatform-kibana.yml | 20 +++++ .../conf/{kbn => kbn-01}/kibana.crt | 0 .../conf/{kbn => kbn-01}/kibana.key | 0 .../pro-ror-newplatform-kibana.yml | 0 .../ror-oldplatform-kibana.yml | 0 .../enterprise-ror-newplatform-kibana.yml | 64 ++++++++++++++++ .../kbn-02/free-ror-newplatform-kibana.yml | 20 +++++ ror-demo-cluster/conf/kbn-02/kibana.crt | 21 ++++++ ror-demo-cluster/conf/kbn-02/kibana.key | 28 +++++++ .../pro-ror-newplatform-kibana.yml} | 0 .../conf/kbn-02/ror-oldplatform-kibana.yml | 15 ++++ ror-demo-cluster/docker-compose.yml | 66 +++++++++-------- .../Dockerfile-use-ror-binaries-from-api | 22 ++++++ .../Dockerfile-use-ror-binaries-from-file | 23 ++++++ .../install-ror-kbn-using-api.sh | 0 .../install-ror-kbn-using-file.sh | 0 .../Dockerfile-use-ror-binaries-from-api | 22 ++++++ .../Dockerfile-use-ror-binaries-from-file | 23 ++++++ .../kbn-02/install-ror-kbn-using-api.sh | 74 +++++++++++++++++++ .../kbn-02/install-ror-kbn-using-file.sh | 59 +++++++++++++++ .../kbn/Dockerfile-use-ror-binaries-from-api | 22 ------ .../kbn/Dockerfile-use-ror-binaries-from-file | 23 ------ shared/init-scripts/export-ror-user1.ndjson | 3 + shared/init-scripts/export-ror-user2.ndjson | 3 + shared/init-scripts/report-init.sh | 36 +++++++++ 27 files changed, 477 insertions(+), 125 deletions(-) rename ror-demo-cluster/conf/{kbn => kbn-01}/enterprise-ror-newplatform-kibana.yml (100%) create mode 100644 ror-demo-cluster/conf/kbn-01/free-ror-newplatform-kibana.yml rename ror-demo-cluster/conf/{kbn => kbn-01}/kibana.crt (100%) rename ror-demo-cluster/conf/{kbn => kbn-01}/kibana.key (100%) rename ror-demo-cluster/conf/{kbn => kbn-01}/pro-ror-newplatform-kibana.yml (100%) rename ror-demo-cluster/conf/{kbn => kbn-01}/ror-oldplatform-kibana.yml (100%) create mode 100644 ror-demo-cluster/conf/kbn-02/enterprise-ror-newplatform-kibana.yml create mode 100644 ror-demo-cluster/conf/kbn-02/free-ror-newplatform-kibana.yml create mode 100644 ror-demo-cluster/conf/kbn-02/kibana.crt create mode 100644 ror-demo-cluster/conf/kbn-02/kibana.key rename ror-demo-cluster/conf/{kbn/free-ror-newplatform-kibana.yml => kbn-02/pro-ror-newplatform-kibana.yml} (100%) create mode 100644 ror-demo-cluster/conf/kbn-02/ror-oldplatform-kibana.yml create mode 100644 ror-demo-cluster/images/kbn-01/Dockerfile-use-ror-binaries-from-api create mode 100644 ror-demo-cluster/images/kbn-01/Dockerfile-use-ror-binaries-from-file rename ror-demo-cluster/images/{kbn => kbn-01}/install-ror-kbn-using-api.sh (100%) rename ror-demo-cluster/images/{kbn => kbn-01}/install-ror-kbn-using-file.sh (100%) create mode 100644 ror-demo-cluster/images/kbn-02/Dockerfile-use-ror-binaries-from-api create mode 100644 ror-demo-cluster/images/kbn-02/Dockerfile-use-ror-binaries-from-file create mode 100755 ror-demo-cluster/images/kbn-02/install-ror-kbn-using-api.sh create mode 100755 ror-demo-cluster/images/kbn-02/install-ror-kbn-using-file.sh delete mode 100644 ror-demo-cluster/images/kbn/Dockerfile-use-ror-binaries-from-api delete mode 100644 ror-demo-cluster/images/kbn/Dockerfile-use-ror-binaries-from-file create mode 100644 shared/init-scripts/export-ror-user1.ndjson create mode 100644 shared/init-scripts/export-ror-user2.ndjson create mode 100755 shared/init-scripts/report-init.sh diff --git a/ror-demo-cluster/conf/es/readonlyrest.yml b/ror-demo-cluster/conf/es/readonlyrest.yml index f52599b..095e63f 100644 --- a/ror-demo-cluster/conf/es/readonlyrest.yml +++ b/ror-demo-cluster/conf/es/readonlyrest.yml @@ -12,64 +12,20 @@ readonlyrest: verbosity: error - name: "Admins" - groups: [Administrators] + auth_key: admin:admin kibana: access: admin - name: "End users" - groups: ["EndUsers"] - indices: ["frontend_logs", "kibana_sample_data_*"] + auth_key: user1:test + indices: ["example", "frontend_logs", "kibana_sample_data_*", ".kibana-01"] kibana: - index: .kibana_end_@{user} access: rw - hide_apps: ["Security", "Observability"] + index: ".kibana-01" - name: "Business users" - groups: ["BusinessUsers"] - indices: ["business_logs", "kibana_sample_data_*"] + auth_key: user2:test + indices: ["example", "business_logs", "kibana_sample_data_*", ".kibana-02"] kibana: - index: .kibana_business_@{user} access: rw - hide_apps: ["Security", "Observability"] - - users: - - username: admin - auth_key: admin:admin - groups: - - id: "Administrators" - name: "Administrators" - - id: "EndUsers" - name: "End Users" - - id: "BusinessUsers" - name: "Business Users" - - - username: user1 - auth_key: user1:test - groups: - - id: "EndUsers" - name: "End Users" - - id: "BusinessUsers" - name: "Business Users" - - - username: user2 - auth_key: user2:test - groups: - - id: "EndUsers" - name: "End Users" - - - username: "*" - ror_kbn_auth: - name: "kbn1" - groups: ["*"] - groups: - - local_group: - id: "EndUsers" - name: "End Users" - external_group_ids: [ "extEndUsers" ] - - local_group: - id: "BusinessUsers" - name: "Business Users" - external_group_ids: [ "extBusinessUsers" ] - ror_kbn: - - name: kbn1 - signature_key: "9yzBfnLaTYLfGPzyKW9es76RKYhUVgmuv6ZtehaScj5msGpBpa5FWpwk295uJYaaffTFnQC5tsknh2AguVDaTrqCLfM5zCTqdE4UGNL73h28Bg4dPrvTAFQyygQqv4xfgnevBED6VZYdfjXAQLc8J8ywaHQQSmprZqYCWGE6sM3vzNUEWWB3kmGrEKa4sGbXhmXZCvL6NDnEJhXPDJAzu9BMQxn8CzVLqrx6BxDgPYF8gZCxtyxMckXwCaYXrxAGbjkYH69F4wYhuAdHSWgRAQCuWwYmWCA6g39j4VPge5pv962XYvxwJpvn23Y5KvNZ5S5c6crdG4f4gTCXnU36x92fKMQzsQV9K4phcuNvMWkpqVB6xMA5aPzUeHcGytD93dG8D52P5BxsgaJJE6QqDrk3Y2vyLw9ZEbJhPRJxbuBKVCBtVx26Ldd46dq5eyyzmNEyQGLrjQ4qd978VtG8TNT5rkn4ETJQEju5HfCBbjm3urGLFVqxhGVawecT4YM9Rry4EqXWkRJGTFQWQRnweUFbKNbVTC9NxcXEp6K5rSPEy9trb5UYLYhhMJ9fWSBMuenGRjNSJxeurMRCaxPpNppBLFnp8qW5ezfHgCBpEjkSNNzP4uXMZFAXmdUfJ8XQdPTWuYfdHYc5TZWnzrdq9wcfFQRDpDB2zX5Myu96krDt9vA7wNKfYwkSczA6qUQV66jA8nV4Cs38cDAKVBXnxz22ddAVrPv8ajpu7hgBtULMURjvLt94Nc5FDKw79CTTQxffWEj9BJCDCpQnTufmT8xenywwVJvtj49yv2MP2mGECrVDRmcGUAYBKR8G6ZnFAYDVC9UhY46FGWDcyVX3HKwgtHeb45Ww7dsW8JdMnZYctaEU585GZmqTJp2LcAWRcQPH25JewnPX8pjzVpJNcy7avfA2bcU86bfASvQBDUCrhjgRmK2ECR6vzPwTsYKRgFrDqb62FeMdrKgJ9vKs435T5ACN7MNtdRXHQ4fj5pNpUMDW26Wd7tt9bkBTqEGf" + index: ".kibana-02" diff --git a/ror-demo-cluster/conf/kbn/enterprise-ror-newplatform-kibana.yml b/ror-demo-cluster/conf/kbn-01/enterprise-ror-newplatform-kibana.yml similarity index 100% rename from ror-demo-cluster/conf/kbn/enterprise-ror-newplatform-kibana.yml rename to ror-demo-cluster/conf/kbn-01/enterprise-ror-newplatform-kibana.yml diff --git a/ror-demo-cluster/conf/kbn-01/free-ror-newplatform-kibana.yml b/ror-demo-cluster/conf/kbn-01/free-ror-newplatform-kibana.yml new file mode 100644 index 0000000..9391462 --- /dev/null +++ b/ror-demo-cluster/conf/kbn-01/free-ror-newplatform-kibana.yml @@ -0,0 +1,20 @@ +server.host: 0.0.0.0 + +elasticsearch.username: kibana +elasticsearch.password: kibana +elasticsearch.ssl.verificationMode: none + +# generated with: +# $ openssl req -x509 -batch -nodes -days 3650 -newkey rsa:2048 -keyout kibana.key -out kibana.crt +server.ssl.enabled: true +server.ssl.certificate: /usr/share/kibana/config/kibana.crt +server.ssl.key: /usr/share/kibana/config/kibana.key +server.ssl.redirectHttpFromPort: 80 + +readonlyrest_kbn.logLevel: info +readonlyrest_kbn.cookiePass: '12312313123213123213123abcdefghijklm' + +xpack.reporting.encryptionKey: "12312313123213123213123abcdefghijklm11" +xpack.encryptedSavedObjects.encryptionKey: "12312313123213123213123abcdefghijklm11" + +kibana.index: ".kibana-01" \ No newline at end of file diff --git a/ror-demo-cluster/conf/kbn/kibana.crt b/ror-demo-cluster/conf/kbn-01/kibana.crt similarity index 100% rename from ror-demo-cluster/conf/kbn/kibana.crt rename to ror-demo-cluster/conf/kbn-01/kibana.crt diff --git a/ror-demo-cluster/conf/kbn/kibana.key b/ror-demo-cluster/conf/kbn-01/kibana.key similarity index 100% rename from ror-demo-cluster/conf/kbn/kibana.key rename to ror-demo-cluster/conf/kbn-01/kibana.key diff --git a/ror-demo-cluster/conf/kbn/pro-ror-newplatform-kibana.yml b/ror-demo-cluster/conf/kbn-01/pro-ror-newplatform-kibana.yml similarity index 100% rename from ror-demo-cluster/conf/kbn/pro-ror-newplatform-kibana.yml rename to ror-demo-cluster/conf/kbn-01/pro-ror-newplatform-kibana.yml diff --git a/ror-demo-cluster/conf/kbn/ror-oldplatform-kibana.yml b/ror-demo-cluster/conf/kbn-01/ror-oldplatform-kibana.yml similarity index 100% rename from ror-demo-cluster/conf/kbn/ror-oldplatform-kibana.yml rename to ror-demo-cluster/conf/kbn-01/ror-oldplatform-kibana.yml diff --git a/ror-demo-cluster/conf/kbn-02/enterprise-ror-newplatform-kibana.yml b/ror-demo-cluster/conf/kbn-02/enterprise-ror-newplatform-kibana.yml new file mode 100644 index 0000000..ff5adc3 --- /dev/null +++ b/ror-demo-cluster/conf/kbn-02/enterprise-ror-newplatform-kibana.yml @@ -0,0 +1,64 @@ +server.name: kibana-ror +server.host: 0.0.0.0 + +elasticsearch.username: kibana +elasticsearch.password: kibana +elasticsearch.ssl.verificationMode: none + +# generated with: +# $ openssl req -x509 -batch -nodes -days 3650 -newkey rsa:2048 -keyout kibana.key -out kibana.crt +server.ssl.enabled: true +server.ssl.certificate: /usr/share/kibana/config/kibana.crt +server.ssl.key: /usr/share/kibana/config/kibana.key +server.ssl.redirectHttpFromPort: 80 + +readonlyrest_kbn.logLevel: info +readonlyrest_kbn.cookiePass: '12312313123213123213123abcdefghijklm' +readonlyrest_kbn: + auth: + signature_key: "9yzBfnLaTYLfGPzyKW9es76RKYhUVgmuv6ZtehaScj5msGpBpa5FWpwk295uJYaaffTFnQC5tsknh2AguVDaTrqCLfM5zCTqdE4UGNL73h28Bg4dPrvTAFQyygQqv4xfgnevBED6VZYdfjXAQLc8J8ywaHQQSmprZqYCWGE6sM3vzNUEWWB3kmGrEKa4sGbXhmXZCvL6NDnEJhXPDJAzu9BMQxn8CzVLqrx6BxDgPYF8gZCxtyxMckXwCaYXrxAGbjkYH69F4wYhuAdHSWgRAQCuWwYmWCA6g39j4VPge5pv962XYvxwJpvn23Y5KvNZ5S5c6crdG4f4gTCXnU36x92fKMQzsQV9K4phcuNvMWkpqVB6xMA5aPzUeHcGytD93dG8D52P5BxsgaJJE6QqDrk3Y2vyLw9ZEbJhPRJxbuBKVCBtVx26Ldd46dq5eyyzmNEyQGLrjQ4qd978VtG8TNT5rkn4ETJQEju5HfCBbjm3urGLFVqxhGVawecT4YM9Rry4EqXWkRJGTFQWQRnweUFbKNbVTC9NxcXEp6K5rSPEy9trb5UYLYhhMJ9fWSBMuenGRjNSJxeurMRCaxPpNppBLFnp8qW5ezfHgCBpEjkSNNzP4uXMZFAXmdUfJ8XQdPTWuYfdHYc5TZWnzrdq9wcfFQRDpDB2zX5Myu96krDt9vA7wNKfYwkSczA6qUQV66jA8nV4Cs38cDAKVBXnxz22ddAVrPv8ajpu7hgBtULMURjvLt94Nc5FDKw79CTTQxffWEj9BJCDCpQnTufmT8xenywwVJvtj49yv2MP2mGECrVDRmcGUAYBKR8G6ZnFAYDVC9UhY46FGWDcyVX3HKwgtHeb45Ww7dsW8JdMnZYctaEU585GZmqTJp2LcAWRcQPH25JewnPX8pjzVpJNcy7avfA2bcU86bfASvQBDUCrhjgRmK2ECR6vzPwTsYKRgFrDqb62FeMdrKgJ9vKs435T5ACN7MNtdRXHQ4fj5pNpUMDW26Wd7tt9bkBTqEGf" + saml_keycloak: + buttonName: 'Keycloak SAML' + enabled: true + type: 'saml' + issuer: 'ror-saml' + entryPoint: 'http://kc.localhost:8080/realms/ror/protocol/saml' + kibanaExternalHost: 'localhost:15601' + protocol: 'https' + usernameParameter: 'nameID' + groupsParameter: 'Role' + logoutUrl: 'http://kc.localhost:8080/realms/ror/protocol/saml' + YOU_SHOULD_READ_ME_IN_STRATEGY_CONFIGURATION_LOG: 'unknown conf params should be passed unmodified to the underlying passport-saml library' + cert: 'MIICrDCCAZQCCQDN5Tcc+Rn6rTANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1rZXljbG9hay1zYW1sMB4XDTI1MTExMDA0MjQyOFoXDTM1MTEwODA0MjQyOFowGDEWMBQGA1UEAwwNa2V5Y2xvYWstc2FtbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJv0EFcTjNkpn5kV/XedCJ/AQKsPafZ7u33u3zfYgZbTh0V+CJ4bUAZyTfvGrcxR/iZy3hkYQBL7DGM6c/fYJGq1IH+/jxAk/GBY9tVnxotRsyhIMJYtZCb+DBUVX+wLowv2kZPlf/6OibjVpy+I6klQxIU8aeMkd+M/Phl97l+pRUjTuQZvEaEtkVLcsG6gEUcNo2X0MpNFwT7UgpGZLGy8zSHGNu703tb8w0oCYTEj42WqLWYNm5NMqD/clbPRj8g+1qZHpSoIH+p/cqVfU+oAZd3R2Y8SGR2OhYwyu9wHRnuqgiEgCIYbzwyh3IzX+57R8MQxHnjBFnzJKFtBWHMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAUGrj7hEEHJvm58RYTjqhcJ38MVkgEmAnGovObxvS9Xi6ZBct4irWdpyESowRJtY4nxFGs0uiArOpQDkteSeDzJs/IkSg3xTx3UwOpevf8IV5gU8Bwq68Fyh9An8NvczE5XhLZD1Tacphlz5OzoXthMsS1pcCumr5ZELwMtvLYAWkEV/cKmlis4JuMEZXc5v9KVybsmHv1hgM+fxg1neuWrPK1JebuVm4oaHUHYKCxqn9MXjnDvOq6MkYtKBfcYf6BKk29lapYuHNiRTi0hMPD1tWVaZg3H1/uMxlLXDxAZqkS4DNq/7MeIMUWemOqxQHZAi4rtplrVl/F3WES6pqWw==' + oidc_keycloak: + buttonName: "Keycloak OIDC" + type: "oidc" + protocol: "https" + issuer: 'http://kc.localhost:8080/realms/ror' + authorizationURL: 'http://kc.localhost:8080/realms/ror/protocol/openid-connect/auth' + tokenURL: 'http://kc.localhost:8080/realms/ror/protocol/openid-connect/token' + userInfoURL: 'http://kc.localhost:8080/realms/ror/protocol/openid-connect/userinfo' + jwksURL: 'http://kc.localhost:8080/realms/ror/protocol/openid-connect/certs' + clientID: 'ror-oidc' + clientSecret: 'kibanasecret123' + scope: 'openid profile email' + usernameParameter: 'preferred_username' + groupsParameter: 'groups' + kibanaExternalHost: 'localhost:15601' + logoutUrl: 'http://kc.localhost:8080/realms/ror/protocol/openid-connect/logout' + oidc_lemon_ldap: + buttonName: "LemonLDAP OpenID" + type: "oidc" + protocol: "https" + issuer: 'https://oidctest.wsweet.org/' + authorizationURL: 'https://oidctest.wsweet.org/oauth2/authorize' + tokenURL: 'https://oidctest.wsweet.org/oauth2/token' + userInfoURL: 'https://oidctest.wsweet.org/oauth2/userinfo' + clientID: 'private' + clientSecret: 'tardis' + scope: 'openid users roles' + usernameParameter: 'sub' + groupsParameter: 'roles' + kibanaExternalHost: 'localhost:15601' + logoutUrl: 'https://oidctest.wsweet.org/oauth2/logout' + jwksURL: 'https://oidctest.wsweet.org/oauth2/jwks' diff --git a/ror-demo-cluster/conf/kbn-02/free-ror-newplatform-kibana.yml b/ror-demo-cluster/conf/kbn-02/free-ror-newplatform-kibana.yml new file mode 100644 index 0000000..c7797b8 --- /dev/null +++ b/ror-demo-cluster/conf/kbn-02/free-ror-newplatform-kibana.yml @@ -0,0 +1,20 @@ +server.host: 0.0.0.0 + +elasticsearch.username: kibana +elasticsearch.password: kibana +elasticsearch.ssl.verificationMode: none + +# generated with: +# $ openssl req -x509 -batch -nodes -days 3650 -newkey rsa:2048 -keyout kibana.key -out kibana.crt +server.ssl.enabled: true +server.ssl.certificate: /usr/share/kibana/config/kibana.crt +server.ssl.key: /usr/share/kibana/config/kibana.key +server.ssl.redirectHttpFromPort: 80 + +readonlyrest_kbn.logLevel: info +readonlyrest_kbn.cookiePass: '12312313123213123213123abcdefghijklm' + +xpack.reporting.encryptionKey: "12312313123213123213123abcdefghijklm11" +xpack.encryptedSavedObjects.encryptionKey: "12312313123213123213123abcdefghijklm11" + +kibana.index: ".kibana-02" \ No newline at end of file diff --git a/ror-demo-cluster/conf/kbn-02/kibana.crt b/ror-demo-cluster/conf/kbn-02/kibana.crt new file mode 100644 index 0000000..e299680 --- /dev/null +++ b/ror-demo-cluster/conf/kbn-02/kibana.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDazCCAlOgAwIBAgIUBiE6BT/+Rshrppljbwt9YUKI0L4wDQYJKoZIhvcNAQEL +BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM +GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDA5MjYxODQyNThaFw0zNDA5 +MjQxODQyNThaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw +HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDG3G4Thxy7EozvjLSipdvZqjqCsfsjS9hpYP3yCYHd +X6Zd1jEIrUnU7m0K9Mqnu4ws+rMKFVPG8VTGtwYtvhirp3E5Z452BCpPVlA95buA +tgFaPF7fD/KexrlZZguBGmGvg1Tl2XbuTPMxy2bOaQEB23MnKdfGrG/vrZW4dYBn +BdbITpZv3RTtpiM6nWLaGXKMuZKa5jLLvATqF6NyoSDzp0h/mLkAlyK9YGCcAfcX +FenpHfO7bXK0j+cuZOxLTqWqfvXk3W+PIti0x1oX+wCWUeLcunu55ULZiCmHkp1j +SxQRGJtlBFMcCQ1cqVzjCcXNG2yLhvvLiNbieZsQQEMVAgMBAAGjUzBRMB0GA1Ud +DgQWBBQAhrFCBCBAdrJH179OeQI2at+wHDAfBgNVHSMEGDAWgBQAhrFCBCBAdrJH +179OeQI2at+wHDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBI +esiejMlKXp0mj34N5NDs3I7+AHIFIGTY+u6I4kF+tuiAcCYWWF4cG3g0pJzvokIi +wIdjCQjXBwfbu6KBv0wphqlSJ9lwDPBGBG1Lc6Sg+wHTqrdwL8f4FcJF1IB92mLc +wNSQNnjqxgcD5AOTqVHIy9hhJVufZonypIMSRV5xndv5qGP2TjSM4bF/Cj3YIK9D +2pLAUG3Vj3YIr0jOiyRbYlzaXpV9hPwfkbLSrqi/RwHvZtUv7B7roAY1mSg5wYFg +CbHH7nmpV3wzaF47Y/k+O4+37DbCYuDJwrLyhqksqQiN55s4UG15ATBS8fYWfRnf +t2WXvSztBJ6TS+pOm6GM +-----END CERTIFICATE----- diff --git a/ror-demo-cluster/conf/kbn-02/kibana.key b/ror-demo-cluster/conf/kbn-02/kibana.key new file mode 100644 index 0000000..8bb8fc5 --- /dev/null +++ b/ror-demo-cluster/conf/kbn-02/kibana.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDG3G4Thxy7Eozv +jLSipdvZqjqCsfsjS9hpYP3yCYHdX6Zd1jEIrUnU7m0K9Mqnu4ws+rMKFVPG8VTG +twYtvhirp3E5Z452BCpPVlA95buAtgFaPF7fD/KexrlZZguBGmGvg1Tl2XbuTPMx +y2bOaQEB23MnKdfGrG/vrZW4dYBnBdbITpZv3RTtpiM6nWLaGXKMuZKa5jLLvATq +F6NyoSDzp0h/mLkAlyK9YGCcAfcXFenpHfO7bXK0j+cuZOxLTqWqfvXk3W+PIti0 +x1oX+wCWUeLcunu55ULZiCmHkp1jSxQRGJtlBFMcCQ1cqVzjCcXNG2yLhvvLiNbi +eZsQQEMVAgMBAAECggEAF5FSPmA56HXXXCCJ2+jaOF6zVn/vaox3lm2XSxMTYAAR +AHf9EbEv2dtz8uN2DRDuGPqRM3W5mw9I49AXHF62H8nVYl9Cg/wUY5iwI9XRNfzc +Biy3dao3L9gPaWftnxxYTWu8KQ1vyeg2vkUD5xyMsQKoEBEmcHZJQdeJsfXDBPJ3 +tQSkDSrnr4f7uEQvr9iidEXnyfz1azF0snZ00IkBXRV2dcbTOIu6W+2uI1/Pthjt +rAoqvSuwBlUtvQG7Btat4tL84LNTfH+SoXJK1v4JwbqydV/U47Cc0Tp2inJugfVA +o6Cj5ptKvxI7mkFQuoyG4bm3x+79XeNbrYxhBK3hlQKBgQDnvMTfdIxC+rU+cKY0 +6sEaCzNbh3ZGqgVpBRj0i7EfdBNOctzlFSQGQhCD1SnXc7ihNZ5t2MKJRap3MNDX +Xh6jllgkjXnw1V+b2E1nBtkp/F8dWnrvzwJbSN+KeCP+zio6g2gKYLZab0GIRTEB +QvXgeaWAmIuxq2GENF8K1FuQYwKBgQDbrnsDKJI3rpfLbzrZB22gwdmq7wZWllzc +1Axiqn6xXqghXPLna3fDAbisQgRrQFTjBU9gM3isp4PGVurdPQa35ve6UAgoJUat +hIqvBzcbER3YEBksJtLvai9m9yQ69vYdMPbR10ZhA6EqTcp2MgyIEvAvue964J2p +3L1/r6bsJwKBgCksRN5e2rzbxm/9m8ozG3QBIXLVspIDi0qJeVGZsDKicPuzNMQO +6YOjIUQLD5AUI22hFTD3Hjk9g3gB2Fkrg84U3DxCVrQPdRk/aSEw+kyXZl7UwJry +8Lw/SlhT2DFhd+dFiaquXDfdJIuNn5NVzlG/y0P51ngOtxjCJVDLQil5AoGAa0qk +Ob6u6xMSgAErNKQ0HreOn7Vt2wxE/nVyNx4eEnKwmtrSp8QNEejdUQRNNDSPQPFu ++wUoguqtqUj6HGOZzGe5xf0gfrr18fkx4pobh9SsRsJWCQJNMzEhRaCeyU2klk07 +vvDtJqSnKgokP+XhyPO26xhcph7d4gA1bQ9U7zECgYAX4Fe9+2Uzmu035C5oHgUv +dA4NRP9lutpH0uboUxo1hdxKtTM1dmeXAj+SL5jyYBpfE3c8Ha3QGlIN8sHiKZTA +0A3bRAHjoKNULPgiODmwaK9y1vOm0Kol6QsJ3QZrc+iHf3wscMnimSwH2XxPnNSD +zh06Wun9UBVUZbdsIPDcLg== +-----END PRIVATE KEY----- diff --git a/ror-demo-cluster/conf/kbn/free-ror-newplatform-kibana.yml b/ror-demo-cluster/conf/kbn-02/pro-ror-newplatform-kibana.yml similarity index 100% rename from ror-demo-cluster/conf/kbn/free-ror-newplatform-kibana.yml rename to ror-demo-cluster/conf/kbn-02/pro-ror-newplatform-kibana.yml diff --git a/ror-demo-cluster/conf/kbn-02/ror-oldplatform-kibana.yml b/ror-demo-cluster/conf/kbn-02/ror-oldplatform-kibana.yml new file mode 100644 index 0000000..de0b5d6 --- /dev/null +++ b/ror-demo-cluster/conf/kbn-02/ror-oldplatform-kibana.yml @@ -0,0 +1,15 @@ +server.name: kibana-ror +server.host: 0.0.0.0 + +elasticsearch.username: kibana +elasticsearch.password: kibana +elasticsearch.ssl.verificationMode: none + +# generated with: +# $ openssl req -x509 -batch -nodes -days 3650 -newkey rsa:2048 -keyout kibana.key -out kibana.crt +server.ssl.enabled: true +server.ssl.certificate: /usr/share/kibana/config/kibana.crt +server.ssl.key: /usr/share/kibana/config/kibana.key +server.ssl.redirectHttpFromPort: 80 + +xpack.security.enabled: false diff --git a/ror-demo-cluster/docker-compose.yml b/ror-demo-cluster/docker-compose.yml index 4da7e38..ac6fc3f 100644 --- a/ror-demo-cluster/docker-compose.yml +++ b/ror-demo-cluster/docker-compose.yml @@ -1,27 +1,4 @@ services: - # Enterprise-only service - keycloak: - image: quay.io/keycloak/keycloak:20.0.5 - profiles: ["ENT"] - environment: - - KEYCLOAK_ADMIN=admin - - KEYCLOAK_ADMIN_PASSWORD=admin - - KEYCLOAK_FRONTEND_URL=http://kc.localhost:8080 - volumes: - - ./conf/keycloak/ror-realm.json:/opt/keycloak/data/import/ror-realm.json:ro - command: ["start-dev", "--import-realm", "--hostname=kc.localhost", "--http-enabled=true", "--http-port=8080"] - ports: - - "8080:8080" - healthcheck: - test: ["CMD-SHELL", "curl -fksS --connect-timeout 3 --max-time 5 --retry 5 --retry-connrefused http://127.0.0.1:8080/realms/ror/.well-known/openid-configuration >/dev/null || exit 1"] - interval: 10s - timeout: 10s - retries: 30 - start_period: 40s - networks: - es-ror-network: - aliases: - - kc.localhost es-ror: build: @@ -55,10 +32,10 @@ services: soft: -1 hard: -1 - kbn-ror: + kbn-ror-01: build: context: . - dockerfile: images/kbn/${KBN_DOCKERFILE:-KBN_DOCKERFILE_NOT_CONFIGURED} + dockerfile: images/kbn-01/${KBN_DOCKERFILE:-KBN_DOCKERFILE_NOT_CONFIGURED} args: KBN_VERSION: ${KBN_VERSION:-KBN_VERSION_NOT_CONFIGURED} ROR_VERSION: ${ROR_KBN_VERSION:-ROR_KBN_VERSION_NOT_CONFIGURED} @@ -67,14 +44,43 @@ services: depends_on: es-ror: condition: service_healthy - keycloak: - condition: service_healthy - required: false ports: - "15601:5601" environment: ELASTICSEARCH_HOSTS: https://es-ror:9200 ROR_ACTIVATION_KEY: $ROR_ACTIVATION_KEY + SERVER_NAME: kbn-ror-01 + healthcheck: + test: ["CMD-SHELL", "curl -fksS --connect-timeout 3 --max-time 5 --retry 2 --retry-connrefused -u admin:admin https://127.0.0.1:5601/api/features >/dev/null || exit 1"] + interval: 10s + timeout: 10s + retries: 30 + start_period: 60s + networks: + - es-ror-network + ulimits: + memlock: + soft: -1 + hard: -1 + + kbn-ror-02: + build: + context: . + dockerfile: images/kbn-02/${KBN_DOCKERFILE:-KBN_DOCKERFILE_NOT_CONFIGURED} + args: + KBN_VERSION: ${KBN_VERSION:-KBN_VERSION_NOT_CONFIGURED} + ROR_VERSION: ${ROR_KBN_VERSION:-ROR_KBN_VERSION_NOT_CONFIGURED} + ROR_FILE: ${KBN_ROR_FILE:-KBN_ROR_FILE_NOT_CONFIGURED} + ROR_LICENSE_EDITION: ${ROR_LICENSE_EDITION:-ROR_LICENSE_EDITION_NOT_CONFIGURED} + depends_on: + es-ror: + condition: service_healthy + ports: + - "25601:5601" + environment: + ELASTICSEARCH_HOSTS: https://es-ror:9200 + ROR_ACTIVATION_KEY: $ROR_ACTIVATION_KEY + SERVER_NAME: kbn-ror-02 healthcheck: test: ["CMD-SHELL", "curl -fksS --connect-timeout 3 --max-time 5 --retry 2 --retry-connrefused -u admin:admin https://127.0.0.1:5601/api/features >/dev/null || exit 1"] interval: 10s @@ -95,7 +101,9 @@ services: depends_on: es-ror: condition: service_healthy - kbn-ror: + kbn-ror-01: + condition: service_healthy + kbn-ror-02: condition: service_healthy environment: ELASTICSEARCH_ADDRESS: https://es-ror:9200 diff --git a/ror-demo-cluster/images/kbn-01/Dockerfile-use-ror-binaries-from-api b/ror-demo-cluster/images/kbn-01/Dockerfile-use-ror-binaries-from-api new file mode 100644 index 0000000..448f907 --- /dev/null +++ b/ror-demo-cluster/images/kbn-01/Dockerfile-use-ror-binaries-from-api @@ -0,0 +1,22 @@ +ARG KBN_VERSION=please_set_kbn_version_arg + +FROM docker.elastic.co/kibana/kibana:${KBN_VERSION} + +ARG KBN_VERSION=please_set_kbn_version_arg +ARG ROR_VERSION=please_set_ror_version_arg +ARG ROR_LICENSE_EDITION=please_set_ror_license_edition_arg + +COPY conf/kbn-01/ror-oldplatform-kibana.yml /usr/share/kibana/config/ror-oldplatform-kibana.yml +COPY conf/kbn-01/enterprise-ror-newplatform-kibana.yml /usr/share/kibana/config/enterprise-ror-newplatform-kibana.yml +COPY conf/kbn-01/pro-ror-newplatform-kibana.yml /usr/share/kibana/config/pro-ror-newplatform-kibana.yml +COPY conf/kbn-01/free-ror-newplatform-kibana.yml /usr/share/kibana/config/free-ror-newplatform-kibana.yml +COPY conf/kbn-01/kibana.crt /usr/share/kibana/config/kibana.crt +COPY conf/kbn-01/kibana.key /usr/share/kibana/config/kibana.key +COPY images/kbn-01/install-ror-kbn-using-api.sh /tmp/install-ror.sh + +USER root + +RUN /tmp/install-ror.sh && \ + chown -R kibana:kibana /usr/share/kibana/config + +USER kibana diff --git a/ror-demo-cluster/images/kbn-01/Dockerfile-use-ror-binaries-from-file b/ror-demo-cluster/images/kbn-01/Dockerfile-use-ror-binaries-from-file new file mode 100644 index 0000000..586682b --- /dev/null +++ b/ror-demo-cluster/images/kbn-01/Dockerfile-use-ror-binaries-from-file @@ -0,0 +1,23 @@ +ARG KBN_VERSION=please_set_kbn_version_arg + +FROM docker.elastic.co/kibana/kibana:${KBN_VERSION} + +ARG KBN_VERSION=please_set_kbn_version_arg +ARG ROR_FILE=please_set_ror_file_path +ARG ROR_LICENSE_EDITION=please_set_ror_license_edition_arg + +COPY conf/kbn-01/ror-oldplatform-kibana.yml /usr/share/kibana/config/ror-oldplatform-kibana.yml +COPY conf/kbn-01/enterprise-ror-newplatform-kibana.yml /usr/share/kibana/config/enterprise-ror-newplatform-kibana.yml +COPY conf/kbn-01/pro-ror-newplatform-kibana.yml /usr/share/kibana/config/pro-ror-newplatform-kibana.yml +COPY conf/kbn-01/free-ror-newplatform-kibana.yml /usr/share/kibana/config/free-ror-newplatform-kibana.yml +COPY conf/kbn-01/kibana.crt /usr/share/kibana/config/kibana.crt +COPY conf/kbn-01/kibana.key /usr/share/kibana/config/kibana.key +COPY images/kbn-01/install-ror-kbn-using-file.sh /tmp/install-ror.sh +COPY $ROR_FILE /tmp/ror.zip + +USER root + +RUN /tmp/install-ror.sh && \ + chown -R kibana:kibana /usr/share/kibana/config + +USER kibana diff --git a/ror-demo-cluster/images/kbn/install-ror-kbn-using-api.sh b/ror-demo-cluster/images/kbn-01/install-ror-kbn-using-api.sh similarity index 100% rename from ror-demo-cluster/images/kbn/install-ror-kbn-using-api.sh rename to ror-demo-cluster/images/kbn-01/install-ror-kbn-using-api.sh diff --git a/ror-demo-cluster/images/kbn/install-ror-kbn-using-file.sh b/ror-demo-cluster/images/kbn-01/install-ror-kbn-using-file.sh similarity index 100% rename from ror-demo-cluster/images/kbn/install-ror-kbn-using-file.sh rename to ror-demo-cluster/images/kbn-01/install-ror-kbn-using-file.sh diff --git a/ror-demo-cluster/images/kbn-02/Dockerfile-use-ror-binaries-from-api b/ror-demo-cluster/images/kbn-02/Dockerfile-use-ror-binaries-from-api new file mode 100644 index 0000000..9f93ab8 --- /dev/null +++ b/ror-demo-cluster/images/kbn-02/Dockerfile-use-ror-binaries-from-api @@ -0,0 +1,22 @@ +ARG KBN_VERSION=please_set_kbn_version_arg + +FROM docker.elastic.co/kibana/kibana:${KBN_VERSION} + +ARG KBN_VERSION=please_set_kbn_version_arg +ARG ROR_VERSION=please_set_ror_version_arg +ARG ROR_LICENSE_EDITION=please_set_ror_license_edition_arg + +COPY conf/kbn-02/ror-oldplatform-kibana.yml /usr/share/kibana/config/ror-oldplatform-kibana.yml +COPY conf/kbn-02/enterprise-ror-newplatform-kibana.yml /usr/share/kibana/config/enterprise-ror-newplatform-kibana.yml +COPY conf/kbn-02/pro-ror-newplatform-kibana.yml /usr/share/kibana/config/pro-ror-newplatform-kibana.yml +COPY conf/kbn-02/free-ror-newplatform-kibana.yml /usr/share/kibana/config/free-ror-newplatform-kibana.yml +COPY conf/kbn-02/kibana.crt /usr/share/kibana/config/kibana.crt +COPY conf/kbn-02/kibana.key /usr/share/kibana/config/kibana.key +COPY images/kbn-02/install-ror-kbn-using-api.sh /tmp/install-ror.sh + +USER root + +RUN /tmp/install-ror.sh && \ + chown -R kibana:kibana /usr/share/kibana/config + +USER kibana diff --git a/ror-demo-cluster/images/kbn-02/Dockerfile-use-ror-binaries-from-file b/ror-demo-cluster/images/kbn-02/Dockerfile-use-ror-binaries-from-file new file mode 100644 index 0000000..9b927a2 --- /dev/null +++ b/ror-demo-cluster/images/kbn-02/Dockerfile-use-ror-binaries-from-file @@ -0,0 +1,23 @@ +ARG KBN_VERSION=please_set_kbn_version_arg + +FROM docker.elastic.co/kibana/kibana:${KBN_VERSION} + +ARG KBN_VERSION=please_set_kbn_version_arg +ARG ROR_FILE=please_set_ror_file_path +ARG ROR_LICENSE_EDITION=please_set_ror_license_edition_arg + +COPY conf/kbn-02/ror-oldplatform-kibana.yml /usr/share/kibana/config/ror-oldplatform-kibana.yml +COPY conf/kbn-02/enterprise-ror-newplatform-kibana.yml /usr/share/kibana/config/enterprise-ror-newplatform-kibana.yml +COPY conf/kbn-02/pro-ror-newplatform-kibana.yml /usr/share/kibana/config/pro-ror-newplatform-kibana.yml +COPY conf/kbn-02/free-ror-newplatform-kibana.yml /usr/share/kibana/config/free-ror-newplatform-kibana.yml +COPY conf/kbn-02/kibana.crt /usr/share/kibana/config/kibana.crt +COPY conf/kbn-02/kibana.key /usr/share/kibana/config/kibana.key +COPY images/kbn-02/install-ror-kbn-using-file.sh /tmp/install-ror.sh +COPY $ROR_FILE /tmp/ror.zip + +USER root + +RUN /tmp/install-ror.sh && \ + chown -R kibana:kibana /usr/share/kibana/config + +USER kibana diff --git a/ror-demo-cluster/images/kbn-02/install-ror-kbn-using-api.sh b/ror-demo-cluster/images/kbn-02/install-ror-kbn-using-api.sh new file mode 100755 index 0000000..5fa2d92 --- /dev/null +++ b/ror-demo-cluster/images/kbn-02/install-ror-kbn-using-api.sh @@ -0,0 +1,74 @@ +#!/bin/bash -e + +function greater_than_or_equal() { + [ "$1" = "$(echo -e "$1\n$2" | sort -V | tail -n 1)" ]; +} + +if [[ -z "$KBN_VERSION" ]]; then + echo "No KBN_VERSION variable is set" + exit 1 +fi + +if [[ -z "$ROR_VERSION" ]]; then + echo "No ROR_VERSION variable is set" + exit 3 +fi + +ROR_KBN_EDITION="" +if greater_than_or_equal "$ROR_VERSION" "1.43.0" && greater_than_or_equal "$KBN_VERSION" "7.9.0"; then + ROR_KBN_EDITION="kbn_universal" +else + ROR_KBN_EDITION="kbn_free" +fi +ROR_DOWNLOAD_URL="https://api.beshu.tech/download/kbn?esVersion=$KBN_VERSION&pluginVersion=$ROR_VERSION&edition=$ROR_KBN_EDITION&email=ror-sandbox%40readonlyrest.com" + +echo "Installing KBN ROR $ROR_VERSION..." +if ! greater_than_or_equal "$KBN_VERSION" "7.0.0"; then + export NODE_OPTIONS="--max-old-space-size=8192" +fi + +if greater_than_or_equal "$KBN_VERSION" "7.11.0" ; then + /usr/share/kibana/bin/kibana-plugin install "$ROR_DOWNLOAD_URL" +elif greater_than_or_equal "$KBN_VERSION" "7.2.0" ; then + /usr/share/kibana/bin/kibana-plugin install --allow-root "$ROR_DOWNLOAD_URL" +else + /usr/share/kibana/bin/kibana-plugin install "$ROR_DOWNLOAD_URL" +fi + +if greater_than_or_equal "$KBN_VERSION" "8.15.0" ; then + echo "Patching KBN $KBN_VERSION (ROR $ROR_VERSION)..." + /usr/share/kibana/node/glibc-217/bin/node plugins/readonlyrestkbn/ror-tools.js patch --I_UNDERSTAND_AND_ACCEPT_KBN_PATCHING=yes +elif greater_than_or_equal "$KBN_VERSION" "7.9.0" ; then + echo "Patching KBN $KBN_VERSION (ROR $ROR_VERSION)..." + /usr/share/kibana/node/bin/node plugins/readonlyrestkbn/ror-tools.js patch --I_UNDERSTAND_AND_ACCEPT_KBN_PATCHING=yes +fi + + if greater_than_or_equal "$KBN_VERSION" "7.9.0"; then + case "${ROR_LICENSE_EDITION:-}" in + ENT) + mv /usr/share/kibana/config/enterprise-ror-newplatform-kibana.yml \ + /usr/share/kibana/config/kibana.yml + ;; + PRO) + mv /usr/share/kibana/config/pro-ror-newplatform-kibana.yml \ + /usr/share/kibana/config/kibana.yml + ;; + FREE) + mv /usr/share/kibana/config/free-ror-newplatform-kibana.yml \ + /usr/share/kibana/config/kibana.yml + ;; + "") + echo "ERROR: ROR_LICENSE_EDITION is not set" >&2 + exit 1 + ;; + *) + echo "ERROR: Unsupported ROR_LICENSE_EDITION='${ROR_LICENSE_EDITION}'" >&2 + exit 2 + ;; + esac + else + mv /usr/share/kibana/config/ror-oldplatform-kibana.yml /usr/share/kibana/config/kibana.yml + rm -rf /usr/share/kibana/optimize # for some reason we have to remove it and let kibana optimize it on startup + fi + +echo "DONE!" diff --git a/ror-demo-cluster/images/kbn-02/install-ror-kbn-using-file.sh b/ror-demo-cluster/images/kbn-02/install-ror-kbn-using-file.sh new file mode 100755 index 0000000..ab04efe --- /dev/null +++ b/ror-demo-cluster/images/kbn-02/install-ror-kbn-using-file.sh @@ -0,0 +1,59 @@ +#!/bin/bash -e + +function greater_than_or_equal() { + [ "$1" = "$(echo -e "$1\n$2" | sort -V | tail -n 1)" ]; +} + +if [[ -z "$KBN_VERSION" ]]; then + echo "No KBN_VERSION variable is set" + exit 1 +fi + +echo "Installing KBN ROR $ROR_VERSION..." +if ! greater_than_or_equal "$KBN_VERSION" "7.0.0"; then + export NODE_OPTIONS="--max-old-space-size=8192" +fi + +if greater_than_or_equal "$KBN_VERSION" "7.11.0" ; then + /usr/share/kibana/bin/kibana-plugin install file:///tmp/ror.zip +else + /usr/share/kibana/bin/kibana-plugin install --allow-root file:///tmp/ror.zip +fi + +if greater_than_or_equal "$KBN_VERSION" "8.15.0" ; then + echo "Patching KBN $KBN_VERSION (ROR $ROR_VERSION)..." + /usr/share/kibana/node/glibc-217/bin/node plugins/readonlyrestkbn/ror-tools.js patch --I_UNDERSTAND_AND_ACCEPT_KBN_PATCHING=yes +elif greater_than_or_equal "$KBN_VERSION" "7.9.0" ; then + echo "Patching KBN $KBN_VERSION (ROR $ROR_VERSION)..." + /usr/share/kibana/node/bin/node plugins/readonlyrestkbn/ror-tools.js patch --I_UNDERSTAND_AND_ACCEPT_KBN_PATCHING=yes +fi + + if greater_than_or_equal "$KBN_VERSION" "7.9.0"; then + case "${ROR_LICENSE_EDITION:-}" in + ENT) + mv /usr/share/kibana/config/enterprise-ror-newplatform-kibana.yml \ + /usr/share/kibana/config/kibana.yml + ;; + PRO) + mv /usr/share/kibana/config/pro-ror-newplatform-kibana.yml \ + /usr/share/kibana/config/kibana.yml + ;; + FREE) + mv /usr/share/kibana/config/free-ror-newplatform-kibana.yml \ + /usr/share/kibana/config/kibana.yml + ;; + "") + echo "ERROR: ROR_LICENSE_EDITION is not set" >&2 + exit 1 + ;; + *) + echo "ERROR: Unsupported ROR_LICENSE_EDITION='${ROR_LICENSE_EDITION}'" >&2 + exit 2 + ;; + esac + else + mv /usr/share/kibana/config/ror-oldplatform-kibana.yml /usr/share/kibana/config/kibana.yml + rm -rf /usr/share/kibana/optimize # for some reason we have to remove it and let kibana optimize it on startup + fi + +echo "DONE!" \ No newline at end of file diff --git a/ror-demo-cluster/images/kbn/Dockerfile-use-ror-binaries-from-api b/ror-demo-cluster/images/kbn/Dockerfile-use-ror-binaries-from-api deleted file mode 100644 index 4e66c4f..0000000 --- a/ror-demo-cluster/images/kbn/Dockerfile-use-ror-binaries-from-api +++ /dev/null @@ -1,22 +0,0 @@ -ARG KBN_VERSION=please_set_kbn_version_arg - -FROM docker.elastic.co/kibana/kibana:${KBN_VERSION} - -ARG KBN_VERSION=please_set_kbn_version_arg -ARG ROR_VERSION=please_set_ror_version_arg -ARG ROR_LICENSE_EDITION=please_set_ror_license_edition_arg - -COPY conf/kbn/ror-oldplatform-kibana.yml /usr/share/kibana/config/ror-oldplatform-kibana.yml -COPY conf/kbn/enterprise-ror-newplatform-kibana.yml /usr/share/kibana/config/enterprise-ror-newplatform-kibana.yml -COPY conf/kbn/pro-ror-newplatform-kibana.yml /usr/share/kibana/config/pro-ror-newplatform-kibana.yml -COPY conf/kbn/free-ror-newplatform-kibana.yml /usr/share/kibana/config/free-ror-newplatform-kibana.yml -COPY conf/kbn/kibana.crt /usr/share/kibana/config/kibana.crt -COPY conf/kbn/kibana.key /usr/share/kibana/config/kibana.key -COPY images/kbn/install-ror-kbn-using-api.sh /tmp/install-ror.sh - -USER root - -RUN /tmp/install-ror.sh && \ - chown -R kibana:kibana /usr/share/kibana/config - -USER kibana diff --git a/ror-demo-cluster/images/kbn/Dockerfile-use-ror-binaries-from-file b/ror-demo-cluster/images/kbn/Dockerfile-use-ror-binaries-from-file deleted file mode 100644 index 8ea7747..0000000 --- a/ror-demo-cluster/images/kbn/Dockerfile-use-ror-binaries-from-file +++ /dev/null @@ -1,23 +0,0 @@ -ARG KBN_VERSION=please_set_kbn_version_arg - -FROM docker.elastic.co/kibana/kibana:${KBN_VERSION} - -ARG KBN_VERSION=please_set_kbn_version_arg -ARG ROR_FILE=please_set_ror_file_path -ARG ROR_LICENSE_EDITION=please_set_ror_license_edition_arg - -COPY conf/kbn/ror-oldplatform-kibana.yml /usr/share/kibana/config/ror-oldplatform-kibana.yml -COPY conf/kbn/enterprise-ror-newplatform-kibana.yml /usr/share/kibana/config/enterprise-ror-newplatform-kibana.yml -COPY conf/kbn/pro-ror-newplatform-kibana.yml /usr/share/kibana/config/pro-ror-newplatform-kibana.yml -COPY conf/kbn/free-ror-newplatform-kibana.yml /usr/share/kibana/config/free-ror-newplatform-kibana.yml -COPY conf/kbn/kibana.crt /usr/share/kibana/config/kibana.crt -COPY conf/kbn/kibana.key /usr/share/kibana/config/kibana.key -COPY images/kbn/install-ror-kbn-using-file.sh /tmp/install-ror.sh -COPY $ROR_FILE /tmp/ror.zip - -USER root - -RUN /tmp/install-ror.sh && \ - chown -R kibana:kibana /usr/share/kibana/config - -USER kibana diff --git a/shared/init-scripts/export-ror-user1.ndjson b/shared/init-scripts/export-ror-user1.ndjson new file mode 100644 index 0000000..0fbb18c --- /dev/null +++ b/shared/init-scripts/export-ror-user1.ndjson @@ -0,0 +1,3 @@ +{"attributes":{"fieldAttrs":"{}","fieldFormatMap":"{}","fields":"[]","name":"data-view-example-user1","runtimeFieldMap":"{}","sourceFilters":"[]","title":"ex*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2023-12-20T20:57:19.459Z","id":"e32d03d0-ba47-4e7e-a76d-e5cfbcb62030","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2023-12-20T20:57:19.459Z","version":"WzExNywxXQ=="} +{"attributes":{"columns":[],"description":"","grid":{},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"timeRestore":false,"title":"search-data-view-example-user1","usesAdHocDataView":false},"coreMigrationVersion":"8.8.0","created_at":"2023-12-20T21:00:28.881Z","id":"ce2aec10-9f7a-11ee-b0ac-693579a2408a","managed":false,"references":[{"id":"e32d03d0-ba47-4e7e-a76d-e5cfbcb62030","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2023-12-20T21:00:28.881Z","version":"WzgsMV0="} +{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":2,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/shared/init-scripts/export-ror-user2.ndjson b/shared/init-scripts/export-ror-user2.ndjson new file mode 100644 index 0000000..1de1724 --- /dev/null +++ b/shared/init-scripts/export-ror-user2.ndjson @@ -0,0 +1,3 @@ +{"attributes":{"fieldAttrs":"{}","fieldFormatMap":"{}","fields":"[]","name":"data-view-example-user2","runtimeFieldMap":"{}","sourceFilters":"[]","title":"exam*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2023-12-20T20:58:59.526Z","id":"e3bffbb1-51c4-482f-b5a0-52e75961c8ba","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2023-12-20T20:58:59.526Z","version":"WzEzMiwxXQ=="} +{"attributes":{"columns":[],"description":"","grid":{},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"timeRestore":false,"title":"search-data-view-example-user2","usesAdHocDataView":false},"coreMigrationVersion":"8.8.0","created_at":"2023-12-20T21:00:53.189Z","id":"dca80750-9f7a-11ee-b0ac-693579a2408a","managed":false,"references":[{"id":"e3bffbb1-51c4-482f-b5a0-52e75961c8ba","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2023-12-20T21:00:53.189Z","version":"WzksMV0="} +{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":2,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/shared/init-scripts/report-init.sh b/shared/init-scripts/report-init.sh new file mode 100755 index 0000000..ee3e2af --- /dev/null +++ b/shared/init-scripts/report-init.sh @@ -0,0 +1,36 @@ +#!/bin/bash -ex + +cd "$(dirname "$0")" + +source utils/lib.sh + +for i in $(seq 0 100); do + putDocument "example" "{\"id\": $i}" +done + +import_saved_obj () { + local USR=$1 + local PASS=$2 + DEST_ID=$(curl -sk -u "$USR":"$PASS" -XPOST -H "kbn-xsrf: true" "https://kbn-ror-01:5601/api/saved_objects/_import?createNewCopies=false" --form file=@export-ror-$USR.ndjson | jq -r .successResults[0].id) + echo "$DEST_ID" +} + +run_report () { + local USR=$1 + local PASS=$2 + local DEST_ID=$3 + curl -fvk -u "$USR":"$PASS" -XPOST -H "kbn-xsrf: true" "https://kbn-ror-01:5601/api/reporting/generate/csv_searchsource?jobParams=%28browserTimezone%3AEurope%2FWarsaw%2Ccolumns%3A%21%28%29%2CobjectType%3Asearch%2CsearchSource%3A%28fields%3A%21%28%28field%3A%27%2A%27%2Cinclude_unmapped%3Atrue%29%29%2Cfilter%3A%21%28%29%2Cindex%3A$DEST_ID%2Cquery%3A%28language%3Akuery%2Cquery%3A%27%27%29%2Csort%3A%21%28%28_score%3Adesc%29%29%29%2Ctitle%3Asearch-data-view-example-$USR%2Cversion%3A%278.11.3%27%29" +} + + +DEST_ID=$(import_saved_obj "user1" "test") +sleep 5 +for i in $(seq 0 3); do + run_report "user1" "test" "$DEST_ID" +done + +DEST_ID=$(import_saved_obj "user2" "test") +sleep 5 +for i in $(seq 0 5); do + run_report "user2" "test" "$DEST_ID" +done \ No newline at end of file From 4ddb718e65f4fa22b8096741914f4c76babfe9a3 Mon Sep 17 00:00:00 2001 From: Dawid Poliszak Date: Fri, 16 Jan 2026 08:19:15 +0100 Subject: [PATCH 3/8] add task-manager and reporting index per Kibana instance --- ror-demo-cluster/conf/kbn-01/free-ror-newplatform-kibana.yml | 4 +++- ror-demo-cluster/conf/kbn-02/free-ror-newplatform-kibana.yml | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ror-demo-cluster/conf/kbn-01/free-ror-newplatform-kibana.yml b/ror-demo-cluster/conf/kbn-01/free-ror-newplatform-kibana.yml index 9391462..dc0f447 100644 --- a/ror-demo-cluster/conf/kbn-01/free-ror-newplatform-kibana.yml +++ b/ror-demo-cluster/conf/kbn-01/free-ror-newplatform-kibana.yml @@ -17,4 +17,6 @@ readonlyrest_kbn.cookiePass: '12312313123213123213123abcdefghijklm' xpack.reporting.encryptionKey: "12312313123213123213123abcdefghijklm11" xpack.encryptedSavedObjects.encryptionKey: "12312313123213123213123abcdefghijklm11" -kibana.index: ".kibana-01" \ No newline at end of file +kibana.index: ".kibana-01" +xpack.task_manager.index: ".task-manager-01" +xpack.reporting.index: ".reporting-01" \ No newline at end of file diff --git a/ror-demo-cluster/conf/kbn-02/free-ror-newplatform-kibana.yml b/ror-demo-cluster/conf/kbn-02/free-ror-newplatform-kibana.yml index c7797b8..ba49f3f 100644 --- a/ror-demo-cluster/conf/kbn-02/free-ror-newplatform-kibana.yml +++ b/ror-demo-cluster/conf/kbn-02/free-ror-newplatform-kibana.yml @@ -17,4 +17,6 @@ readonlyrest_kbn.cookiePass: '12312313123213123213123abcdefghijklm' xpack.reporting.encryptionKey: "12312313123213123213123abcdefghijklm11" xpack.encryptedSavedObjects.encryptionKey: "12312313123213123213123abcdefghijklm11" -kibana.index: ".kibana-02" \ No newline at end of file +kibana.index: ".kibana-02" +xpack.task_manager.index: ".task-manager-02" +xpack.reporting.index: ".reporting-02" \ No newline at end of file From 2156d5ba691d817de9a9ce1558b1a86a7c8bda19 Mon Sep 17 00:00:00 2001 From: coutoPL Date: Fri, 16 Jan 2026 09:24:47 +0100 Subject: [PATCH 4/8] fix --- shared/init-scripts/report-init.sh | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/shared/init-scripts/report-init.sh b/shared/init-scripts/report-init.sh index ee3e2af..08c83a3 100755 --- a/shared/init-scripts/report-init.sh +++ b/shared/init-scripts/report-init.sh @@ -11,7 +11,8 @@ done import_saved_obj () { local USR=$1 local PASS=$2 - DEST_ID=$(curl -sk -u "$USR":"$PASS" -XPOST -H "kbn-xsrf: true" "https://kbn-ror-01:5601/api/saved_objects/_import?createNewCopies=false" --form file=@export-ror-$USR.ndjson | jq -r .successResults[0].id) + local KBN_INSTANCE=$3 + DEST_ID=$(curl -sk -u "$USR":"$PASS" -XPOST -H "kbn-xsrf: true" "https://$KBN_INSTANCE:5601/api/saved_objects/_import?createNewCopies=false" --form file=@export-ror-$USR.ndjson | jq -r .successResults[0].id) echo "$DEST_ID" } @@ -19,18 +20,19 @@ run_report () { local USR=$1 local PASS=$2 local DEST_ID=$3 - curl -fvk -u "$USR":"$PASS" -XPOST -H "kbn-xsrf: true" "https://kbn-ror-01:5601/api/reporting/generate/csv_searchsource?jobParams=%28browserTimezone%3AEurope%2FWarsaw%2Ccolumns%3A%21%28%29%2CobjectType%3Asearch%2CsearchSource%3A%28fields%3A%21%28%28field%3A%27%2A%27%2Cinclude_unmapped%3Atrue%29%29%2Cfilter%3A%21%28%29%2Cindex%3A$DEST_ID%2Cquery%3A%28language%3Akuery%2Cquery%3A%27%27%29%2Csort%3A%21%28%28_score%3Adesc%29%29%29%2Ctitle%3Asearch-data-view-example-$USR%2Cversion%3A%278.11.3%27%29" + local KBN_INSTANCE=$4 + curl -fvk -u "$USR":"$PASS" -XPOST -H "kbn-xsrf: true" "https://$KBN_INSTANCE:5601/api/reporting/generate/csv_searchsource?jobParams=%28browserTimezone%3AEurope%2FWarsaw%2Ccolumns%3A%21%28%29%2CobjectType%3Asearch%2CsearchSource%3A%28fields%3A%21%28%28field%3A%27%2A%27%2Cinclude_unmapped%3Atrue%29%29%2Cfilter%3A%21%28%29%2Cindex%3A$DEST_ID%2Cquery%3A%28language%3Akuery%2Cquery%3A%27%27%29%2Csort%3A%21%28%28_score%3Adesc%29%29%29%2Ctitle%3Asearch-data-view-example-$USR%2Cversion%3A%278.11.3%27%29" } -DEST_ID=$(import_saved_obj "user1" "test") +DEST_ID=$(import_saved_obj "user1" "test" "kbn-ror-01") sleep 5 for i in $(seq 0 3); do - run_report "user1" "test" "$DEST_ID" + run_report "user1" "test" "$DEST_ID" "kbn-ror-01" done -DEST_ID=$(import_saved_obj "user2" "test") +DEST_ID=$(import_saved_obj "user2" "test" "kbn-ror-02") sleep 5 for i in $(seq 0 5); do - run_report "user2" "test" "$DEST_ID" + run_report "user2" "test" "$DEST_ID" "kbn-ror-02" done \ No newline at end of file From 1d79f57f09baeceddb054a8081ab77d60bf7c3cd Mon Sep 17 00:00:00 2001 From: coutoPL Date: Fri, 16 Jan 2026 10:12:58 +0100 Subject: [PATCH 5/8] fix --- ror-demo-cluster/conf/es/readonlyrest.yml | 1 - shared/init-scripts/report-init.sh | 18 ++++++++++-------- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/ror-demo-cluster/conf/es/readonlyrest.yml b/ror-demo-cluster/conf/es/readonlyrest.yml index 095e63f..ba9a225 100644 --- a/ror-demo-cluster/conf/es/readonlyrest.yml +++ b/ror-demo-cluster/conf/es/readonlyrest.yml @@ -9,7 +9,6 @@ readonlyrest: - name: "KIBANA" type: allow auth_key: kibana:kibana - verbosity: error - name: "Admins" auth_key: admin:admin diff --git a/shared/init-scripts/report-init.sh b/shared/init-scripts/report-init.sh index 08c83a3..2293cc3 100755 --- a/shared/init-scripts/report-init.sh +++ b/shared/init-scripts/report-init.sh @@ -4,7 +4,7 @@ cd "$(dirname "$0")" source utils/lib.sh -for i in $(seq 0 100); do +for i in $(seq 0 1000); do putDocument "example" "{\"id\": $i}" done @@ -25,14 +25,16 @@ run_report () { } -DEST_ID=$(import_saved_obj "user1" "test" "kbn-ror-01") +DEST_ID_01=$(import_saved_obj "user1" "test" "kbn-ror-01") sleep 5 -for i in $(seq 0 3); do - run_report "user1" "test" "$DEST_ID" "kbn-ror-01" -done -DEST_ID=$(import_saved_obj "user2" "test" "kbn-ror-02") +DEST_ID_02=$(import_saved_obj "user2" "test" "kbn-ror-02") sleep 5 -for i in $(seq 0 5); do - run_report "user2" "test" "$DEST_ID" "kbn-ror-02" + +for i in $(seq 0 30); do + run_report "user1" "test" "$DEST_ID_01" "kbn-ror-01" & +done + +for i in $(seq 0 50); do + run_report "user2" "test" "$DEST_ID_02" "kbn-ror-02" & done \ No newline at end of file From 5351aa4970700e139be55d6b71eb8ff37cbc3095 Mon Sep 17 00:00:00 2001 From: coutoPL Date: Fri, 16 Jan 2026 10:17:48 +0100 Subject: [PATCH 6/8] commented out the xpack settings --- ror-demo-cluster/conf/kbn-01/free-ror-newplatform-kibana.yml | 4 ++-- ror-demo-cluster/conf/kbn-02/free-ror-newplatform-kibana.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ror-demo-cluster/conf/kbn-01/free-ror-newplatform-kibana.yml b/ror-demo-cluster/conf/kbn-01/free-ror-newplatform-kibana.yml index dc0f447..323fc1a 100644 --- a/ror-demo-cluster/conf/kbn-01/free-ror-newplatform-kibana.yml +++ b/ror-demo-cluster/conf/kbn-01/free-ror-newplatform-kibana.yml @@ -18,5 +18,5 @@ xpack.reporting.encryptionKey: "12312313123213123213123abcdefghijklm11" xpack.encryptedSavedObjects.encryptionKey: "12312313123213123213123abcdefghijklm11" kibana.index: ".kibana-01" -xpack.task_manager.index: ".task-manager-01" -xpack.reporting.index: ".reporting-01" \ No newline at end of file +#xpack.task_manager.index: ".task-manager-01" +#xpack.reporting.index: ".reporting-01" \ No newline at end of file diff --git a/ror-demo-cluster/conf/kbn-02/free-ror-newplatform-kibana.yml b/ror-demo-cluster/conf/kbn-02/free-ror-newplatform-kibana.yml index ba49f3f..6b03726 100644 --- a/ror-demo-cluster/conf/kbn-02/free-ror-newplatform-kibana.yml +++ b/ror-demo-cluster/conf/kbn-02/free-ror-newplatform-kibana.yml @@ -18,5 +18,5 @@ xpack.reporting.encryptionKey: "12312313123213123213123abcdefghijklm11" xpack.encryptedSavedObjects.encryptionKey: "12312313123213123213123abcdefghijklm11" kibana.index: ".kibana-02" -xpack.task_manager.index: ".task-manager-02" -xpack.reporting.index: ".reporting-02" \ No newline at end of file +#xpack.task_manager.index: ".task-manager-02" +#xpack.reporting.index: ".reporting-02" \ No newline at end of file From e53dc9c54e0237c40ce13d1a466f5fae3e41fb08 Mon Sep 17 00:00:00 2001 From: coutoPL Date: Fri, 16 Jan 2026 13:03:45 +0100 Subject: [PATCH 7/8] clean up --- .../conf/es/readonlyrest.yml | 2 +- .../conf/kbn-01/free-ror-newplatform-kibana.yml | 15 ++++++++------- .../conf/kbn-02/free-ror-newplatform-kibana.yml | 15 ++++++++------- 3 files changed, 17 insertions(+), 15 deletions(-) diff --git a/examples/ror-with-kibana-reverse-proxy-demo/conf/es/readonlyrest.yml b/examples/ror-with-kibana-reverse-proxy-demo/conf/es/readonlyrest.yml index a008d77..5c5432f 100644 --- a/examples/ror-with-kibana-reverse-proxy-demo/conf/es/readonlyrest.yml +++ b/examples/ror-with-kibana-reverse-proxy-demo/conf/es/readonlyrest.yml @@ -10,7 +10,7 @@ readonlyrest: type: allow auth_key: kibana:kibana verbosity: error - - name: USER_DEFAULT + auth_key: user2:dev verbosity: error indices: [".kibana*",".reporting-*", ".ds-.kibana-*", ".kibana-reporting-*", "xxx-*", "kibana_sample_data_*"] diff --git a/ror-demo-cluster/conf/kbn-01/free-ror-newplatform-kibana.yml b/ror-demo-cluster/conf/kbn-01/free-ror-newplatform-kibana.yml index 323fc1a..7c3e834 100644 --- a/ror-demo-cluster/conf/kbn-01/free-ror-newplatform-kibana.yml +++ b/ror-demo-cluster/conf/kbn-01/free-ror-newplatform-kibana.yml @@ -12,11 +12,12 @@ server.ssl.key: /usr/share/kibana/config/kibana.key server.ssl.redirectHttpFromPort: 80 readonlyrest_kbn.logLevel: info -readonlyrest_kbn.cookiePass: '12312313123213123213123abcdefghijklm' - -xpack.reporting.encryptionKey: "12312313123213123213123abcdefghijklm11" -xpack.encryptedSavedObjects.encryptionKey: "12312313123213123213123abcdefghijklm11" - +readonlyrest_kbn.store_sessions_in_index: true +# instance-specific settings +readonlyrest_kbn.cookiePass: 'kibana-01-cookie-pass-1234567890' +readonlyrest_kbn.sessions_index_name: ".ror-sessions-kibana-01" kibana.index: ".kibana-01" -#xpack.task_manager.index: ".task-manager-01" -#xpack.reporting.index: ".reporting-01" \ No newline at end of file + +# the same on both instances +xpack.reporting.encryptionKey: "kbn-ror-0x-reporting-encryption-key-1234567890" +xpack.encryptedSavedObjects.encryptionKey: "kbn-ror-0x-encrypted-saved-objects-encryption-key-1234567890" diff --git a/ror-demo-cluster/conf/kbn-02/free-ror-newplatform-kibana.yml b/ror-demo-cluster/conf/kbn-02/free-ror-newplatform-kibana.yml index 6b03726..9d66d86 100644 --- a/ror-demo-cluster/conf/kbn-02/free-ror-newplatform-kibana.yml +++ b/ror-demo-cluster/conf/kbn-02/free-ror-newplatform-kibana.yml @@ -12,11 +12,12 @@ server.ssl.key: /usr/share/kibana/config/kibana.key server.ssl.redirectHttpFromPort: 80 readonlyrest_kbn.logLevel: info -readonlyrest_kbn.cookiePass: '12312313123213123213123abcdefghijklm' - -xpack.reporting.encryptionKey: "12312313123213123213123abcdefghijklm11" -xpack.encryptedSavedObjects.encryptionKey: "12312313123213123213123abcdefghijklm11" - +readonlyrest_kbn.store_sessions_in_index: true +# instance-specific settings +readonlyrest_kbn.cookiePass: 'kibana-02-cookie-pass-1234567890' +readonlyrest_kbn.sessions_index_name: ".ror-sessions-kibana-02" kibana.index: ".kibana-02" -#xpack.task_manager.index: ".task-manager-02" -#xpack.reporting.index: ".reporting-02" \ No newline at end of file + +# the same on both instances +xpack.reporting.encryptionKey: "kbn-ror-0x-reporting-encryption-key-1234567890" +xpack.encryptedSavedObjects.encryptionKey: "kbn-ror-0x-encrypted-saved-objects-encryption-key-1234567890" From 960a8b2cbf57ac4d416ed080bc4850e8b56abec8 Mon Sep 17 00:00:00 2001 From: coutoPL Date: Fri, 16 Jan 2026 13:04:55 +0100 Subject: [PATCH 8/8] clean up --- .../conf/es/readonlyrest.yml | 11 +---------- .../conf/kbn/free-ror-newplatform-kibana.yml | 4 ---- 2 files changed, 1 insertion(+), 14 deletions(-) diff --git a/examples/ror-with-kibana-reverse-proxy-demo/conf/es/readonlyrest.yml b/examples/ror-with-kibana-reverse-proxy-demo/conf/es/readonlyrest.yml index 5c5432f..f52599b 100644 --- a/examples/ror-with-kibana-reverse-proxy-demo/conf/es/readonlyrest.yml +++ b/examples/ror-with-kibana-reverse-proxy-demo/conf/es/readonlyrest.yml @@ -10,16 +10,7 @@ readonlyrest: type: allow auth_key: kibana:kibana verbosity: error - - auth_key: user2:dev - verbosity: error - indices: [".kibana*",".reporting-*", ".ds-.kibana-*", ".kibana-reporting-*", "xxx-*", "kibana_sample_data_*"] - # uri_re: [ "^/_(?:alias|nodes|cat|cluster|ml|ilm|license|mapping|settings|sql|analyze|autoscaling|ccr|component_template|dangling|data_stream|flush| - # enrich|eql|ilm|ingest|index_template|migration|mtermvectors|processor|recovery|refresh|rank_eval|remote|rollup|script_context|script_language|scripts|se - # arch_shards|searcheable_snapshots|security|segments|shard_stores|slm|snapshot|ssl|stats|tasks|template|transform|validate|watcher|xpack)" ] - kibana: - access: rw - index: ".kibana-xxx" + - name: "Admins" groups: [Administrators] kibana: diff --git a/examples/ror-with-kibana-reverse-proxy-demo/conf/kbn/free-ror-newplatform-kibana.yml b/examples/ror-with-kibana-reverse-proxy-demo/conf/kbn/free-ror-newplatform-kibana.yml index 8707e71..b594eb7 100644 --- a/examples/ror-with-kibana-reverse-proxy-demo/conf/kbn/free-ror-newplatform-kibana.yml +++ b/examples/ror-with-kibana-reverse-proxy-demo/conf/kbn/free-ror-newplatform-kibana.yml @@ -15,9 +15,5 @@ server.ssl.certificate: /usr/share/kibana/config/kibana.crt server.ssl.key: /usr/share/kibana/config/kibana.key server.ssl.redirectHttpFromPort: 80 -xpack.reporting.encryptionKey: "19+230i1902i310293213i109312i31209302193219039120i3j23h31h3h213h123!" -xpack.encryptedSavedObjects.encryptionKey: "39+230i1902i310293213i109312i31209302193219039120i3j23h31h3h213h123!" -kibana.index: .kibana-xxx - readonlyrest_kbn.logLevel: info readonlyrest_kbn.cookiePass: '12312313123213123213123abcdefghijklm'