Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

not working on Open Distro for Elasticsearch #302

Open
metost opened this issue Feb 18, 2021 · 3 comments
Open

not working on Open Distro for Elasticsearch #302

metost opened this issue Feb 18, 2021 · 3 comments

Comments

@metost
Copy link

metost commented Feb 18, 2021

Hi,

I'm trying to configure the prometheus export on Open Distro for Elasticsearch v7.10.2 - https://opendistro.github.io/

in the logs of the init container it seems that the plugin is installed without any issues

 -> Installing https://github.com/vvanholl/elasticsearch-prometheus-exporter/releases/download/7.10.2.0/prometheus-exporter-7.10.2.0.zip
 -> Downloading https://github.com/vvanholl/elasticsearch-prometheus-exporter/releases/download/7.10.2.0/prometheus-exporter-7.10.2.0.zip
 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 @     WARNING: plugin requires additional permissions     @
 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 * java.lang.RuntimePermission accessClassInPackage.sun.misc
 * java.lang.RuntimePermission accessDeclaredMembers
 * java.lang.reflect.ReflectPermission suppressAccessChecks
 See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
 for descriptions of what these permissions allow and the associated risks.
 -> Installed prometheus-exporter
 stream closed

but when I try to open the metrics endpoint I'm getting this

curl -k -u user:pass 'https://localhost:9200/_prometheus/metrics'
{"error":"Incorrect HTTP method for uri [/_prometheus/metrics] and method [GET], allowed: [POST]","status":405}

Any idea why it's not working? Have someone tested it with "Open Distro for Elasticsearch"?
Thanks in advance!
@metost
Copy link
Author

metost commented Feb 23, 2021

UPDATE:
It seems that there is a security plugin enabled by default in Open Distro for Elasticsearch.
After whitelisting the _prometheus/metrics url with

config:
  enabled: false
  requests:
    /_cluster/settings:
      - GET
      - PUT
    /_cat/nodes:
      - GET
    /_cat/shards:
      - GET
    /_prometheus/metrics:
      - GET

now I'm getting this error:

curl -k -u user:pass 'https://localhost:9200/_prometheus/metrics'
{"error":{"root_cause":[{"type":"security_exception","reason":"Unexpected exception indices:monitor/stats"}],"type":"exception","reason":"Indices stats request failed","caused_by":{"type":"security_exception","reason":"Unexpected exception indices:monitor/stats"}},"status":500}

Any ideas? Thanks!

@trexx
Copy link

trexx commented Feb 25, 2021

@metost
That error is caused by a bug in Opendistro Security introduced in version 1.13.0.0 for Elasticsearch 7.10.2.
A pull request containing the fix was made here: https://github.com/opendistro-for-elasticsearch/security/pull/1048

You can pull in that change manually in to your installation, or downgrade until a new release is available.

@metost
Copy link
Author

metost commented Feb 25, 2021

@trexx
Thanks a lot! I'll wait for the next release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@trexx @metost