kibana3_auth icon indicating copy to clipboard operation
kibana3_auth copied to clipboard

Published 20 hours ago verified publisher icon christian-marie

ES5.X API changes break ESProxy

Open german23 opened this issue 6 years ago • 2 comments

Hey,

first off i know you no longer support this project. But maybe others encountered this problem too.

We run the auth_module with ES 2.4 so far and it works fine. As we try to upgrade to ES5.X we run into this problem:

[23/Jul/2018 13:50:05] "GET /_nodes HTTP/1.1" 200 ["2733"] 0.0082
[2018-07-23 13:50:05] ERROR Rack::Lint::LintError: Content-Length header was 2733, but should be 18947
        /var/lib/gems/2.3.0/gems/rack-1.5.2/lib/rack/lint.rb:20:in `assert'
        /var/lib/gems/2.3.0/gems/rack-1.5.2/lib/rack/lint.rb:631:in `verify_content_length'
        /var/lib/gems/2.3.0/gems/rack-1.5.2/lib/rack/lint.rb:655:in `each'
        /var/lib/gems/2.3.0/gems/rack-1.5.2/lib/rack/body_proxy.rb:31:in `each'
        /var/lib/gems/2.3.0/gems/rack-1.5.2/lib/rack/handler/webrick.rb:72:in `service'
        /usr/lib/ruby/2.3.0/webrick/httpserver.rb:140:in `service'
        /usr/lib/ruby/2.3.0/webrick/httpserver.rb:96:in `run'
        /usr/lib/ruby/2.3.0/webrick/server.rb:296:in `block in start_thread'

The problems seems to be the change of the _nodes API in ES5.X.

Old _nodes response:

{
  "cluster_name": "clustername",
  "nodes": {
    "y1F7B0edRxiW5Bzoiwr0kw": {
      "name": "node1",
      "transport_address": "192.168.55.5:9307",
      "host": "192.168.55.5",
      "ip": "192.168.55.5",
      "version": "2.4.0",
      "build": "ce9f0c7",
      "http_address": "192.168.55.5:9207",
      "attributes": {
        "tag": "node1",
        "master": "false"
      },

New ES5.X response:

{
  "_nodes": {
    "total": 3,
    "successful": 3,
    "failed": 0
  },
  "cluster_name": "clustername",
  "nodes": {
    "QCDpwJg1RDW8Dkf7Bu95VA": {
      "name": "node1",
      "transport_address": "192.168.55.5:9300",
      "host": "192.168.55.5",
      "ip": "192.168.55.5",
      "version": "5.6.10",
      "build_hash": "b727a60",
      "total_indexing_buffer": 308700774,
      "roles": [
        "master",
        "ingest"
      ],

I think the auth_module just uses the 1st new part (with the amount of nodes) and thus the content-length check fails.

I dont expect a solution, but maybe some hints at which files i should look. I try to find a solution myself than and make a fork.

Thank you very much.

german23 avatar Jul 24 '18 09:07 german23

It amuses me that this is still in use somewhere. I doubt this would work on 5.x anyway? Isn't auth in the newest release? I didn't think I messed with the HTTP headers so it's likely an invalid HTTP request? I'd dump at TCP layer and look at the messages in wireshark.

christian-marie avatar Jul 26 '18 05:07 christian-marie

Thank you for your response.

You are right, authentication/authorization is support out-of-the-box with Kibana5/6. However this all is behind a pay-wall with the X-Pack Subscription so it is not practical. Also Kibana 3 is just much better than all of the newer Kibana releases ;)

I´ll have a look at the network layer and see what i can find out.

german23 avatar Aug 01 '18 05:08 german23