Last active
December 16, 2015 00:19
-
-
Save dav3860/5346821 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Apache config snippets : | |
| Alias /kibana3 /var/www/kibana3 | |
| # Elasticsearch API is behind /es/ | |
| RewriteEngine On | |
| RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS|DELETE) | |
| RewriteRule .* - [F] | |
| RewriteCond %{LA-U:REMOTE_USER} !^$ | |
| RewriteRule /es/(.*)logstash-([0-9]+.[0-9]+.[0-9]+)(.*) /es/$1%{LA-U:REMOTE_USER}-$2$3 [N] # Redirect all logstash-xx-xx-xx accesses to user aliases | |
| RewriteCond %{LA-U:REMOTE_USER} !^$ | |
| RewriteRule /es/(.*) http://127.0.0.1:9200/$1 [P,L] # proxy to local ES service | |
| RewriteLog "/var/log/httpd/rewrite.log" | |
| RewriteLogLevel 1 | |
| <Location /es/> | |
| AuthType Basic | |
| AuthBasicProvider ldap | |
| [...] | |
| </Location> | |
| <Directory /var/www/kibana3/> | |
| AuthType Basic | |
| AuthBasicProvider ldap | |
| [...] | |
| </Directory> | |
| Ugly script to create aliases : | |
| #!/usr/bin/perl | |
| =head1 NAME | |
| update_es_aliases - A script to update ElasticSearch user aliases on indices matching a specific pattern | |
| =head1 APPLICABLE SYSTEMS | |
| ElasticSearch | |
| =head1 CONFIGURATION | |
| $pattern : the index pattern to match, | |
| %userPerms: a hash listing user permissions on specific @types. "*" means no filter | |
| =cut | |
| use strict; | |
| use warnings; | |
| use ElasticSearch; | |
| my $pattern = "logstash"; | |
| # A hash listing user permissions on specific @types | |
| # "*" means no filter on alias | |
| my %userPerms = ( | |
| user1 => [ "syslog", "nginx" ], | |
| user2 => [ "*" ], | |
| user3 => [ "syslog" ] | |
| ); | |
| # we open a connection to ES | |
| my $es = ElasticSearch->new ( | |
| servers => 'localhost:9200', | |
| transport => 'http', | |
| max_requests => 10_000, | |
| trace_calls => 0, # or 'log_file' | |
| no_refresh => 0 | 1, | |
| ); | |
| my $result = $es->get_aliases(); | |
| # We loop through ES indices and users to update their aliases | |
| for my $i ( keys %$result ) { | |
| if ( $i =~ m/${pattern}\-.*/ ) { | |
| my $aliases = %$result->{$i}->{aliases}; | |
| # let's remove all aliases | |
| for my $j ( keys %$aliases ) { | |
| print "[${i}]: removing alias ${j}\n"; | |
| my $r = $es->aliases( actions => [ | |
| { remove => { index => $i, alias => "${j}" }} | |
| ]); | |
| } | |
| # now, we add the aliases | |
| for my $user ( keys %userPerms ) { | |
| my $alias = $i; | |
| $alias =~ s/${pattern}/${user}/; | |
| if ($userPerms{$user}[0] eq "*" ) { | |
| print "[${i}]: user ${user}, adding alias ${alias} with no filter\n"; | |
| my $r = $es->aliases( actions => [ | |
| { add => { | |
| index => $i, | |
| alias => "${alias}" | |
| }} | |
| ]); | |
| } else { | |
| print "[${i}]: user ${user}, adding alias ${alias} with a filter\n"; | |
| my $r = $es->aliases( actions => [ | |
| { add => { | |
| index => $i, | |
| alias => "${alias}", | |
| filterb => { | |
| '@type' => $userPerms{$user} | |
| } | |
| }} | |
| ]); | |
| } | |
| } | |
| } | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment