Install X-pack plugin failed

Hello,

I’m trying to install the xpack plugin to siren-inverstigate. But I Get the following error.
The x-pack feature is required because our elasticsearch also uses x-pack authentication.

fredericq@tasu2121:~/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_6                                                                        4/siren-investigate$ bin/investigate-plugin install x-pack
DeprecationWarning: os.tmpDir() is deprecated. Use os.tmpdir() instead.
Attempting to transfer from x-pack
Attempting to transfer from https://artifacts.elastic.co/downloads/kibana-plugin                                                                        s/x-pack/x-pack-5.6.10.zip
Transferring 119659011 bytes....................
Transfer complete
Retrieving metadata from plugin archive
Extracting plugin archive
Extraction complete
Optimizing and caching browser bundles...
Plugin installation was unsuccessful due to error "Optimizations failure.
   5520 modules

    ERROR in ./plugins/x-pack/plugins/ml/public/jobs/new_job/simple/multi_metric/index.js
    Module not found: Error: Can't resolve './create_job' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/plugins/x-pack/plugins/ml/public/jobs/new_job/simple/multi_metric'

    ERROR in ./plugins/x-pack/plugins/ml/public/jobs/new_job/simple/single_metric/index.js
    Module not found: Error: Can't resolve './create_job' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/plugins/x-pack/plugins/ml/public/jobs/new_job/simple/single_metric'

    ERROR in ./plugins/x-pack/plugins/ml/public/jobs/new_job/advanced/index.js
    Module not found: Error: Can't resolve './data_description' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/plugins/x-pack/plugins/ml/public/jobs/new_job/advanced'

    ERROR in ./plugins/x-pack/plugins/ml/public/jobs/index.js
    Module not found: Error: Can't resolve './jobs_list' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/plugins/x-pack/plugins/ml/public/jobs'

    ERROR in ./plugins/x-pack/plugins/ml/public/jobs/new_job/advanced/index.js
    Module not found: Error: Can't resolve './save_status_modal' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/plugins/x-pack/plugins/ml/public/jobs/new_job/advanced'

    ERROR in ./plugins/x-pack/plugins/ml/webpackShims/lodash.js
    Module not found: Error: Can't resolve 'node_modules/lodash/index.js' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/plugins/x-pack/plugins/ml/webpackShims'

    ERROR in ./plugins/x-pack/plugins/ml/webpackShims/moment.js
    Module not found: Error: Can't resolve 'node_modules/moment/min/moment.min.js' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/plugins/x-pack/plugins/ml/webpackShims'

    ERROR in ./plugins/x-pack/plugins/ml/public/app.js
    Module not found: Error: Can't resolve 'plugins/ml/components/confirm_modal' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/plugins/x-pack/plugins/ml/public'

    ERROR in ./plugins/x-pack/plugins/ml/public/app.js
    Module not found: Error: Can't resolve 'plugins/ml/components/json_tooltip' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/plugins/x-pack/plugins/ml/public'

    ERROR in ./plugins/x-pack/plugins/ml/public/app.js
    Module not found: Error: Can't resolve 'plugins/ml/components/messagebar' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/plugins/x-pack/plugins/ml/public'

    ERROR in ./plugins/x-pack/plugins/ml/public/app.js
    Module not found: Error: Can't resolve 'plugins/ml/components/nav_menu' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/plugins/x-pack/plugins/ml/public'

    ERROR in ./plugins/x-pack/plugins/ml/public/app.js
    Module not found: Error: Can't resolve 'plugins/ml/components/pretty_duration' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/plugins/x-pack/plugins/ml/public'

    ERROR in ./plugins/x-pack/plugins/ml/public/app.js
    Module not found: Error: Can't resolve 'plugins/ml/explorer' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/plugins/x-pack/plugins/ml/public'

    ERROR in ./plugins/x-pack/plugins/ml/public/jobs/new_job/advanced/detectors_list_directive.js
    Module not found: Error: Can't resolve 'plugins/ml/jobs/new_job/advanced/detector_filter_modal' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/plugins/x-pack/plugins/ml/public/jobs/new_job/advanced'

    ERROR in ./plugins/x-pack/plugins/ml/public/jobs/new_job/advanced/detectors_list_directive.js
    Module not found: Error: Can't resolve 'plugins/ml/jobs/new_job/advanced/detector_modal' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/plugins/x-pack/plugins/ml/public/jobs/new_job/advanced'

    ERROR in ./plugins/x-pack/plugins/ml/public/app.js
    Module not found: Error: Can't resolve 'plugins/ml/timeseriesexplorer' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/plugins/x-pack/plugins/ml/public'

    ERROR in ./plugins/x-pack/plugins/monitoring/public/monitoring.js
    Module not found: Error: Can't resolve 'plugins/monitoring/less/main' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/plugins/x-pack/plugins/monitoring/public'

    ERROR in ./plugins/x-pack/plugins/reporting/public/controls/discover.js
    Module not found: Error: Can't resolve 'plugins/reporting/directives/export_config' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/plugins/x-pack/plugins/reporting/public/controls'

    ERROR in ./plugins/x-pack/plugins/reporting/public/controls/visualize.js
    Module not found: Error: Can't resolve 'plugins/reporting/directives/export_config' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/plugins/x-pack/plugins/reporting/public/controls'

    ERROR in ./plugins/x-pack/plugins/reporting/public/controls/dashboard.js
    Module not found: Error: Can't resolve 'plugins/reporting/directives/export_config' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/plugins/x-pack/plugins/reporting/public/controls'

    ERROR in ./optimize/bundles/kibana.entry.js
    Module not found: Error: Can't resolve 'plugins/reporting/views/management' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/optimize/bundles'

    ERROR in ./optimize/bundles/login.entry.js
    Module not found: Error: Can't resolve 'plugins/security/views/login' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/optimize/bundles'

    ERROR in ./optimize/bundles/logout.entry.js
    Module not found: Error: Can't resolve 'plugins/security/views/logout' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/optimize/bundles'

    ERROR in ./optimize/bundles/kibana.entry.js
    Module not found: Error: Can't resolve 'plugins/security/views/management' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/optimize/bundles'

    ERROR in ./optimize/bundles/graph.entry.js
    Module not found: Error: Can't resolve 'plugins/security/views/nav_control' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/optimize/bundles'

    ERROR in ./optimize/bundles/monitoring.entry.js
    Module not found: Error: Can't resolve 'plugins/security/views/nav_control' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/optimize/bundles'

    ERROR in ./optimize/bundles/kibana.entry.js
    Module not found: Error: Can't resolve 'plugins/security/views/nav_control' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/optimize/bundles'

    ERROR in ./optimize/bundles/stateSessionStorageRedirect.entry.js
    Module not found: Error: Can't resolve 'plugins/security/views/nav_control' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/optimize/bundles'

    ERROR in ./optimize/bundles/timelion.entry.js
    Module not found: Error: Can't resolve 'plugins/security/views/nav_control' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/optimize/bundles'

    ERROR in ./optimize/bundles/login.entry.js
    Module not found: Error: Can't resolve 'plugins/security/views/nav_control' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/optimize/bundles'

    ERROR in ./optimize/bundles/logout.entry.js
    Module not found: Error: Can't resolve 'plugins/security/views/nav_control' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/optimize/bundles'

    ERROR in ./optimize/bundles/status_page.entry.js
    Module not found: Error: Can't resolve 'plugins/security/views/nav_control' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/optimize/bundles'

    ERROR in ./optimize/bundles/ml.entry.js
    Module not found: Error: Can't resolve 'plugins/security/views/nav_control' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/optimize/bundles'

    ERROR in ./plugins/x-pack/plugins/upgrade/public/sections/upgrade/index.js
    Module not found: Error: Can't resolve 'plugins/upgrade/styles/main' in '/home/fredericq/siren/siren-platform-no-data-no-security-10.3.2-linux-x86_64/siren-investigate/plugins/x-pack/plugins/upgrade/public/sections/upgrade'

Hi,

Have you followed the x-pack instructions in our documentation ?
https://docs.support.siren.io/10.3.3/platform/en/siren-investigate/authentication-and-access-control/search-guard-integration-and-siren-investigate-access-control.html#UUID-7dae4ade-cac5-3c9e-d203-cb1df0a4a11b

Hi,
Thank you. Maybe it’s a good idea to also put a reference to that page here https://docs.support.siren.io/10.3.3/platform/en/siren-investigate/setting-up-siren-investigate/installing-siren-investigate.html

It only gave me a reference to the kibana x-pack setup. And your link is not that easy to find.

Now I get the logon screen but I have the following error when I try to login with a user that is available in elasticsearch with the right roles. I’m using elasticsearch version 6.8.2
(see last line in code)

Detected jdbc_enabled: [false]
  log   [10:28:58.911] [info][status][plugin:kibana@10.3.3] Status changed from uninitialized to green - Ready
  log   [10:28:58.918] [info][status][plugin:clientside_compression@10.3.3] Status changed from uninitialized to green - Ready
  log   [10:28:59.165] [info][Investigate] Federate Compatibility Matrix:
╔══════════════════╤══════════════════╗
║ Support Level    │ Federate Version ║
╟──────────────────┼──────────────────╢
║ Minimum          │ 5.6.10-10.1.1    ║
╟──────────────────┼──────────────────╢
║ Feature Complete │ 6.8.0-10.3.0     ║
╟──────────────────┼──────────────────╢
║ Target           │ 6.8.2-10.3.3     ║
╚══════════════════╧══════════════════╝
  log   [10:28:59.170] [info][status][plugin:elasticsearch@10.3.3] Status changed from uninitialized to yellow - Waiting for Elasticsearch
  log   [10:28:59.713] [info][status][plugin:elasticsearch@10.3.3] Status changed from yellow to green - Siren Investigate index ready
  log   [10:28:59.716] [info][status][plugin:federate_resolver@10.3.3] Status changed from uninitialized to yellow - Initializing.
  log   [10:28:59.734] [info][status][plugin:federate_resolver@10.3.3] Status changed from yellow to green - Initialized.
  log   [10:28:59.744] [info][status][plugin:siren_federate@10.3.3] Status changed from uninitialized to yellow - Checking for Siren Federate Elasticsearch plugin.
  log   [10:28:59.846] [info][status][plugin:siren_federate@10.3.3] Status changed from yellow to green - Siren Federate plugin is found.
  log   [10:28:59.861] [info][status][plugin:investigate_core@10.3.3] Status changed from uninitialized to green - Ready
  log   [10:28:59.914] [info][status][plugin:saved_objects_api@10.3.3] Status changed from uninitialized to green - Ready
  log   [10:28:59.918] [info][status][plugin:query_engine@10.3.3] Status changed from uninitialized to yellow - Initialising the query engine
  log   [10:29:00.081] [info][query_engine] Found Siren Investigate index: [.siren]
  log   [10:29:00.083] [info][query_engine] Loading templates
  log   [10:29:00.135] [info][query_engine] { message: 'QueryEngine initialized successfully.' }
  log   [10:29:00.142] [info][status][plugin:query_engine@10.3.3] Status changed from yellow to green - Query engine initialized
  log   [10:29:00.149] [info][status][plugin:migrations@10.3.3] Status changed from uninitialized to yellow - Checking for out of date objects.
  log   [10:29:02.093] [info][migrations] Detected document format version 6 based on existing config object
  log   [10:29:02.563] [info][status][plugin:migrations@10.3.3] Status changed from yellow to green - All objects are up to date.
  log   [10:29:02.586] [info][status][plugin:graph_browser_vis@10.3.3] Status changed from uninitialized to yellow - Initializing
  log   [10:29:02.679] [info][status][plugin:ingest@10.3.3] Status changed from uninitialized to green - Ready
  log   [10:29:02.680] [info][graph_browser] Loading scripts
  log   [10:29:02.685] [info][status][plugin:investigate_access_control@10.3.3] Status changed from uninitialized to yellow - Initialising access control.
  log   [10:29:02.916] [info][status][plugin:investigate_access_control@10.3.3] Status changed from yellow to yellow - Initialising authentication strategies.
  log   [10:29:03.586] [info][status][plugin:investigate_access_control@10.3.3] Status changed from yellow to yellow - Initialising authentication backends.
  log   [10:29:05.296] [info][status][plugin:investigate_access_control@10.3.3] Status changed from yellow to yellow - Initialising access control index.
  log   [10:29:05.346] [info][Siren Alert][init] initializing ...
  log   [10:29:05.444] [info][Siren Alert][init] Chrome bin found at: C:\ELK_SIREN\siren-platform-no-data-no-security-10.3.3-windows-x86_64\siren-investigate\siren_plugins\sentinl\node_modules\puppeteer\.local-chromium\linux-650583\chrome-linux\chrome
  log   [10:29:05.531] [info][Siren Alert][init_indices] checking .siren index ...
  log   [10:29:05.591] [info][status][plugin:sentinl@10.3.3] Status changed from uninitialized to green - Ready
  log   [10:29:05.648] [info][status][plugin:investigate_access_control@10.3.3] Status changed from yellow to green - Access control initialised.
  log   [10:29:05.721] [info][status][plugin:siren_export@10.3.3] Status changed from uninitialized to green - Ready
  log   [10:29:05.728] [info][status][plugin:gremlin_server@10.3.3] Status changed from uninitialized to yellow - Waiting for the Siren Gremlin Server to start up.
  log   [10:29:05.731] [info][gremlin] Starting the Siren Gremlin Server gremlin_server plugin
  log   [10:29:05.765] [info][status][plugin:image_proxy@10.3.3] Status changed from uninitialized to green - Ready
  log   [10:29:05.773] [info][status][plugin:jdbc_api@10.3.3] Status changed from uninitialized to green - Ready
  log   [10:29:05.797] [info][Siren Alert][init_indices] checking watcher_alarms-2019.11.29 index ...
  log   [10:29:05.846] [info][status][plugin:siren_session@10.3.3] Status changed from uninitialized to green - Ready
  log   [10:29:05.878] [info][status][plugin:console@10.3.3] Status changed from uninitialized to green - Ready
  log   [10:29:05.918] [info][status][plugin:metrics@10.3.3] Status changed from uninitialized to green - Ready
  log   [10:29:06.336] [info][status][plugin:timelion@10.3.3] Status changed from uninitialized to green - Ready
  log   [10:29:06.376] [info][Siren Alert][load_watcher_templates] Loading watcher templates
  log   [10:29:06.433] [info][listening] Server running at http://localhost:5606
  log   [10:29:06.443] [info][status][ui settings] Status changed from uninitialized to green - Ready
  log   [10:29:06.932] [info][Siren Alert][init] Loaded sample scripts
  log   [10:29:07.876] [info][gremlin] Starting the Siren Gremlin Server
  log   [10:29:11.396] [info][gremlin stdout stream] 2019-11-29 11:29:11,392 main WARN Unable to instantiate org.fusesource.jansi.WindowsAnsiOutputStream
  log   [10:29:11.588] [info][gremlin stdout stream] INFO  [main] - s.s.Application: Starting Application v10.3.3 on 5CG9121DRD with PID 1992 (C:\ELK_SIREN\siren-platform-no-data-no-security-10.3.3-windows-x86_64\siren-investigate\gremlin_server\gremlin-server.jar started by stuerfr in C:\ELK_SIREN\siren-platform-no-data-no-security-10.3.3-windows-x86_64\siren-investigate)
  log   [10:29:11.592] [info][gremlin stdout stream] INFO  [main] - s.s.Application: No active profile set, falling back to default profiles: default
  log   [10:29:14.435] [info][gremlin stdout stream] INFO  [main] - o.a.c.c.StandardService: Starting service [Tomcat]
  log   [10:29:14.438] [info][gremlin stdout stream] INFO  [main] - o.a.c.c.StandardEngine: Starting Servlet Engine: Apache Tomcat/8.5.27
  log   [10:29:14.628] [info][gremlin stdout stream] INFO  [localhost-startStop-1] - o.a.c.c.C.[.[.[/]: Initializing Spring embedded WebApplicationContext
  log   [10:29:15.533] [info][gremlin stdout stream] INFO  [main] - s.s.ApplicationConfig: initializing the gremlin server on the '.siren' index
  log   [10:29:19.027] [info][gremlin stdout stream] INFO  [main] - s.s.u.e.c.KibiClientFactory: Creating the Elasticsearch 6 server REST client...
  log   [10:29:19.893] [info][gremlin stdout stream] INFO  [main] - s.s.u.e.c.KibiClientFactory: Creating the Elasticsearch 6 user REST client...
  log   [10:29:22.241] [info][gremlin stdout stream] INFO  [main] - s.s.Application: Started Application in 11.5 seconds (JVM running for 14.322)
  log   [10:29:23.025] [info][gremlin stdout stream] INFO  [http-nio-127.0.0.1-8061-exec-1] - o.a.c.c.C.[.[.[/]: Initializing Spring FrameworkServlet 'dispatcherServlet'
  log   [10:29:23.063] [info][status][plugin:graph_browser_vis@10.3.3] Status changed from yellow to green - Initialized
  log   [10:29:23.197] [info][gremlin] The Siren gremlin server started successfully at http://127.0.0.1:8061
  log   [10:29:23.200] [info][status][plugin:gremlin_server@10.3.3] Status changed from yellow to green - Siren Gremlin Server is up and running.
  log   [10:29:36.659] [error][investigate_access_control] An error occurred while authenticating credentials. Bad Request :: {"path":"_xpack/security/_authenticate","query":{},"statusCode":400,"response":"400 Bad Request"}
  log   [10:29:48.421] [error][investigate_access_control] An error occurred while authenticating credentials. Bad Request :: {"path":"_xpack/security/_authenticate","query":{},"statusCode":400,"response":"400 Bad Request"}

This is my setup

# Kibi default configuration
investigate_core:
  load_jdbc: false
  datasource_encryption_algorithm: 'AES-GCM'
  datasource_encryption_key: 'iSxvZRYisyUW33FreTBSyJJ34KpEquWznUPDvn+ka14='
  datasource_cache_size: 501
  
  elasticsearch:
    auth_plugin: xpack
    


  # Gremlin server configuration
  gremlin_server:
    # change the scheme to https after enabling SSL for Gremlin
    url: http://127.0.0.1:8061
    path: gremlin_server/gremlin-server.jar
    # log_conf_path: gremlin_server/gremlin-server-log.properties


investigate_access_control:
  enabled: true
  backend: xpack
  acl:
    enabled: true
  cookie:
    secure: true
    password: '12345678123456781234567812345678'
    
  #admin_role: investigate_admin

# Sentinl configuration
sentinl:
  app_name: 'Siren Alert'

Hello Frederiq,
could you verify with the following configuration? Cookie is set to secure: false as Investigate is not running with https enabled and elasticsearch.auth_plugin: xpack is removed.

If you still get a bad request error, could you check if there is any additional information in the Elasticsearch node logs?

elasticsearch:
  username: "sirenserver"
  password: "password"
  url: "http://localhost:9200"

investigate_core:
  load_jdbc: false
  datasource_encryption_algorithm: 'AES-GCM'
  datasource_encryption_key: 'iSxvZRYisyUW33FreTBSyJJ34KpEquWznUPDvn+ka14='
  datasource_cache_size: 501

  # Gremlin server configuration
  gremlin_server:
    # change the scheme to https after enabling SSL for Gremlin
    url: http://127.0.0.1:8061
    path: gremlin_server/gremlin-server.jar
    # log_conf_path: gremlin_server/gremlin-server-log.properties

investigate_access_control:
  enabled: true
  backend: xpack
  acl:
    enabled: true
  cookie:
    secure: false
    password: '12345678123456781234567812345678'

# Sentinl configuration
sentinl:
  app_name: 'Siren Alert'

Below a script with the roles created for testing for reference:

#!/bin/bash
USERNAME=elastic
PASSWORD=changeme
HOST=http://localhost:9200
FLAGS=

curl $FLAGS -XPUT -u $USERNAME:$PASSWORD $HOST/_xpack/security/role/investigate_system -H "Content-Type: application/json" -d '{
    "cluster": [
      "cluster:internal/federate/*",
      "cluster:admin/federate/*",
      "cluster:monitor/*",
      "manage_index_templates"
    ],
    "indices": [
      {
        "names": [
          "/\\.siren.*/"
        ],
        "privileges": [
          "all"
        ]
      },
      {
        "names": [
          "watcher",
          "/watcher_alarms.*/"
        ],
        "privileges": [
          "all"
        ]
      },
      {
        "names": [
          "*"
        ],
        "privileges": [
          "indices:data/read*",
          "indices:admin/template/get",
          "indices:admin/aliases/get",
          "indices:admin/aliases/exists",
          "indices:admin/get",
          "indices:admin/exists",
          "indices:admin/mappings/fields/get*",
          "indices:admin/mappings/get*",
          "indices:admin/mappings/federate/connector/get*",
          "indices:admin/mappings/federate/connector/fields/get*",
          "indices:admin/types/exists",
          "indices:admin/validate/query",
          "indices:monitor/settings/get"
        ]
      }
    ]
  }
}'

curl $FLAGS -XPUT -u $USERNAME:$PASSWORD $HOST/_xpack/security/role/investigate_user -H "Content-Type: application/json" -d '{
  "cluster": [
    "cluster:internal/federate/*"
  ],
  "indices": [
    {
      "names": [
        "data-*", "db-*"
      ],
      "privileges": [
        "indices:data/read*",
        "indices:admin/aliases/get",
        "indices:admin/aliases/exists",
        "indices:admin/get",
        "indices:admin/exists",
        "indices:admin/mappings/fields/get*",
        "indices:admin/mappings/get*",
        "indices:admin/mappings/federate/connector/get*",
        "indices:admin/mappings/federate/connector/fields/get*",
        "indices:admin/types/exists",
        "indices:admin/validate/query",
        "indices:monitor/settings/get",
        "indices:admin/template/get"
      ]
    }
  ]
}'

curl $FLAGS -XPUT -u $USERNAME:$PASSWORD $HOST/_xpack/security/role/investigate_admin -H "Content-Type: application/json" -d '{
  "cluster": [
    "cluster:internal/federate/*",
    "cluster:admin/federate/*",
    "cluster:monitor/*",
    "cluster:admin/xpack/security/*"
  ],
  "indices": [
    {
      "names": [
        "*"
      ],
      "privileges": [
        "indices:monitor/*",
        "indices:admin/*",
        "indices:data/read*"
      ]
    }
  ]
}'

curl $FLAGS -XPUT -u $USERNAME:$PASSWORD $HOST/_xpack/security/user/sirenserver -H "Content-Type: application/json" -d '{
  "password" : "password",
  "full_name": "Server",
  "roles": [ "investigate_system" ]
}'

curl $FLAGS -XPUT -u $USERNAME:$PASSWORD $HOST/_xpack/security/user/sirenadmin -H "Content-Type: application/json" -d '{
  "password" : "password",
  "full_name": "Admin",
  "roles": [ "investigate_admin" ]
}'

curl $FLAGS -XPUT -u $USERNAME:$PASSWORD $HOST/_xpack/security/user/sirenuser -H "Content-Type: application/json" -d '{
  "password" : "password",
  "full_name": "User",
  "roles": [ "investigate_user" ]
}'