After X-Pack license expiration

Hi,
Once the license expires this is what happens.
I am interested in this part.

# Commercial plugins operate with reduced functionality on license expiration:
# - security

What changes with respect to security. There was no elaboration on this part anywhere in documentation. Or if I have missed something can someone point me to the relevant documentation?

And how will kibana behave? Will is start up? Will I still be able to create user and roles etc?

I think this explains : https://www.elastic.co/guide/en/x-pack/current/license-expiration.html

This is the same link which I have put in my question. But security part which I have highlighted is rather cryptic. Anywhere I can find any elaboration?

Sorry. On a mobile and i didn't see your link.

It says:

Once the license expires, calls to the cluster health, cluster stats, and index stats APIs fail with a security_exception and return a 403 HTTP status code.

Is there anything unclear with this sentence?

Kibana did not start after I advanced the system date to simulate license expiry. That is more context to people who are new to this.

I knew Monitoring, Graph and Watcher will not work. What I was not clear was how Security will behave and hence the question. Documentation does mention this:
# - security
# - Cluster health, cluster stats and indices stats operations are blocked
# - All data operations (read and write) continue to work

This one
# - Cluster health, cluster stats and indices stats operations are blocked
led me to believe that at least Kibana would start up and I can still do user and role management. Cluster health, cluster stats and indices stats seemed unrelated to users and roles management. But apparently they are linked. A short mention of this in documentation will not hurt unless I missed something.

I will have to now set xpack.security.enabled: false in kibana.yml.

I hope I can still do user and role management using curl as per this link.

1 Like

If I remember correctly you will need to set xpack.security.enabled: false in elasticsearch.yml as well. Of course you will be running without any security at all. An alternative is to use nginx in front of Kibana and Elasticsearch and setup authentication as described here... https://www.elastic.co/blog/playing-http-tricks-nginx

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.