Basic security without xpack

Is there an option to have login/password connectivity(tls is optional) to elasticsearch and authentication enabled on kibana without xpack installation?

Do you have any concern using the default distribution of elasticsearch which contains the basic license with this security feature you are looking for?

I use the following chart https://hub.helm.sh/charts/elastic/elasticsearch and tried to use the image:
docker.elastic.co/elasticsearch/elasticsearch:7.3.0 but xpack isn't enabled by default there and if I enable xpack, I have an issue described Elasticsearch with xpack.security.enabled throws Cluster is not yet ready
Can you please suggest which elasticsearch versions include xpack for basic license?

Here is how I'm setting that with docker compose ( docker-compose.yml):

---
version: '3'
services:

  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:$ELASTIC_VERSION
    environment:
      - bootstrap.memory_lock=true
      - discovery.type=single-node
      - cluster.name=elasticsearch
      - "ES_JAVA_OPTS=-Xms2g -Xmx2g"
      - cluster.routing.allocation.disk.threshold_enabled=false
      - ELASTIC_PASSWORD=$ELASTIC_PASSWORD
      - xpack.security.enabled=$ELASTIC_SECURITY
    ulimits:
      memlock:
        soft: -1
        hard: -1
    ports:
      - 9200:9200
      - 9300:9300
    networks: ['stack']

  kibana:
    image: docker.elastic.co/kibana/kibana:$ELASTIC_VERSION
    environment:
      - ELASTICSEARCH_USERNAME=elastic
      - ELASTICSEARCH_PASSWORD=$ELASTIC_PASSWORD
    ports: ['5601:5601']
    networks: ['stack']
    links: ['elasticsearch']
    depends_on: ['elasticsearch']

networks:
  stack: {}

.env file is:

ELASTIC_VERSION=7.2.0
ELASTIC_SECURITY=true
ELASTIC_PASSWORD=changeme

It has security enabled.

I used only these parameters in different section of helm chart with version 7.2.0:

   - name: ELASTIC_PASSWORD
     value: changeme
   - name: xpack.security.enabled
     value: "true"

Now I have an error:

 Readiness probe failed: Waiting for elasticsearch cluster to become cluster to be ready (request params: "wait_for_status=green&timeout=5s" )
Cluster is not yet ready (request params: "wait_for_status=green&timeout=5s" )

Even with this setting:
replicas: 1
minimumMasterNodes: 1
and
antiAffinity: "soft"

The fun thin is that I the problem is only with pods starting, when I do curl I receive response.

Do you have any idea how to get a cluster ready?

curl -u "elastic:changeme" -k "http://localhost:9200"

It seems adding - ELASTICSEARCH_USERNAME=elastic into elasticsearch env var helped :slight_smile:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.