Basic security without xpack

O_K · September 6, 2019, 5:52am

Is there an option to have login/password connectivity(tls is optional) to elasticsearch and authentication enabled on kibana without xpack installation?

dadoonet · September 6, 2019, 6:05am

Do you have any concern using the default distribution of elasticsearch which contains the basic license with this security feature you are looking for?

O_K · September 6, 2019, 6:51am

I use the following chart https://hub.helm.sh/charts/elastic/elasticsearch and tried to use the image:
docker.elastic.co/elasticsearch/elasticsearch:7.3.0 but xpack isn't enabled by default there and if I enable xpack, I have an issue described Elasticsearch with xpack.security.enabled throws Cluster is not yet ready
Can you please suggest which elasticsearch versions include xpack for basic license?

dadoonet · September 6, 2019, 7:04am

Here is how I'm setting that with docker compose ( docker-compose.yml):

---
version: '3'
services:

  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:$ELASTIC_VERSION
    environment:
      - bootstrap.memory_lock=true
      - discovery.type=single-node
      - cluster.name=elasticsearch
      - "ES_JAVA_OPTS=-Xms2g -Xmx2g"
      - cluster.routing.allocation.disk.threshold_enabled=false
      - ELASTIC_PASSWORD=$ELASTIC_PASSWORD
      - xpack.security.enabled=$ELASTIC_SECURITY
    ulimits:
      memlock:
        soft: -1
        hard: -1
    ports:
      - 9200:9200
      - 9300:9300
    networks: ['stack']

  kibana:
    image: docker.elastic.co/kibana/kibana:$ELASTIC_VERSION
    environment:
      - ELASTICSEARCH_USERNAME=elastic
      - ELASTICSEARCH_PASSWORD=$ELASTIC_PASSWORD
    ports: ['5601:5601']
    networks: ['stack']
    links: ['elasticsearch']
    depends_on: ['elasticsearch']

networks:
  stack: {}

.env file is:

ELASTIC_VERSION=7.2.0
ELASTIC_SECURITY=true
ELASTIC_PASSWORD=changeme

It has security enabled.

O_K · September 6, 2019, 10:56am

I used only these parameters in different section of helm chart with version 7.2.0:

   - name: ELASTIC_PASSWORD
     value: changeme
   - name: xpack.security.enabled
     value: "true"

Now I have an error:

 Readiness probe failed: Waiting for elasticsearch cluster to become cluster to be ready (request params: "wait_for_status=green&timeout=5s" )
Cluster is not yet ready (request params: "wait_for_status=green&timeout=5s" )

Even with this setting:
replicas: 1
minimumMasterNodes: 1
and
antiAffinity: "soft"

The fun thin is that I the problem is only with pods starting, when I do curl I receive response.

Do you have any idea how to get a cluster ready?

curl -u "elastic:changeme" -k "http://localhost:9200"

O_K · September 6, 2019, 12:40pm

It seems adding - ELASTICSEARCH_USERNAME=elastic into elasticsearch env var helped

system · October 4, 2019, 12:40pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.