Basic security without xpack

O_K · September 6, 2019, 5:52am

Is there an option to have login/password connectivity(tls is optional) to elasticsearch and authentication enabled on kibana without xpack installation?

dadoonet · September 6, 2019, 6:05am

Do you have any concern using the default distribution of elasticsearch which contains the basic license with this security feature you are looking for?

O_K · September 6, 2019, 6:51am

I use the following chart https://hub.helm.sh/charts/elastic/elasticsearch and tried to use the image:
docker.elastic.co/elasticsearch/elasticsearch:7.3.0 but xpack isn't enabled by default there and if I enable xpack, I have an issue described Elasticsearch with xpack.security.enabled throws Cluster is not yet ready
Can you please suggest which elasticsearch versions include xpack for basic license?

dadoonet · September 6, 2019, 7:04am

Here is how I'm setting that with docker compose ( docker-compose.yml):

---
version: '3'
services:

  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:$ELASTIC_VERSION
    environment:
      - bootstrap.memory_lock=true
      - discovery.type=single-node
      - cluster.name=elasticsearch
      - "ES_JAVA_OPTS=-Xms2g -Xmx2g"
      - cluster.routing.allocation.disk.threshold_enabled=false
      - ELASTIC_PASSWORD=$ELASTIC_PASSWORD
      - xpack.security.enabled=$ELASTIC_SECURITY
    ulimits:
      memlock:
        soft: -1
        hard: -1
    ports:
      - 9200:9200
      - 9300:9300
    networks: ['stack']

  kibana:
    image: docker.elastic.co/kibana/kibana:$ELASTIC_VERSION
    environment:
      - ELASTICSEARCH_USERNAME=elastic
      - ELASTICSEARCH_PASSWORD=$ELASTIC_PASSWORD
    ports: ['5601:5601']
    networks: ['stack']
    links: ['elasticsearch']
    depends_on: ['elasticsearch']

networks:
  stack: {}

.env file is:

ELASTIC_VERSION=7.2.0
ELASTIC_SECURITY=true
ELASTIC_PASSWORD=changeme

It has security enabled.

O_K · September 6, 2019, 10:56am

I used only these parameters in different section of helm chart with version 7.2.0:

   - name: ELASTIC_PASSWORD
     value: changeme
   - name: xpack.security.enabled
     value: "true"

Now I have an error:

 Readiness probe failed: Waiting for elasticsearch cluster to become cluster to be ready (request params: "wait_for_status=green&timeout=5s" )
Cluster is not yet ready (request params: "wait_for_status=green&timeout=5s" )

Even with this setting:
replicas: 1
minimumMasterNodes: 1
and
antiAffinity: "soft"

The fun thin is that I the problem is only with pods starting, when I do curl I receive response.

Do you have any idea how to get a cluster ready?

curl -u "elastic:changeme" -k "http://localhost:9200"

O_K · September 6, 2019, 12:40pm

It seems adding - ELASTICSEARCH_USERNAME=elastic into elasticsearch env var helped

system · October 4, 2019, 12:40pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Getting started with XPack features in basic licesne Elasticsearch license , docker	4	704	October 18, 2019
Authentication for kibana, unknown setting xpack.security.enabled Elasticsearch elastic-stack-security , docker	6	2881	December 4, 2020
How to access Kibana with x-pack security disabled? Kibana elastic-stack-security , docker	7	6135	July 28, 2022
Enable xpack.security but not password authentication Elasticsearch elastic-stack-security	3	1102	August 22, 2023
Xpack setting up security Elasticsearch elastic-stack-security	2	660	January 11, 2019

Basic security without xpack

Related Topics