Cautionary story about installing X-Pack


(Keeper Of The Keys) #1

This is a tale of a sysadmin who created a nice proof of concept ELK stack and as a next step wanted to test the alerting feature of X-Pack.

The innocent sysadmin downloaded and installed X-Pack as instructed and at first all seemed to be oh so nice, new fancy buttons had been added to Kibana, response seemed to be faster and a login dialog meaning that basic feature security was now available.

But then he noticed something nasty now that security was suddenly added to the system all the different systems trying to interact with Elasticsearch were locked out and he needed to start figuring out how to allow them access.

Grafana kept failing to authenticate even-though the user/pass created were correct.
Slurm did not have an option to set a user/pass.
Logstash also failed for reasons that still required further research.
And worst of worst elasticsearch lacked an option to disable this extra (and for now unwanted) feature!

Now his ELK stack hasn't been in working order for a while and instead of showing a nice POC he is writing this sad cautionary tale.

The more serious part of this post:
I am all for security and believe that it should be part of the opensource part of ELK, that said the fact that installing a paid package (or in this case trial) that is supposed to make my life easier caused my whole setup to blow up is in my eyes very negative.
Even-though I believe security is an important feature that should always be on the fact that Elastic has created an ecosystem that assumes no security means that I the sysadmin should have control over whether or not to enable the security features.
If it were part of the OSS part of ELK I would imagine that at least for the first release that it was it would have to be toggle-able and only later become mandatory.


(Josh Bressers) #2

Thank you for this feedback.

Firstly I'm sorry you had a negative experience with X-Pack security.

I am the product manager responsible for X-Pack security. I will incorporate this feedback into the future of security across the Elastic Stack. The initial user experience is very important to us.

I would be happy to have a conversation about your experiences and ideas, feel free to reply to this post or message me and we can set something up.

Thanks.


(Mark Walkom) #3

For future reference you can disable any part of the X-Pack subset.
Here's how you can do Security - https://www.elastic.co/guide/en/x-pack/current/security-settings.html#general-security-settings


(Keeper Of The Keys) #4

Thanks for the replies, in the mean time I have managed to get all things working with authentication.

I'd be more then happy to give some feedback.

My biggest complaint is that a package of multiple new features (definitely those that are potentially disruptive) should at the very least warn me and ideally leave the choice to me whether or not to turn on a feature.

Also the actual user management is a bit counter-intuitive at first, took me a while to realize that logstash_system was not a default user created that would allow logstash to write anything.


(Phil Jones) #5

I think I am having a similar issue with logstash after the installation of x-pack. how were you able to resolve it.

The only plugin i currently have enabled is security. and i appear to have kibana talking to elasticsearch but my logstash and winlogbeats are failing to authenticate.


(Tim Vernum) #6

I assume you have seen the documentation for configuring logstash and beats with X-Pack security?

If those docs don't solve your problem, you're better off opening a new thread to address your specific issues. We're happy to help if you can provide details of the problem (but lets take it to its own thread).


(Phil Jones) #7

Thank you Tim, but i got it straightened out .


(system) #8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.