Elastic Search 6.3.1: xpack security feature for basic license

Hi,

I have installed ES 6.3.1 version and set below relevant properties in elasticsearch.yml during configuration
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.enabled: true

  • /_xpack/license returns below response

<{
"license" : {
"status" : "active",
"uid" : "c51de05d-beb0-4336-a48d-6854ae25ff80",
"type" : "basic",
"issue_date" : "2020-01-02T16:29:17.774Z",
"issue_date_in_millis" : 1577982557774,
"max_nodes" : 1000,
"issued_to" : "EIGL_TST_ELASTIC_CLUSTER",
"issuer" : "elasticsearch",
"start_date_in_millis" : -1
}
}/>

  • And GET /_xpack/security/_authenticate?pretty returns below response:
    <{
    "error" : {
    "root_cause" : [
    {
    "type" : "security_exception",
    "reason" : "current license is non-compliant for [security]",
    "license.expired.feature" : "security"
    }
    ],
    "type" : "security_exception",
    "reason" : "current license is non-compliant for [security]",
    "license.expired.feature" : "security"
    },
    "status" : 403
    }/>

  • Interestingly ssl properties enabled in yml file is working fine which matches to free security for basic license as given in https://www.elastic.co/subscriptions

  • However "Role-based access control" fails when running the command elasticsearch-setup-passwords interactive with error "It doesn't look like the X-Pack security feature is available on this Elasticsearch node".

Before this setup we had a chat with ElasticSearch Proffessional service as well where we received confirmation that x-pack security features mentioned in above subscription url is also applicable to 6.3.1 version as well. However, it seems to be running partially, where ssl encryption is allowed on transport and http level but user setup/role management is not available.

Could you pls let me know if there is something I am missing or if there is a fix to this issue?

Thanks and Regards,
Nikesh Gupta

It's free from 6.8 and up :slight_smile:

Thanks for the response Mark. Actually I had the same impression before I got confused after checking on the same with ElasticSearch Professional Service.
But I wonder why I am able to configure https endpoints for ES as I mentioned below security are configured fine?
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.enabled: true

Under what plan we get xpack "Role-based access control (Command command elasticsearch-setup-passwords interactive)" for version 6.3 as it shows basic in current subscription plan.

What happens if we set it Trial to configure the user setup and then chnage it back to Basic? Any help on this direction is really appreciated.

Regards,
Nikesh Gupta

I am not sure what professional you are talking about, were they from Elastic?

Otherwise you need to update to 6.8 for free Security, otherwise you need a subscription.

Thanks Mark. We need to use specific version 6.3.1. Which subscription will be needed for Role-based access control security?

Either Gold or Platinum. You can also use our Elasticsearch Service which includes this.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.