Elastic search security


On rest /api/security/v1/users

I'm getting :
{"statusCode":403,"error":"Forbidden","message":"Access is denied because Security is disabled in Elasticsearch."}

But i did everything according to security docs.

I have xpack.security.enabled: true and others.

How can i debug the root cause ?

Moreover - on url /_security/_authenticate?pretty

I'm getting more detailed info:
"Security must be explicitly enabled when using a trial license. Enable security by setting [xpack.security.enabled] to [true] in the elasticsearch.yml file and restart the node."

But i really have this option enabled ...

Hi @Piotr_Komisarski, Which version of the Elastic Stack are you using? I assume you've updated xpack.security.enabled in the elasticsearch.yml on each of your nodes, and performed a restart of each?


Yes - everything was restarted


org.elasticsearch.ElasticsearchException: Security must be explicitly enabled when using a trial license. Enable security by setting [xpack.security.enabled] to [true] in the elasticsearch.yml file and restart the node.
at org.elasticsearch.xpack.security.rest.action.SecurityBaseRestHandler.checkFeatureAvailable(SecurityBaseRestHandler.java:75) ~[?:?]
at org.elasticsearch.xpack.security.rest.action.SecurityBaseRestHandler.prepareRequest(SecurityBaseRestHandler.java:51) ~[?:?]
at org.elasticsearch.rest.BaseRestHandler.handleRequest(BaseRestHandler.java:92) [elasticsearch-7.0.1.jar:7.0.1]
at org.elasticsearch.xpack.security.rest.SecurityRestFilter.handleRequest(SecurityRestFilter.java:69) [x-pack-security-7.0.1.jar:7.0.1]
at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:240) [elasticsearch-7.0.1.jar:7.0.1]
at org.elasticsearch.rest.RestController.tryAllHandlers(RestController.java:337) [elasticsearch-7.0.1.jar:7.0.1]
at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:174) [elasticsearch-7.0.1.jar:7.0.1]

Hey @Piotr_Komisarski, that should be all that is required to enable security in Elasticsearch. If you try to curl http://localhost:9200 what do you get back?

"name" : "elk",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "lmBMkDs0TXq-V--NLYXEqA",
"version" : {
"number" : "7.0.1",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "e4efcb5",
"build_date" : "2019-04-29T12:56:03.145736Z",
"build_snapshot" : false,
"lucene_version" : "8.0.0",
"minimum_wire_compatibility_version" : "6.7.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
"tagline" : "You Know, for Search"

Not sure if this is relevant, but during startup i have this info in log:

[2019-06-06T23:35:39,630][INFO ][o.e.p.PluginsService ] [elk] loaded module [x-pack-security]

Please post your elasticsearch.yml here.
It looks like something is wrong there, but we won't be able to debug it by guessing.

RIght now the only uncommented line is:

xpack.security.enabled: true

Are you 100% sure that you're editing the correct file?
I've never seen this occur before, so it feels like the cause it likely to be enviromental.

Can you provide the output of:

curl 'http://localhost:9200/_xpack'


curl 'http://localhost:9200/_cluster/settings?include_defaults=true&pretty' | grep -A12 '"security"'


Sorry for this, but I was changing incorrect .yml file.

I'm using elk from docker image and there are 2 files:

  • /opt/elasticsearch/config/elasticsearch.yml
  • /etc/elasticsearch/elasticsearch.yml

But since we're here i have a question:
In some documentation there is a statement:

The elastic user is a superuser . We don't recommend using it for any purpose other than administering the system.

From this reason i have rather easy password for elastic. I want to expose kibana to the world so how can i disable elastic user from login to kibana ?

There is no way to do that.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.