Elasticsearch Cluster , Xpack security and User management

security

(Rijin) #1

Hi All ,

I want to clarify the xpack security management in en elasticsearch cluster .

I have experience in 1 elasticsearch and xpack installation and enabling security.

I am created an elasticsearch cluster with 3 master node and 2 data node . Its working well .

Now I am going to enable xpack in each machine . and creating users

(./bin/elasticsearch-setup-passwords interactive)

My question is ... what is the proper method

  1. Creating users in all elasticsearch nodes with different password.

    ex: elasticsearch: password1 , elasticsearch:password2... elasticsearch:password3

  2. Creating users in all elasticsearch nodes with same password.
    ex: elasticsearch: password1 , elasticsearch:password1... elasticsearch:password1

Next doubt :

Which node is sutable for kibana connection . Master node 1,2,3 or Data node 1,2

If I have 1 xpack key .. where i need to install the key ? Master node 1,2,3 or Data node 1,2


(Rijin) #2

As per the below link , i think I have to create same users and passwords in each elasticsearch nodes.


(Albert Zaharovits) #3

Hi @rijinmp,

The link you shared says

You don't run setup-passwords on each node individually, you run it once for the whole cluster.

what makes you

i think I have to create same users and passwords in each elasticsearch nodes.

?

No each node, but once per cluster. Same for the license, once per cluster.
Point kibana to the data nodes, the whole idea of having dedicated master nodes is
to relieve them from query processing.

HTH,
Albert


(Rijin) #4

Thank you @Albert_Zaharovits.

If I am creating elasticsearch user only once in a 5 node cluster , at which machine i have to run this command "./bin/elasticsearch-setup-passwords interactive"


(Albert Zaharovits) #5

@rijinmp any node in the cluster. I will open a docs PR to make that clear.


(system) #6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.