Enable xpack autentication on live clusters

Got two live 6.8 clusters both with basic license and no TLS in communication on which I've like to enable authentication. Currently using nginx proxy basic auth on kibana.
Got multiple data shippers (beats and logstashes) and kibana instances running (one with tribe node to search across both clusters).

Wondering howto best (least downtime for data shippers) to convert this to run with enabled xpack security and authenticate initially with 'elastic local' users and later maybe with ldap/M$ DC authentication when every thing is working.

Only found this

Anu hints appreciated, TIA!

Hello @stefws,

If I understand correctly, you want to only enable basic user authentication. What I can advise you to do is to configure all your nodes, and add somme crontable rul to restart them all at the same time <give 1 or 2 minutes of advance to elasticsearch>.

do some test before to be sure that your configuration is ok :slight_smile:


@mbelaloui Ok so think I now got both clusters running with xpack security + transport over TLS and have set the default users passwords interactively.

Though I could use logstash_system user to shipper data from logstash, but maybe only to index patterns logstash-*? I'm sending to other indicies as well, anyway the superuser elastic seems to work for now.

Where might I find info on the standard users privilliges/roles?

Hi @stefws,

This would be a good starting point to understand built-in roles and privileges: https://www.elastic.co/guide/en/elastic-stack-overview/6.8/authorization.html

Yogesh Gaikwad

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.