Enabled xpack.security.authc.api_key.enabled=true but _security/api_key still not working

Elastic Stack Elasticsearch
1

Hello, I stared a ES Cluster with xpack.security.authc.api_key.enabled=true, If I check node settings inform that is enabled

    "security" : {
                "authc" : {
                  "api_key" : {
                    "enabled" : "true"
                  }
                },

But, I I try to get or create an API key, with:

POST /_security/api_key
{
  "name": "my-api-key",
  "expiration": "1d", 
  "role_descriptors": { 
    "role-a": {
      "cluster": ["all"],
      "index": [
        {
          "names": ["replica*"],
          "privileges": ["read"]
        }
      ]
    }
  }
}

I got

{
  "error" : {
    "root_cause" : [
      {
        "type" : "invalid_index_name_exception",
        "reason" : "Invalid index name [_security], must not start with '_', '-', or '+'",
        "index_uuid" : "_na_",
        "index" : "_security"
      }
    ],
    "type" : "invalid_index_name_exception",
    "reason" : "Invalid index name [_security], must not start with '_', '-', or '+'",
    "index_uuid" : "_na_",
    "index" : "_security"
  },
  "status" : 400
}

Should I do something else?

2

The solution is right there in the error message you get

"Incorrect HTTP method.. [GET], allowed: [POST]"

You need to make an HTTP POST request and you are making an HTTP GET instead. The docs might also be helpful to you

3

Thanks @ikakavas I just fixed the info

4

What version of the stack are you using and what other configuration parameters do you pass ( to I presume your docker run command ) ?

You'd need at least also xpack.security.enabled=true

5

I am using 7.11.0, in three boxes I am running a composer like this:

version: "3"
services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.11.0
    container_name: es01
    hostname: es01
    environment:
      - node.name=es01
      - node.master=true
      - node.data=true
      - network.publish_host=172.28.198.53
      - network.host=_local_,_site_
      - transport.port=9300
      - transport.tcp.keep_alive=true
      - cluster.name=es-cluster
      - cluster.initial_master_nodes=es01,es02,es03,es04
      - discovery.seed_hosts=127.0.0.1,172.28.198.54,172.28.198.56,172.28.198.57
      - discovery.zen.minimum_master_nodes=2
      - xpack.monitoring.collection.enabled=true
      - xpack.security.enabled=true
      - xpack.security.transport.ssl.enabled=false
      - xpack.security.authc.api_key.enabled=true
      - cluster.routing.allocation.enable=all
      - path.repo=/nfs/ELK/backups
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - node.attr.size=medium
      - ELASTIC_PASSWORD=changeme
    ports:
      - "9200:9200"
      - "9300:9300"
    volumes:
      - "/var/log/elasticsearch-data/data:/usr/share/elasticsearch/data"
      - "/var/log/elasticsearch-data/config:/usr/share/elasticsearch/config"
      - "/var/log/elasticsearch-data/logs:/usr/share/elasticsearch/logs"
      - "/var/log/elasticsearch-data/plugins:/usr/share/elasticsearch/plugins"
      - "/nfs/ELK/backups:/nfs/ELK/backups"
    expose:
      - "9200"
      - "9300"
    network_mode: bridge

I have xpack.security.enabled=true already, just I did configure ssl yet

6

In a weird mode, If I check the settings of the node with:

curl -s -XGET "http://172.28.198.53:9200/_nodes/settings" | jq ".nodes | .[] | .settings | .xpack"  > t.json

Appears the auth.api_key and transport.ssl as I configured, but not the security.enabled=true

{
  "monitoring": {
    "collection": {
      "enabled": "true"
    }
  },
  "security": {
    "authc": {
      "api_key": {
        "enabled": "true"
      }
    },
    "enabled": "false",
    "transport": {
      "ssl": {
        "enabled": "false"
      }
    }
  }
}
7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.