PaulMess
(Paul Messina)
March 10, 2021, 3:24pm
1
Hello, I stared a ES Cluster with xpack.security.authc.api_key.enabled=true, If I check node settings inform that is enabled
"security" : {
"authc" : {
"api_key" : {
"enabled" : "true"
}
},
But, I I try to get or create an API key, with:
POST /_security/api_key
{
"name": "my-api-key",
"expiration": "1d",
"role_descriptors": {
"role-a": {
"cluster": ["all"],
"index": [
{
"names": ["replica*"],
"privileges": ["read"]
}
]
}
}
}
I got
{
"error" : {
"root_cause" : [
{
"type" : "invalid_index_name_exception",
"reason" : "Invalid index name [_security], must not start with '_', '-', or '+'",
"index_uuid" : "_na_",
"index" : "_security"
}
],
"type" : "invalid_index_name_exception",
"reason" : "Invalid index name [_security], must not start with '_', '-', or '+'",
"index_uuid" : "_na_",
"index" : "_security"
},
"status" : 400
}
Should I do something else?
ikakavas
(Ioannis Kakavas)
March 10, 2021, 3:30pm
2
The solution is right there in the error message you get
"Incorrect HTTP method.. [GET], allowed: [POST]"
You need to make an HTTP POST request and you are making an HTTP GET instead. The docs might also be helpful to you
PaulMess
(Paul Messina)
March 10, 2021, 3:35pm
3
Thanks @ikakavas I just fixed the info
ikakavas
(Ioannis Kakavas)
March 10, 2021, 6:16pm
4
What version of the stack are you using and what other configuration parameters do you pass ( to I presume your docker run command ) ?
You'd need at least also xpack.security.enabled=true
PaulMess
(Paul Messina)
March 11, 2021, 12:14pm
5
I am using 7.11.0, in three boxes I am running a composer like this:
version: "3"
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.11.0
container_name: es01
hostname: es01
environment:
- node.name=es01
- node.master=true
- node.data=true
- network.publish_host=172.28.198.53
- network.host=_local_,_site_
- transport.port=9300
- transport.tcp.keep_alive=true
- cluster.name=es-cluster
- cluster.initial_master_nodes=es01,es02,es03,es04
- discovery.seed_hosts=127.0.0.1,172.28.198.54,172.28.198.56,172.28.198.57
- discovery.zen.minimum_master_nodes=2
- xpack.monitoring.collection.enabled=true
- xpack.security.enabled=true
- xpack.security.transport.ssl.enabled=false
- xpack.security.authc.api_key.enabled=true
- cluster.routing.allocation.enable=all
- path.repo=/nfs/ELK/backups
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- node.attr.size=medium
- ELASTIC_PASSWORD=changeme
ports:
- "9200:9200"
- "9300:9300"
volumes:
- "/var/log/elasticsearch-data/data:/usr/share/elasticsearch/data"
- "/var/log/elasticsearch-data/config:/usr/share/elasticsearch/config"
- "/var/log/elasticsearch-data/logs:/usr/share/elasticsearch/logs"
- "/var/log/elasticsearch-data/plugins:/usr/share/elasticsearch/plugins"
- "/nfs/ELK/backups:/nfs/ELK/backups"
expose:
- "9200"
- "9300"
network_mode: bridge
I have xpack.security.enabled=true already, just I did configure ssl yet
PaulMess
(Paul Messina)
March 11, 2021, 12:30pm
6
In a weird mode, If I check the settings of the node with:
curl -s -XGET "http://172.28.198.53:9200/_nodes/settings" | jq ".nodes | .[] | .settings | .xpack" > t.json
Appears the auth.api_key and transport.ssl as I configured, but not the security.enabled=true
{
"monitoring": {
"collection": {
"enabled": "true"
}
},
"security": {
"authc": {
"api_key": {
"enabled": "true"
}
},
"enabled": "false",
"transport": {
"ssl": {
"enabled": "false"
}
}
}
}
system
(system)
Closed
April 8, 2021, 12:31pm
7
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.