Enabling authentication for a live cluster

stack-security
(Chris Blackwell) #1

We have a live cluster with platinum level license, but it's running with no authentication. I'd like to enable xpack security, and take advantage of the user/roles & spaces features of kibana to segment access.

Are there any docs setting out this processes, everything i've seen seems to be concerned with setting up a new cluster.

(Albert Zaharovits) #2

Hi Chris,

It is not possible to toggle authentication on a live ES cluster. Nodes need to be restarted for the authentication settings to be picked up. Specifically xpack.security.enabled: true cannot be configured dynamically because secured nodes cannot communicate with non-secured nodes. If you have xpack.security.enabled: true enabled, and you need to configure the authentication realms, then a full cluster restart can be avoided, by changing realm settings on one node at a time and then restarting it.

Let me know if you need more specific details.

(Chris Blackwell) #3

Hi Albert,

I understand that we would need a full cluster restart to apply the setting xpack.security.enabled: true. So some downtime for that would be ok.

I guess what i was hoping to get a better understanding of was what pitfalls we might encounter when migrating to an authenticated setup, and whether there was a correct (or best practice) order to approach such a migration.

(system) closed #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.