We have a live cluster with platinum level license, but it's running with no authentication. I'd like to enable xpack security, and take advantage of the user/roles & spaces features of kibana to segment access.
Are there any docs setting out this processes, everything i've seen seems to be concerned with setting up a new cluster.
Hi Chris,
It is not possible to toggle authentication on a live ES cluster. Nodes need to be restarted for the authentication settings to be picked up. Specifically xpack.security.enabled: true cannot be configured dynamically because secured nodes cannot communicate with non-secured nodes. If you have xpack.security.enabled: true enabled, and you need to configure the authentication realms, then a full cluster restart can be avoided, by changing realm settings on one node at a time and then restarting it.
Let me know if you need more specific details.
Hi Albert,
I understand that we would need a full cluster restart to apply the setting xpack.security.enabled: true. So some downtime for that would be ok.
I guess what i was hoping to get a better understanding of was what pitfalls we might encounter when migrating to an authenticated setup, and whether there was a correct (or best practice) order to approach such a migration.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.