I have a multi-node Elasticsearch cluster with indices. I want to enable the TTL,RBAC security on it.
If I follow the steps given in the documentation, would that work?
As there are indices already on it, I want to know if any precaution I need to take while working through the steps to enable TTL, RBAC.
Just keep in mind that now, all your users have access to all the indices. When you enable security, the users that will be authenticating will not by default have access to any indices as you will need to create and assign them roles that give them the required access to indices ( This is what RBAC is ).
@ikakavas: Should I be generating .cert file from elastic-stack-ca.p12 (generated from elasticsearch-certutil ca - this would mean same .cert file across cluster) or the node specific .p12 files (.cert file for each node)?
You should be using the same CA for all your nodes in your cluster, so you should have one elastic-ca-cert.p12 file, and it should be enough that curl trusts this CA certificate.
I'm using should as you haven't shared anything with us about your setup, so all we can do is guess
@ikakavas: I have followed the default steps given in the documentation:
generated CA
generated multiple certificates using IP, moved them to other nodes and placed them on /etc/elasticsearch/certs directory. Given permissions.
added required configurations for TSL and HTTP in elasticsearch.yml file
Generated passwords for built-in users.
With elasticsearch-certutil ca, it generated elastic-stack-ca.p12 file and with elasticsearch-certutil cert, I generated multiple HOST_IP.p12 files for nodes which i moved in step 2 above.
As you have already said there should be one elastic-ca-cert.p12, I believe you are referring to the file generated by elasticsearch-certutil ca.
Correct me if I am wrong here.
I tried with elastic-stack-ca.p12 and it works for me.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.