Getting started with XPack features in basic licesne

Vivek_Vardhan · September 19, 2019, 11:47am

Hello Team

I am using docker image of elasticsearch mentioned in https://www.elastic.co/guide/en/elasticsearch/reference/6.6/docker.html

As mentioned in the above, These images are free to use under the Elastic license. They contain open source and free commercial features

And the Subscription link says, the basic version of elasticsearch has basic security like - Role-based access control, File and native authentication

So, I started my application with "xpack.security.enabled" as true, and none of the other feature / settings. Now, I am not able to access my cluster, which says Missing authentication token for REST request [/_cluster/health]

Now, what should I do so that I can set up the access to my cluster and add users using
https://www.elastic.co/guide/en/elasticsearch/reference/6.6/security-api.html#security-user-apis

these APIs? What default roles was generated, and how should I use these default roles to use these APIs. I am not able to find a single concrete article, which starts from enabling xpack and go till adding user and checking access via API.

I do not want to go to individual nodes and add users

As I understand, these APIs are available under Basic license. (Correct me if I am wrong), if I am wrong, I would like to know what can be done with Basic License to add basic security. Any complete documentation will help.

Thanks

skydancer · September 19, 2019, 4:05pm

Have you seen this:

https://www.elastic.co/guide/en/elasticsearch/reference/6.6/setup-passwords.html

?

Vivek_Vardhan · September 20, 2019, 7:31am

@skydancer Tried it, but it is failing. My ES cluster is hosted in K8S, and I can access only via Ingress

I am accessing this with http and "xpack.security.http.ssl.enabled" is set to false.

bin/elasticsearch-setup-passwords auto -u http://xx.xx.xx.xx (Ingress external IP)

and elasticsearch is installed locally, trying to change password in external hosted ES

Exception in thread "main" ElasticsearchParseException[Failed to parse content to map]; nested: JsonParseException[Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null')
 at [Source: java.io.StringReader@22875539; line: 1, column: 2]];
	at org.elasticsearch.common.xcontent.XContentHelper.convertToMap(XContentHelper.java:131)
	at org.elasticsearch.xpack.security.authc.esnative.tool.HttpResponse$HttpResponseBuilder.withResponseBody(HttpResponse.java:55)
	at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$SetupCommand.responseBuilder(SetupPasswordTool.java:538)
	at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$SetupCommand.lambda$checkElasticKeystorePasswordValid$1(SetupPasswordTool.java:300)
	at org.elasticsearch.xpack.security.authc.esnative.tool.CommandLineHttpClient.execute(CommandLineHttpClient.java:126)
	at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$SetupCommand.checkElasticKeystorePasswordValid(SetupPasswordTool.java:299)
	at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$AutoSetup.execute(SetupPasswordTool.java:129)
	at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
	at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:77)
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
	at org.elasticsearch.cli.Command.main(Command.java:90)
	at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool.main(SetupPasswordTool.java:107)
Caused by: com.fasterxml.jackson.core.JsonParseException: Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null')
 at [Source: java.io.StringReader@22875539; line: 1, column: 2]
	at com.fasterxml.jackson.core.JsonParser._constructError(JsonParser.java:1702)
	at com.fasterxml.jackson.core.base.ParserMinimalBase._reportError(ParserMinimalBase.java:558)
	at com.fasterxml.jackson.core.base.ParserMinimalBase._reportUnexpectedChar(ParserMinimalBase.java:456)
	at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._handleOddValue(ReaderBasedJsonParser.java:1906)
	at com.fasterxml.jackson.core.json.ReaderBasedJsonParser.nextToken(ReaderBasedJsonParser.java:749)
	at org.elasticsearch.common.xcontent.json.JsonXContentParser.nextToken(JsonXContentParser.java:52)
	at org.elasticsearch.common.xcontent.support.AbstractXContentParser.readMap(AbstractXContentParser.java:336)
	at org.elasticsearch.common.xcontent.support.AbstractXContentParser.readMap(AbstractXContentParser.java:309)
	at org.elasticsearch.common.xcontent.support.AbstractXContentParser.map(AbstractXContentParser.java:264)
	at org.elasticsearch.common.xcontent.XContentHelper.convertToMap(XContentHelper.java:129)
	... 12 more

dadoonet · September 20, 2019, 7:36am

You need to use at least 6.8 I think.

system · October 18, 2019, 7:42am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.