Getting started with XPack features in basic licesne

Vivek_Vardhan · September 19, 2019, 11:47am

Hello Team

I am using docker image of elasticsearch mentioned in https://www.elastic.co/guide/en/elasticsearch/reference/6.6/docker.html

As mentioned in the above, These images are free to use under the Elastic license. They contain open source and free commercial features

And the Subscription link says, the basic version of elasticsearch has basic security like - Role-based access control, File and native authentication

So, I started my application with "xpack.security.enabled" as true, and none of the other feature / settings. Now, I am not able to access my cluster, which says Missing authentication token for REST request [/_cluster/health]

Now, what should I do so that I can set up the access to my cluster and add users using
https://www.elastic.co/guide/en/elasticsearch/reference/6.6/security-api.html#security-user-apis

these APIs? What default roles was generated, and how should I use these default roles to use these APIs. I am not able to find a single concrete article, which starts from enabling xpack and go till adding user and checking access via API.

I do not want to go to individual nodes and add users

As I understand, these APIs are available under Basic license. (Correct me if I am wrong), if I am wrong, I would like to know what can be done with Basic License to add basic security. Any complete documentation will help.

Thanks

skydancer · September 19, 2019, 4:05pm

Have you seen this:

https://www.elastic.co/guide/en/elasticsearch/reference/6.6/setup-passwords.html

?

Vivek_Vardhan · September 20, 2019, 7:31am

@skydancer Tried it, but it is failing. My ES cluster is hosted in K8S, and I can access only via Ingress

I am accessing this with http and "xpack.security.http.ssl.enabled" is set to false.

bin/elasticsearch-setup-passwords auto -u http://xx.xx.xx.xx (Ingress external IP)

and elasticsearch is installed locally, trying to change password in external hosted ES

Exception in thread "main" ElasticsearchParseException[Failed to parse content to map]; nested: JsonParseException[Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null')
 at [Source: java.io.StringReader@22875539; line: 1, column: 2]];
	at org.elasticsearch.common.xcontent.XContentHelper.convertToMap(XContentHelper.java:131)
	at org.elasticsearch.xpack.security.authc.esnative.tool.HttpResponse$HttpResponseBuilder.withResponseBody(HttpResponse.java:55)
	at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$SetupCommand.responseBuilder(SetupPasswordTool.java:538)
	at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$SetupCommand.lambda$checkElasticKeystorePasswordValid$1(SetupPasswordTool.java:300)
	at org.elasticsearch.xpack.security.authc.esnative.tool.CommandLineHttpClient.execute(CommandLineHttpClient.java:126)
	at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$SetupCommand.checkElasticKeystorePasswordValid(SetupPasswordTool.java:299)
	at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$AutoSetup.execute(SetupPasswordTool.java:129)
	at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
	at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:77)
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
	at org.elasticsearch.cli.Command.main(Command.java:90)
	at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool.main(SetupPasswordTool.java:107)
Caused by: com.fasterxml.jackson.core.JsonParseException: Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null')
 at [Source: java.io.StringReader@22875539; line: 1, column: 2]
	at com.fasterxml.jackson.core.JsonParser._constructError(JsonParser.java:1702)
	at com.fasterxml.jackson.core.base.ParserMinimalBase._reportError(ParserMinimalBase.java:558)
	at com.fasterxml.jackson.core.base.ParserMinimalBase._reportUnexpectedChar(ParserMinimalBase.java:456)
	at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._handleOddValue(ReaderBasedJsonParser.java:1906)
	at com.fasterxml.jackson.core.json.ReaderBasedJsonParser.nextToken(ReaderBasedJsonParser.java:749)
	at org.elasticsearch.common.xcontent.json.JsonXContentParser.nextToken(JsonXContentParser.java:52)
	at org.elasticsearch.common.xcontent.support.AbstractXContentParser.readMap(AbstractXContentParser.java:336)
	at org.elasticsearch.common.xcontent.support.AbstractXContentParser.readMap(AbstractXContentParser.java:309)
	at org.elasticsearch.common.xcontent.support.AbstractXContentParser.map(AbstractXContentParser.java:264)
	at org.elasticsearch.common.xcontent.XContentHelper.convertToMap(XContentHelper.java:129)
	... 12 more

dadoonet · September 20, 2019, 7:36am

You need to use at least 6.8 I think.

system · October 18, 2019, 7:42am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Basic security without xpack Elasticsearch	6	3651	October 4, 2019
X-pack basic Elasticsearch	15	4857	January 12, 2018
Native authentication with Basic License Elasticsearch	12	4085	September 17, 2019
Need help configuring xpack with elasticsearch on own deploy to GKE Elasticsearch	6	539	April 25, 2019
Can I use role based authentication for free? Elasticsearch license	14	2468	July 4, 2019

Getting started with XPack features in basic licesne

Related topics