I had xpack security working on a six node cluster using a trial of v6. But now I find the documentation is unclear on how to configure the non xpack security. I used this blog as a guide but it got me no where. Is there any other clear examples I can reference?
There is an online training available: https://training.elastic.co/elearning/elastic-stack-management/fundamentals-of-securing-elasticsearch-launch-promo
It's free before May 31st. May be do that?
Otherwise I think you need to exactly describe what you did and what is failing. Also share logs, config would help.
Thanks David. I registered for the elearning offer. I have done many steps but here is a basic question. To use the free security features, do I set the following to true or false in elasticsearch.yml?
xpack.security.enabled: true
You set it to true. Security is configured exactky the same way as before as it is only the licence level required that has changed.
The confusion here seems to stem from a misunderstanding of terminology.
There is no "non xpack security" in our packages, there is just "Security" which is a part of X-Pack, and for which we have recently moved some features from being paid to being free.
X-Pack refers to all the features that we offer that are under our Elastic license rather than the (OSS) Apache License.
Some of those features are free, and some require a paid license, but they are all "X-Pack".
Thanks Tom for clarifying. I should be ok from here, but I would recommend some ppl validate the blog details in my original post for correctness as following it as a guide and adjusting the steps to my environment resulted in a fail.
Can you tell us what failed?
Everything in that blog post was tested as it was written, and it all looks fine to me. It may be that there is someting unusual about your environment that requires special steps, but without knowing what problems you ran into, it's hard to know what we could change.
My log file is too long to post... but isn't true that inter-communication on same server doesn't use external encrypted channels? If true, I'm wondering how the blog example demonstrates as an example of encryption. I mean won't it always work?
No, that isn't true.
Two nodes on the same server will communicate via TCP/IP. The Operating System should optimise that case and not actually send anything over the physical network, but we will still do full TLS handshaking and encryption on that channel.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.