Elasticsearch built-in security features are not enabled. Without authentication, your cluster could be accessible to anyone. See https://www.elastic.co/guide/en/elasticsearch/reference/7.13/security-minimal-setup.html to enable security.
I cannot find any way of disabling this message. Is there an option on kibana.yml settings to disable that message warning ?
NOTE: obviously activating ElasticSearch security will fix it but I have the servers behind a VPN and two firewall layers so adding SSL/TLS is not necessary and it only will make it slow)
IMPORTANT: do NOT disable ElasticSearch security if you are not on a sandboxed secure context
HTTPS is slower than HTTP (the CPU suffers encrypting and decrypting all the time) ... the use of HTTPS is mandatory in the traditional ElasticSearch security recommendations (for example with user and password authentication) ... but with VPN (and other encryption and security options like IPSEC) the tradicional ElasticSearch is not required and even slower (if forced with HTTPS encryption on top of the already VPN encryption) ... thus my question -> how to disable the security warning of the traditional ElasticSearch message
Kibana security relies on Elasticsearch security which in turn requires TLS to be enabled within the cluster for multi-node clusters. The reason I asked about Kibana config was to ee if you had any setting requiring security to be enabled.
@csaltos In short, you can disable the warning message by explicitly turning off security, i.e. add the following in elasticsearch.yml:
xpack.security.enabled: false
Some more context
The warning is shown when the security is implicitly disabled, that is, there is no config for xpack.security.enabled in elasticsearch.yml, and your license is either basic or trial. This is new in 7.13. You can remove the warning by either enable or disable security explicitly. We'd recommend you to enable security since it gives you better protection. But in the meantime, you can choose to opt out explicilty. Again, we recommend enabling security since your data could be at risk without it. The new step-by-step guide should provide you a straightforward path. Thanks!
Great !! ... that does the trick !! ... thank you very much Yang and Christian and Mark for your help and support, a great community indeed ... now I just need to ensure the IPSec and the VPN works correctly for having all this actually secure for production.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.