How to enable "Management / Security" in Kibana; runs xpack.security.enabled=true in Elasticsearch (Basic license plan)

How to enable "Management / Security" in Kibana for Basic plan?

According to https://www.elastic.co/subscriptions Basic Plan support

Elasticsearch:

  • Role-based access control
  • File and native authentication

Kibana:

  • Role-based access control (including spaces)
  • File and native authentication

but looks like "xpack.security.enabled: true" on Elasticsearch is not working on Basic plan license.

[ERROR][o.e.x.m.c.c.StatsCollector] collector [ccr_stats] failed to collect data
elasticsearch_1 | org.elasticsearch.ElasticsearchSecurityException: current license is non-compliant for [ccr]

I use ELK versions 6.8.1

Does subscriptions documentation wrong or I mistake somewhere?

That error applies to cross cluster replication, which is not covered by the basic license. Can you share your configuration?

version: '2.2'

services:
    elasticsearch:
      image: elasticsearch:6.8.1
      volumes:
         - /mnt/data/elasticsearch:/usr/share/elasticsearch/data
         - /mnt/data/elasticsearch/plugins/6.8.1:/usr/share/elasticsearch/plugins
         - ${PWD}/certs/:/usr/share/elasticsearch/config/certificates/
      network_mode: bridge
      ports:
        - 9200:9200
        - 9300:9300
      restart: unless-stopped
      cpus: 1.8
      mem_limit: 6150m
      oom_kill_disable: true

.env

ES_JAVA_OPTS=-XX:+UseContainerSupport -Des.http.cname_in_publish_address=true -Xms3844m -Xmx3844m

cluster.name=elasticsearch-logs
node.name=elasticsearch-logs-01
bootstrap.memory_lock=true

discovery.type=single-node

xpack.monitoring.collection.enabled=true
xpack.monitoring.collection.interval=10s
xpack.monitoring.history.duration=7d

xpack.security.enabled=false

xpack.security.transport.ssl.enabled=true
xpack.security.transport.ssl.verification_mode=certificate
xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/certificates/ca.crt
xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/certificates/instance.key
xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/certificates/instance.crt

cluster.routing.allocation.disk.threshold_enabled=true
cluster.routing.allocation.disk.watermark.low=90%
cluster.routing.allocation.disk.watermark.high=95%
cluster.info.update.interval=90s
cluster.routing.allocation.balance.shard=0.35f
cluster.routing.allocation.balance.index=0.55f
cluster.routing.allocation.balance.threshold=1.5f
cluster.routing.allocation.cluster_concurrent_rebalance=6
cluster.routing.allocation.node_concurrent_recoveries=4
indices.recovery.max_bytes_per_sec=80mb
indices.requests.cache.size=2%
indices.queries.cache.size=10%
indices.memory.index_buffer_size=10%

@Christian_Dahlqvist but are you sure that xpack.security.enabled=true should work on basic plan license?

On 6.8 it should. I see nothing related to car there so am not sure why you are getting that error.

I delete everything and leave just

ES_JAVA_OPTS=-XX:+UseContainerSupport -Des.http.cname_in_publish_address=true -Xms3844m -Xmx3844m

cluster.name=elasticsearch-logs
node.name=elasticsearch-logs-01.stg02.pd.internal
bootstrap.memory_lock=true

discovery.type=single-node

xpack.security.enabled=true

container started, no ERRORS but Elasticseach not start working (just stucked)

logs

elasticsearch_1  | [2019-07-13T10:39:09,305][INFO ][o.e.d.DiscoveryModule    ] [elasticsearch-logs-01] using discovery type [single-node] and host providers [settings]
elasticsearch_1  | [2019-07-13T10:39:10,394][INFO ][o.e.n.Node               ] [elasticsearch-logs-01] initialized
elasticsearch_1  | [2019-07-13T10:39:10,394][INFO ][o.e.n.Node               ] [elasticsearch-logs-01] starting ...
elasticsearch_1  | [2019-07-13T10:39:10,580][INFO ][o.e.t.TransportService   ] [elasticsearch-logs-01] publish_address {172.17.0.4:9300}, bound_addresses {0.0.0.0:9300}
elasticsearch_1  | [2019-07-13T10:39:10,988][WARN ][o.e.b.BootstrapChecks    ] [elasticsearch-logs-01] Transport SSL must be enabled if security is enabled on a [basic] license. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]
elasticsearch_1  | [2019-07-13T10:39:11,037][INFO ][o.e.h.n.Netty4HttpServerTransport] [elasticsearch-logs-01] publish_address {172.17.0.4:9200}, bound_addresses {0.0.0.0:9200}
elasticsearch_1  | [2019-07-13T10:39:11,038][INFO ][o.e.n.Node               ] [elasticsearch-logs-01] started
elasticsearch_1  | [2019-07-13T10:39:19,497][INFO ][o.e.l.LicenseService     ] [elasticsearch-logs-01] license [e3f4d2cc-d853-479c-89e1-d0d5731e8030] mode [basic] - valid
elasticsearch_1  | [2019-07-13T10:39:19,510][INFO ][o.e.g.GatewayService     ] [elasticsearch-logs-01] recovered [384] indices into cluster_state
elasticsearch_1  | [2019-07-13T10:39:40,594][INFO ][o.e.m.j.JvmGcMonitorService] [elasticsearch-logs-01] [gc][30] overhead, spent [278ms] collecting in the last [1s]
elasticsearch_1  | [2019-07-13T10:40:01,767][INFO ][o.e.c.r.a.AllocationService] [elasticsearch-logs-01] Cluster health status changed from [RED] to [GREEN] (reason: [shards started [[XXX-2019.06.30][0]] ...]).

To use security you need to configure TLS which is what the warning message complains about.

xpack.security.enabled=true

xpack.security.transport.ssl.enabled=true
xpack.security.transport.ssl.verification_mode=certificate
xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/certificates/ca.crt
xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/certificates/instance.key
xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/certificates/instance.crt

the same :frowning:

started but stucked (no errors and warnings)

elasticsearch_1  | [2019-07-13T10:45:49,015][INFO ][o.e.n.Node               ] [elasticsearch-logs-01] starting ...
elasticsearch_1  | [2019-07-13T10:45:49,201][INFO ][o.e.t.TransportService   ] [elasticsearch-logs-01] publish_address {172.17.0.4:9300}, bound_addresses {0.0.0.0:9300}
elasticsearch_1  | [2019-07-13T10:45:49,623][INFO ][o.e.h.n.Netty4HttpServerTransport] [elasticsearch-logs-01] publish_address {172.17.0.4:9200}, bound_addresses {0.0.0.0:9200}
elasticsearch_1  | [2019-07-13T10:45:49,624][INFO ][o.e.n.Node               ] [elasticsearch-logs-01] started
elasticsearch_1  | [2019-07-13T10:45:58,895][INFO ][o.e.l.LicenseService     ] [elasticsearch-logs-01] license [e3f4d2cc-d853-479c-89e1-d0d5731e8030] mode [basic] - valid
elasticsearch_1  | [2019-07-13T10:45:58,905][INFO ][o.e.g.GatewayService     ] [elasticsearch-logs-01] recovered [384] indices into cluster_state
elasticsearch_1  | [2019-07-13T10:46:41,686][INFO ][o.e.c.r.a.AllocationService] [elasticsearch-logs-01] Cluster health status changed from [RED] to [GREEN] (reason: [shards started [[XXXX-2019.06.30][1], [XXXX-2019.06.30][0]] ...]).

resolved. It works with BASIC plan

steps I forgot to do:

  • run elasticsearch-setup-passwords and choose passwords
  • setup creds in Kibana .env for docker
    ELASTICSEARCH_USERNAME=kibana
    ELASTICSEARCH_PASSWORD=xxx
  • restart kibana
  • wait ~2 min for first run to open kibana web page (very slooow)

and after that "Management / Security" visible in Kibana :+1:
@Christian_Dahlqvist thnx a lot for help!