How to enable "Management / Security" in Kibana; runs xpack.security.enabled=true in Elasticsearch (Basic license plan)

How to enable "Management / Security" in Kibana for Basic plan?

According to https://www.elastic.co/subscriptions Basic Plan support

Elasticsearch:

  • Role-based access control
  • File and native authentication

Kibana:

  • Role-based access control (including spaces)
  • File and native authentication

but looks like "xpack.security.enabled: true" on Elasticsearch is not working on Basic plan license.

[ERROR][o.e.x.m.c.c.StatsCollector] collector [ccr_stats] failed to collect data
elasticsearch_1 | org.elasticsearch.ElasticsearchSecurityException: current license is non-compliant for [ccr]

I use ELK versions 6.8.1

Does subscriptions documentation wrong or I mistake somewhere?

That error applies to cross cluster replication, which is not covered by the basic license. Can you share your configuration?

version: '2.2'

services:
    elasticsearch:
      image: elasticsearch:6.8.1
      volumes:
         - /mnt/data/elasticsearch:/usr/share/elasticsearch/data
         - /mnt/data/elasticsearch/plugins/6.8.1:/usr/share/elasticsearch/plugins
         - ${PWD}/certs/:/usr/share/elasticsearch/config/certificates/
      network_mode: bridge
      ports:
        - 9200:9200
        - 9300:9300
      restart: unless-stopped
      cpus: 1.8
      mem_limit: 6150m
      oom_kill_disable: true

.env

ES_JAVA_OPTS=-XX:+UseContainerSupport -Des.http.cname_in_publish_address=true -Xms3844m -Xmx3844m

cluster.name=elasticsearch-logs
node.name=elasticsearch-logs-01
bootstrap.memory_lock=true

discovery.type=single-node

xpack.monitoring.collection.enabled=true
xpack.monitoring.collection.interval=10s
xpack.monitoring.history.duration=7d

xpack.security.enabled=false

xpack.security.transport.ssl.enabled=true
xpack.security.transport.ssl.verification_mode=certificate
xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/certificates/ca.crt
xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/certificates/instance.key
xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/certificates/instance.crt

cluster.routing.allocation.disk.threshold_enabled=true
cluster.routing.allocation.disk.watermark.low=90%
cluster.routing.allocation.disk.watermark.high=95%
cluster.info.update.interval=90s
cluster.routing.allocation.balance.shard=0.35f
cluster.routing.allocation.balance.index=0.55f
cluster.routing.allocation.balance.threshold=1.5f
cluster.routing.allocation.cluster_concurrent_rebalance=6
cluster.routing.allocation.node_concurrent_recoveries=4
indices.recovery.max_bytes_per_sec=80mb
indices.requests.cache.size=2%
indices.queries.cache.size=10%
indices.memory.index_buffer_size=10%

@Christian_Dahlqvist but are you sure that xpack.security.enabled=true should work on basic plan license?

On 6.8 it should. I see nothing related to car there so am not sure why you are getting that error.

I delete everything and leave just

ES_JAVA_OPTS=-XX:+UseContainerSupport -Des.http.cname_in_publish_address=true -Xms3844m -Xmx3844m

cluster.name=elasticsearch-logs
node.name=elasticsearch-logs-01.stg02.pd.internal
bootstrap.memory_lock=true

discovery.type=single-node

xpack.security.enabled=true

container started, no ERRORS but Elasticseach not start working (just stucked)

logs

elasticsearch_1  | [2019-07-13T10:39:09,305][INFO ][o.e.d.DiscoveryModule    ] [elasticsearch-logs-01] using discovery type [single-node] and host providers [settings]
elasticsearch_1  | [2019-07-13T10:39:10,394][INFO ][o.e.n.Node               ] [elasticsearch-logs-01] initialized
elasticsearch_1  | [2019-07-13T10:39:10,394][INFO ][o.e.n.Node               ] [elasticsearch-logs-01] starting ...
elasticsearch_1  | [2019-07-13T10:39:10,580][INFO ][o.e.t.TransportService   ] [elasticsearch-logs-01] publish_address {172.17.0.4:9300}, bound_addresses {0.0.0.0:9300}
elasticsearch_1  | [2019-07-13T10:39:10,988][WARN ][o.e.b.BootstrapChecks    ] [elasticsearch-logs-01] Transport SSL must be enabled if security is enabled on a [basic] license. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]
elasticsearch_1  | [2019-07-13T10:39:11,037][INFO ][o.e.h.n.Netty4HttpServerTransport] [elasticsearch-logs-01] publish_address {172.17.0.4:9200}, bound_addresses {0.0.0.0:9200}
elasticsearch_1  | [2019-07-13T10:39:11,038][INFO ][o.e.n.Node               ] [elasticsearch-logs-01] started
elasticsearch_1  | [2019-07-13T10:39:19,497][INFO ][o.e.l.LicenseService     ] [elasticsearch-logs-01] license [e3f4d2cc-d853-479c-89e1-d0d5731e8030] mode [basic] - valid
elasticsearch_1  | [2019-07-13T10:39:19,510][INFO ][o.e.g.GatewayService     ] [elasticsearch-logs-01] recovered [384] indices into cluster_state
elasticsearch_1  | [2019-07-13T10:39:40,594][INFO ][o.e.m.j.JvmGcMonitorService] [elasticsearch-logs-01] [gc][30] overhead, spent [278ms] collecting in the last [1s]
elasticsearch_1  | [2019-07-13T10:40:01,767][INFO ][o.e.c.r.a.AllocationService] [elasticsearch-logs-01] Cluster health status changed from [RED] to [GREEN] (reason: [shards started [[XXX-2019.06.30][0]] ...]).

To use security you need to configure TLS which is what the warning message complains about.

xpack.security.enabled=true

xpack.security.transport.ssl.enabled=true
xpack.security.transport.ssl.verification_mode=certificate
xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/certificates/ca.crt
xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/certificates/instance.key
xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/certificates/instance.crt

the same :frowning:

started but stucked (no errors and warnings)

elasticsearch_1  | [2019-07-13T10:45:49,015][INFO ][o.e.n.Node               ] [elasticsearch-logs-01] starting ...
elasticsearch_1  | [2019-07-13T10:45:49,201][INFO ][o.e.t.TransportService   ] [elasticsearch-logs-01] publish_address {172.17.0.4:9300}, bound_addresses {0.0.0.0:9300}
elasticsearch_1  | [2019-07-13T10:45:49,623][INFO ][o.e.h.n.Netty4HttpServerTransport] [elasticsearch-logs-01] publish_address {172.17.0.4:9200}, bound_addresses {0.0.0.0:9200}
elasticsearch_1  | [2019-07-13T10:45:49,624][INFO ][o.e.n.Node               ] [elasticsearch-logs-01] started
elasticsearch_1  | [2019-07-13T10:45:58,895][INFO ][o.e.l.LicenseService     ] [elasticsearch-logs-01] license [e3f4d2cc-d853-479c-89e1-d0d5731e8030] mode [basic] - valid
elasticsearch_1  | [2019-07-13T10:45:58,905][INFO ][o.e.g.GatewayService     ] [elasticsearch-logs-01] recovered [384] indices into cluster_state
elasticsearch_1  | [2019-07-13T10:46:41,686][INFO ][o.e.c.r.a.AllocationService] [elasticsearch-logs-01] Cluster health status changed from [RED] to [GREEN] (reason: [shards started [[XXXX-2019.06.30][1], [XXXX-2019.06.30][0]] ...]).

resolved. It works with BASIC plan

steps I forgot to do:

  • run elasticsearch-setup-passwords and choose passwords
  • setup creds in Kibana .env for docker
    ELASTICSEARCH_USERNAME=kibana
    ELASTICSEARCH_PASSWORD=xxx
  • restart kibana
  • wait ~2 min for first run to open kibana web page (very slooow)

and after that "Management / Security" visible in Kibana :+1:
@Christian_Dahlqvist thnx a lot for help!

Finally did it work with "xpack.security.enabled" true or false?
Facing the same error on ES 7.2.0

@pavankumarjs please start your own topic. Each setup and configuration is unique, different versions have different requirements and the platform on which you run Elasticsearch and Kibana affects how it should be configured too. It would be really hard for anyone to give you an out of context simple answer to the question you posted above.

When you open the new topic, take the time to explain the details of your setup, version , OS, the current configuration and the issue you are experiencing. This will highly enhance the chances of someone looking into your issue and you getting meaningful response

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.