How xpack.license.self_generated.type: basic setting is really working?


(Frederic Leger) #1

Running a demo with ES 6.4.0 i have a strange feeling about how is handled the setting xpack.license.self_generated.type: basic in elasticsearch.yml.

My need is to have SSL (encryption in transit) and no certs authentication beetween nodes or clients.
Reeding the doc i would assume that this is not possible without a valid gold (at least subscription).

But when trying it and setting xpack.license.self_generated.type: basic in order to limit the license to the basic subset it seems that the xpack.ssl.* setup are honored correctly.

ex: openssl s_client -CAfile ./certs/ca.pem -showcerts -connect localhost:9300

SSL handshake has read 1388 bytes and written 194 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-SHA384
    Session-ID: 5BACE946CA28B152230EBB34E80E8E0A4F836A965791D0C01214120964BEEBA0
    Session-ID-ctx:
    Master-Key: 8FDDF779120F8C8FEAFA4769F962B342B5A91E2E8F91A847E416E0B3B0CDC55E92A98DA2C486C77687064E06EA5E79EC
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1538058566
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

or

curl --cacert certs/ca.pem -I https://localhost:9200:

HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
content-length: 500

Any explanation to what i am missing here ?


No x-pack: Login is currently disabled. Administrators should consult the Kibana logs for more details
(Frederic Leger) #2

In case it can explain something, this is a fresh install on Ubuntu 16.04 on digital ocean from officail ES repos...


(xeraa) #3

Can you post the output of GET /_xpack/license please? Just to make sure that the trial isn't enabled for some reason.


(Frederic Leger) #4

hi @xeraa !

without xpack.license.self_generated.type: basic :

  "license" : {
    "status" : "active",
    "uid" : "d55f8059-6314-49e8-86e8-9d8df79efcb7",
    "type" : "basic",
    "issue_date" : "2018-09-27T16:00:17.880Z",
    "issue_date_in_millis" : 1538064017880,
    "max_nodes" : 1000,
    "issued_to" : "kibana",
    "issuer" : "elasticsearch",
    "start_date_in_millis" : -1
  }
}

with xpack.license.self_generated.type: basic:

{
  "license" : {
    "status" : "active",
    "uid" : "4856423b-09e1-4eac-bd81-6c3257aa6b47",
    "type" : "basic",
    "issue_date" : "2018-09-27T16:08:10.648Z",
    "issue_date_in_millis" : 1538064490648,
    "max_nodes" : 1000,
    "issued_to" : "kibana",
    "issuer" : "elasticsearch",
    "start_date_in_millis" : -1
  }
}

So it seems that this is activated whatever you do ? right ?


(system) #5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.