Installing xpack plugin on 7.7.1 elastic

I am trying to set up security on my stack. looks like from what I can see version 7.7.1 should have the plugin available to install but when I go to install it I only get this .

 ./elasticsearch-plugin install xpack
-> Installing xpack
-> Failed installing xpack
-> Rolling back xpack
-> Rolled back xpack
A tool for managing installed elasticsearch plugins

Non-option arguments:

Option             Description
------             -----------
-E <KeyValuePair>  Configure a setting
-h, --help         Show help
-s, --silent       Show minimal output
-v, --verbose      Show verbose output
ERROR: Unknown plugin xpack

nothing is in plugins - dir- here is listing of bin dir.

[root@ bin]# ls -lrta

elasticsearch                elasticsearch-saml-metadata
elasticsearch-certgen        elasticsearch-setup-passwords
elasticsearch-certutil       elasticsearch-shard
elasticsearch-cli            elasticsearch-sql-cli
elasticsearch-croneval       elasticsearch-sql-cli-7.7.1.jar
elasticsearch-env            elasticsearch-syskeygen
elasticsearch-env-from-file  elasticsearch-users
elasticsearch-keystore       systemd-entrypoint
elasticsearch-migrate        x-pack-env
elasticsearch-node           x-pack-security-env
elasticsearch-plugin         x-pack-watcher-env

is it something I am not understangin - looks like some xpack stuff is already there.

do I need to install xpack on my logstash nodes? have ssl transport key?
what about kibana.yml setup - does that need these lines too? true true certificate certs/elastic-certificates.p12 certs/elastic-certificates.p12

I did all the setup I think I had to do but when I started kibana and logged in I got a 404 so I am looking for help for the complete install. I have 2 master , 5 data , 3 logstash

You don't need to install xpack. It's already part of the default distribution. Just download the default distribution and you're done.

Looks like all is working EXCEPT for kibana itself. the cluter health looks good in cerbero but after i login to kibana with ID I set up in kibana.yml i get

{"statusCode":404,"error":"Not Found","message":"Not Found"}

what should I look for next - running 7.7.1 version of the stack.

when I look at the log I get this failure. I changed the referer IP and the host names to protect our infra structure info

{"type":"response","@timestamp":"2020-10-19T13:24:46Z","tags":,"pid":23345,"method":"get","statusCode":404,"req":{"url":"/app/kibana","method":"get","headers":{"host":"HOST:5601","connection":"keep-alive","upgrade-insecure-requests":"1","user-agent":"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9","referer":"http://HOST:5601/login?next=%2Fapp%2Fkibana","accept-encoding":"gzip, deflate","accept-language":"en-US,en;q=0.9"},"remoteAddress":"","userAgent":"","referer":"http://HOST:5601/login?next=%2Fapp%2Fkibana"},"res":{"statusCode":404,"responseTime":98,"contentLength":9},"message":"GET /app/kibana 404 98ms - 9.0B"}

seems like it cannot get to the IP which doesn;t look valid I ma finding out if that is a PROXY or VPN. am I on the right track?

I think this is not the same initial question.

I'd suggest that you open a new question, describe exactly what you done and provide logs from elasticsearch.
If it's a Kibana question, I'd suggest that you open it in #elastic-stack:kibana.

Also please format your code, logs or configuration files using </> icon as explained in this guide and not the citation button. It will make your post more readable.

Or use markdown style like:


This is the icon to use if you are not using markdown format:

There's a live preview panel for exactly this reasons.

Lots of people read these forums, and many of them will simply skip over a post that is difficult to read, because it's just too large an investment of their time to try and follow a wall of badly formatted text.
If your goal is to get an answer to your questions, it's in your interest to make it as easy to read and understand as possible.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.