Populating user credentials to all nodes in cluster

security

(Kevin) #1

Hi, so I am fairly new to the Elastic Stack. I've setup a cluster of elasticsearch nodes (Masters, Datas, Clients). I also have Kibana setup as well. Both Elasticsearch and Kibana have Shield installed on their respective nodes. The issue that I am running into is that I need to create Kibana4 users so that people can login to Kibana Web Interface. If I create the user on the Elasticsearch client node that Kibana4 is pointed to, they can login. If I create the user on a Elasticsearch Master that Kibana is not pointed to, they cannot login. Is there a way for me to create the users on a Elasticsearch node and have that populate to all servers in the cluster? Thanks!


(Steve Kearns) #2

Hi Kevin,

Today, as an administrator of a Shield protected Elasticsearch cluster, it is up to you to keep the users, roles, and user-role mapping files in sync across all nodes in the cluster. This is not optional - you cannot just add a user to one node, but not another; it won't be secure.

As you might imagine, we are working on a proper API, which includes seamless distribution of configuration across all nodes. This is planned for a near-term release, and will make this much easier.

In the mean time, you will need to keep the configuration in sync on all nodes.

Hope that helps!


(Kevin) #3

That is exactly the answer I was looking for. Okay, I will do that then. Thanks skearns! I look forward to the next release for the seamless distribution.


(system) #4