Provisioning cluster to only allow "test" index to be visible by master node

eharm007 · September 10, 2019, 4:53pm

Hey All,

Title pretty much summarizes what I am trying to do but I can't find any information on this subject. Basically, I have a single cluster with different nodes across different subnets. I have set my firewall rules to allow communication between servers in different subnets and have set up a cluster that had remote nodes.

My goal is basically this:
I have two nodes (node-1 and node-2) where node-1 is the master/data node and node-2 is only a data node. I have filebeat pushing logs from my edge device to my cluster where they are filtered and placed into one of two indices (index-1 and index-2). I want node-1 to have visibility and access to search both of my indices, however, I want node-2 to only have visibility and access to search index-2.

I tried to mess around with shard allocation but I can still access the logs and when i curl the status of my indices from node-2, it still has all the updated logs being push to both index-1 and index-2. Maybe this is not an intended use-case for elasticsearch, but I was wondering if it was possible in the first place. Thanks !

Christian_Dahlqvist · September 10, 2019, 5:23pm

Indices are accessed st the cluster level so what you want to do is not possible. You could however create different users and control access to indices that way, but not by entry point.

eharm007 · September 10, 2019, 5:25pm

This is what I was beginning to suspect. Are there security implications to using access control to prevent a user on node-2 from accessing index-1 (lets say this node exists in their network enclave or on their LAN).

Also, this seems like it would be possible with cross-cluster replication as you can assign which indices are followed but I was trying to avoid buying the platinum license

Christian_Dahlqvist · September 10, 2019, 5:31pm

If you control access through users and roles they will have the same access irrespective of which node they are connecting to.

eharm007 · September 10, 2019, 5:32pm

Alright. This seem to be my best path forward. I appreciate your time!

system · October 8, 2019, 5:32pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Question about securing elasticsearch production setup Elasticsearch	4	592	November 24, 2017
How to grant access for specefic data in elastic cluster Elasticsearch	5	433	November 6, 2020
Elasticsearch clustering indices problem Elasticsearch	5	333	August 30, 2019
2 Node Cluster, 1 node being passive Elasticsearch	3	1237	July 6, 2017
Indexer cluster separate and Searcher cluster separate Elasticsearch	9	847	May 11, 2019

Provisioning cluster to only allow "test" index to be visible by master node

Related topics