I have a small cluster that sits on one machine which pulls data from about 5 servers. Now, I was asked to secure the connection and set up a user for when entering Kibana.
I read the latest documentation and it seems like this requires a paid subscription but some online sources says it's not anymore. Is it possible to encrypt communications and set a login user with the opensource version? If so, may I ask how? Huge thanks ahead!
Which version are you using?
Thanks for the response,
Latest 7.8.0
Security is free if you use the default distribution with the free basic license. The OSS distribution does not contain any security.
Can I ask you to direct me to the documentation or guide that covers that? Thanks ahead.
Some indexes have been deleted, now I see indexes called meow? has some details on that.
Thanks for the response,
Using this guide, I've created the two certificates (with password):
bin/elasticsearch-certutil ca
bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
made sure that permissions are right:
# ll /usr/share/elasticsearch/
total 576
**-rwxrwxrwx 1 root root 3451 Jul 27 19:00 elastic-certificates.p12**
**-rwxrwxrwx 1 root root 2527 Jul 27 18:57 elastic-stack-ca.p12**
(There are other files but I deleted the lines so it won't be cluttered)
And since I only have one instance of elasticsearch, I've added the following at the bottom of elasticsearch.yml:
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
As the last step in the guide, I've added the passwords using this command:
bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
But when I restart elasticsearch it fails:
[root@SERVER-150 elasticsearch]# systemctl restart elasticsearch
Job for elasticsearch.service failed because the control process exited with error code. See "systemctl status elasticsearch.service" and "journalctl -xe" for details.
[root@SERVER-150 elasticsearch]# systemctl status elasticsearch.service -l
● elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Tue 2020-07-28 08:05:01 UTC; 11s ago
Docs: https://www.elastic.co
Process: 19265 ExecStart=/usr/share/elasticsearch/bin/systemd-entrypoint -p ${PID_DIR}/elasticsearch.pid --quiet (code=exited, status=1/FAILURE)
Main PID: 19265 (code=exited, status=1/FAILURE)
Jul 28 08:05:01 SERVER-150 systemd-entrypoint[19265]: at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578)
Jul 28 08:05:01 SERVER-150 systemd-entrypoint[19265]: at org.elasticsearch.node.Node.<init>(Node.java:488)
Jul 28 08:05:01 SERVER-150 systemd-entrypoint[19265]: at org.elasticsearch.node.Node.<init>(Node.java:266)
Jul 28 08:05:01 SERVER-150 systemd-entrypoint[19265]: at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:227)
Jul 28 08:05:01 SERVER-150 systemd-entrypoint[19265]: <<<truncated>>>
Jul 28 08:05:01 SERVER-150 systemd-entrypoint[19265]: For complete error details, refer to the log at /var/log/elasticsearch/testcluster.log
Jul 28 08:05:01 SERVER-150 systemd[1]: elasticsearch.service: main process exited, code=exited, status=1/FAILURE
Jul 28 08:05:01 SERVER-150 systemd[1]: Failed to start Elasticsearch.
Jul 28 08:05:01 SERVER-150 systemd[1]: Unit elasticsearch.service entered failed state.
Jul 28 08:05:01 SERVER-150 systemd[1]: elasticsearch.service failed.What's in there?
Thanks for the response, I've looked at it but couldnt make much sense of it:
Caused by: java.nio.file.NoSuchFileException: /etc/elasticsearch/elastic-certificates.p12
Does that exist?
Thanks for the response, it worked!
I was able to move on and now having some trouble encrypting filebeat to logstash (It's the last step). According to the "secure filebeat to logstash" page, I need .crt and .key configured on both ends. Problem is, that so far only elastic-certificates.p12 and elastic-stack-ca.p12 as in this page.
Do I have to use these to file as if they're .crt and .key? Do I need to create additional files?
Thanks ahead!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.