I want to configure a very limited security in my cluster such that all user except few have only read permission to all the data in elasticsearch and all the Kibana UI feaures without having to login.
Only certain privileged users will be able to write data to elasticsearch and edit things in Kibana UI.
Your best path is to use Role-Based Access Control but I would read up on the whole User Authorization section of the docs for some context and related info. There's plenty to this topic so it's probably worth looking through these first. Feel free to follow up with a new issue if there's anything specific in there you need help with. For what it's worth, I found it to be pretty intuitive once I'd played around with it a bit.
But I'm not able to get the anonymous access to work. There doesn't seems to be clear documentation on how to get anonymous auth working in ELK stack (elasticsearch and Kibana). As my requirement is to be able to read the data without having to login. And user should only be asked for password when performing some write/PUT operation to elasticsearch/Kibana management.
I tried to do a PUT operation to change the replication setting of the cluster without any username and password. I was kind of expecting it to fail as There weren't any cluster level permissions given for anonymous user. But it succeeded.
Does that mean my changes weren't applied? (may be because 'xpack.security.enabled: true' setting was not in elasticsearch.yml? )
I was trying to setup ssl certs to enable security and then bumped into below error:
Exception in thread "main" java.lang.IllegalStateException: unable to read from standard input; is standard input open and a tty attached?
at org.elasticsearch.cli.Terminal$SystemTerminal.readText(Terminal.java:173)
at org.elasticsearch.cli.Terminal$SystemTerminal.readSecret(Terminal.java:183)
at org.elasticsearch.xpack.security.cli.CertificateTool.withPassword(CertificateTool.java:929)
at org.elasticsearch.xpack.security.cli.CertificateTool.access$100(CertificateTool.java:85)
at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateCommand.generateCA(CertificateTool.java:384)
at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateAuthorityCommand.execute(CertificateTool.java:864)
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:77)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
at org.elasticsearch.cli.Command.main(Command.java:90)
at org.elasticsearch.xpack.security.cli.CertificateTool.main(CertificateTool.java:137)
I'm trying to create certs by running elasticsearch container through ansible while deployment:
The issue seems to be your use of single quotes embedded within single quotes.
You're running bash -c '(command)' but your command has --pass '' in it, so those single quotes aren't being treated the way you would expect. Switch it to --pass "" instead.
I could enable anonymous access in elasticsearch. But Kibana prompts me for a login. What i want is to be able to access data and some kibana space without having to login. I searched for kibana anonymous access but couldn't find anything helpful.
Kibana does not support anonymous access.
You can simulate it by putting a proxy in front of Kibana to automatically add authorization headers, but it's not supported natively.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.