Security Section Not Listed

wwalker · June 15, 2019, 1:10am

I see that in version 7.1.0, the security module was made available to basic licenses but I am not seeing it in my 7.1.1 install. Do I have to setup transport and http security first for those features to expose themselves?

warkolm · June 15, 2019, 1:32am

Did you download the default distribution or the -oss one?

wwalker · June 15, 2019, 1:43am

Default distribution from elastic.co

wwalker · June 16, 2019, 2:29pm

Do I need to use the -oss one??

warkolm · June 17, 2019, 4:57am

What does GET _xpack?pretty return?

wwalker · June 17, 2019, 2:23pm

Below is my output

{
  "build" : {
    "hash" : "7a013de",
    "date" : "2019-05-23T14:05:50.009976Z"
  },
  "license" : {
    "uid" : "381c5986-9fb8-4e14-a6bc-fc98f3a6f245",
    "type" : "basic",
    "mode" : "basic",
    "status" : "active"
  },
  "features" : {
    "ccr" : {
      "description" : "Cross Cluster Replication",
      "available" : false,
      "enabled" : true
    },
    "graph" : {
      "description" : "Graph Data Exploration for the Elastic Stack",
      "available" : false,
      "enabled" : true
    },
    "ilm" : {
      "description" : "Index lifecycle management for the Elastic Stack",
      "available" : true,
      "enabled" : true
    },
    "logstash" : {
      "description" : "Logstash management component for X-Pack",
      "available" : false,
      "enabled" : true
    },
    "ml" : {
      "description" : "Machine Learning for the Elastic Stack",
      "available" : false,
      "enabled" : true,
      "native_code_info" : {
        "version" : "7.1.1",
        "build_hash" : "fd619a36eb77df"
      }
    },
    "monitoring" : {
      "description" : "Monitoring for the Elastic Stack",
      "available" : true,
      "enabled" : true
    },
    "rollup" : {
      "description" : "Time series pre-aggregation and rollup",
      "available" : true,
      "enabled" : true
    },
    "security" : {
      "description" : "Security for the Elastic Stack",
      "available" : true,
      "enabled" : false
    },
    "sql" : {
      "description" : "SQL access to Elasticsearch",
      "available" : true,
      "enabled" : true
    },
    "watcher" : {
      "description" : "Alerting, Notification and Automation for the Elastic Stack",
      "available" : false,
      "enabled" : true
    }
  },
  "tagline" : "You know, for X"
}

So I looked at my elasticsearch.yml configuration and saw that I had xpack.security.enabled: false. Not sure when/why I did that, but I changed it to true and the following events were logged:

[2019-06-17T09:20:22,962][INFO ][o.e.b.BootstrapChecks    ] [ESIPS1] bound or publishing to a non-loopback address, enforcing bootstrap checks
[2019-06-17T09:20:23,008][ERROR][o.e.b.Bootstrap          ] [ESIPS1] node validation exception
[1] bootstrap checks failed
[1]: Transport SSL must be enabled if security is enabled on a [basic] license. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]

So I set ssl.enabled to true and xpack.security to true and restarted elasticsearch. It starts up, but I see a ton of closed connections and handshake failures, which leads me to believe it's because I haven't configured SSL on the transport.

wwalker · June 17, 2019, 11:58pm

@warkolm, does this mean transport security needs to be configured before I can enable Kibana user access, or do I need to configure both HTTPS and transport security? I realize the benefits of doing so, I just want to step into this as methodically as possible.

warkolm · June 17, 2019, 11:59pm

My understanding is that it all needs to be configured.

system · July 15, 2019, 11:59pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.