Setting xpack.security.enabled = true

I have installed Elasticsearch 7, on Ubuntu. I believe x-pack is installed by default, buy I need to enable it.

in which file should I set this setting?

My cluster settings are in:/etc/elasticsearch/elasticsearch.yml and /etc/default/elasticsearch

But I cannot see any commented Setting xpack.security.enabled variable in any of these files...

Also, will I be able to continue protecting my cluster with username/password with the Basic (free license) after the trial period is over?

@Hooman_Bahreini you can follow this blog post that explain how to use security starting from version 7.1 https://www.elastic.co/fr/blog/getting-started-with-elasticsearch-security

Thanks a lot. So I am using the basic version and I believe I need to set xpack.security.transport.ssl.enabled = true

I see the document that you have included that I can use elasticsearch certl util, but does it mean that I have to install a SSL certificate on my webserver too to communicate with ES Cluster?

I just want to password protect the cluster, is it possible to achieve this without setting all these security variables?

Yes, you can just enable x-pack security in elasticsearch.yml with xpack.security.enabled: true
Run your node, and run use this tool elasticsearch-setup-passwords to setup passwords

Thanks, when I set xpack.security.enabled: true, I get message from elastic search saying I need to set xpack.security.transport.ssl.enabled: true if I am using the basic version...

I believe once xpack.security.transport.ssl.enabled is enabled I need to install some SSL certificates on the nodes (which I can see how it is done in the document that you have included). I am just wondering if I need to install an SSL certificate on my WebServer as well to communicate with the nodes? (I don't want an SSL on the web server as they are all inside a private network).

Make sure you are using version 7.1.0

I am using elasticsearch 7.1

If I set xpack.security.enabled: true then I will get the following message:

Transport SSL must be enabled if security is enabled on a [basic] license. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled]

For a cluster that is running in production mode with a production license, once security is enabled, transport TLS/SSL must also be enabled. On the other hand, if we are running with a trial license, then transport TLS/SSL is not obligatory.

If we are running with a production license and we attempt to start the cluster with security enabled before we have enabled transport TLS/SSL, we will see the following error message:

Transport SSL must be enabled for setups with production licenses. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]

4 Likes

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.