I have installed Elasticsearch 7, on Ubuntu. I believe x-pack is installed by default, buy I need to enable it.
in which file should I set this setting?
My cluster settings are in:/etc/elasticsearch/elasticsearch.yml and /etc/default/elasticsearch
But I cannot see any commented Setting xpack.security.enabled variable in any of these files...
Also, will I be able to continue protecting my cluster with username/password with the Basic (free license) after the trial period is over?
@Hooman_Bahreini you can follow this blog post that explain how to use security starting from version 7.1 https://www.elastic.co/fr/blog/getting-started-with-elasticsearch-security
Thanks a lot. So I am using the basic version and I believe I need to set xpack.security.transport.ssl.enabled = true
I see the document that you have included that I can use elasticsearch certl util, but does it mean that I have to install a SSL certificate on my webserver too to communicate with ES Cluster?
I just want to password protect the cluster, is it possible to achieve this without setting all these security variables?
Yes, you can just enable x-pack security in elasticsearch.yml with xpack.security.enabled: true
Run your node, and run use this tool elasticsearch-setup-passwords to setup passwords
Thanks, when I set xpack.security.enabled: true, I get message from elastic search saying I need to set xpack.security.transport.ssl.enabled: true if I am using the basic version...
I believe once xpack.security.transport.ssl.enabled is enabled I need to install some SSL certificates on the nodes (which I can see how it is done in the document that you have included). I am just wondering if I need to install an SSL certificate on my WebServer as well to communicate with the nodes? (I don't want an SSL on the web server as they are all inside a private network).
Make sure you are using version 7.1.0
I am using elasticsearch 7.1
If I set xpack.security.enabled: true then I will get the following message:
Transport SSL must be enabled if security is enabled on a [basic] license. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled]
For a cluster that is running in production mode with a production license, once security is enabled, transport TLS/SSL must also be enabled. On the other hand, if we are running with a trial license, then transport TLS/SSL is not obligatory.
If we are running with a production license and we attempt to start the cluster with security enabled before we have enabled transport TLS/SSL, we will see the following error message:
Transport SSL must be enabled for setups with production licenses. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.