Hi guys,
I have installed graylog-server 4.3.5-1 on Debian 11.4 as well as elasticsearch 7.17.5
When I run the setup without uncommenting
#xpack.security.enabled: true
I get these here warnings in logs:
"Elasticsearch built-in security features are not enabled. Without authentication, your cluster could be accessible to anyone. See (link obfuscated) /guide/en/elasticsearch/reference/7.17/security-minimal-setup.html to enable security."]"
So I decided to try to enable xpack security and did the following to try to achieve that:
I uncommented “#xpack.security.enabled: true” in /etc/elasticsearch/elasticsearch.yml
I ran “./bin/elasticsearch-setup-passwords auto” to set passwords for built-in users.
I created the follwing role:
{
“graylog_role” : {
“cluster” : [
“monitor”,
“manage”,
“all”
],
“indices” : [
{
“names” : [
“*”
],
“privileges” : [
“all”
],
“allow_restricted_indices” : false
}
],
“applications” : ,
“run_as” : ,
“metadata” : { },
“transient_metadata” : {
“enabled” : true
}
}
}
and lastly I created the follwing user:
{
“myelasticuser” : {
“username” : “myelasticuser”,
“roles” : [
“graylog_role”
],
“full_name” : “elastic graylog user”,
“email” : “[emailaddress@example.com](mailto:emailaddress@example.com)”,
“metadata” : {
“intelligence” : 1
},
“enabled” : true
}
}
Now I get the follwing in logs:
"ERROR [VersionProbe] Unable to retrieve version from Elasticsearch node 127.0.0.1:9200: Error response: type: security_exception - reason: action [cluster:monitor/main] is unauthorized for user [myelasticuser] with roles [all,monitor,manage], this action is granted by the cluster privileges [monitor,manage,all]"
and nothing works.
Am I missing a step?