Securing the Elasticsearch database – Authentication

Solved355 viewsElastic elastic cluster Elasticsearch security xpac.security
2
0 Comments

A DMA cluster of 2 agents with 3 cassandra nodes and 3 elasticsearch nodes (both Linux Ubuntu 20.04), the client asks me to improve the security of the Elastic nodes as they currently have default credentials (without authentication).

I searched Dojo and found this link to the Dataminer docs:

https://docs.dataminer.services/user-guide/Advanced_Functionality/Security/Advanced_security_configuration/Database_security/Security_Elasticsearch.html

I would like to activate authentication, so I started following the steps:

  1. I stopped the services of the 2 DMAs;
  2. I accessed all 3 in Elastics and stopped the "elasticsearch.service" service;
  3. Opened elasticsearch.yml based on the path /etc/elasticsearch/;
  4. I added the line xpack.security.enabled: true to the end of elasticsearch.yml and saved it with the same name. I did not use the discovery.type: single-node line because it is a cluster with 3 nodes;
  5. I restarted the "elasticsearch.service" service and checked if it was active;
  6. I tried to run the script as shown in the documentation, but I believe that a small adjustment should be made to the procedure saying that you should access the path /usr/share/elasticsearch/ and then try to run the script bin/elasticsearch-setup-passwords interactive ( see Elastic link Set up minimal security for Elasticsearch | Elasticsearch Guide [7.17] | Elastic).
  7. The script presented the error below not requesting the insertion of new credentials.

"Connection failure to: http://[Elastic node IP]:9200/_xpack/security/_authenticate?pretty failed: Connection refused (Connection refused)

 ERROR: Failed to connect to elasticsearch at http://[Elastic node IP]:9200/_xpack/security/_authenticate?pretty. Is the URL correct and elasticsearch running?"

After the script error, I checked and took some actions that I summarized below to speed things up:

  1. I added the line "xpack.security.enabled: true" to the end of the elasticsearch.yml file.
  1. I did not use the discovery.type: single-node line because it is a cluster with 3 nodes.
  1. I ran the script with the host's root credential and I am doing the activity with a connection via Putty from a server on the same network, that is, so firewall would not be a problem.
  1. I have already restarted the elasticsearch.service service because after running the script it stops due to failure.
  1. Ownership and permission of the script are ok because, as I said, I have the root credential of the host.
  1. I checked the log (/var/log/elasticsearch/elasticsearch.log) and it shows initialized with no apparent problems.
  1. I've already checked Elasticsearch.yml and removing the line xpack.security.enabled: true works without a problem, but without authentication.
  1. I double checked the Cluster settings, they are ok, as I said when removing the line xpack.security.enabled: true it works fine.

Could you help me, please? How to solve it and be able to enter the credentials using a usual procedure?

Marieke Goethals [SLC] [DevOps Catalyst] Selected answer as best 22nd August 2024

2 Answers

0
1.48K 0 Comments

As communicated via email, we'll look into this together.
I'll post the solution then here and update our documentation accordingly.

Thibault Heylen [SLC] [DevOps Advocate] Answered question 2nd May 2024
You are viewing 1 out of 2 answers, click here to view all answers.