A DMA cluster of 2 agents with 3 cassandra nodes and 3 elasticsearch nodes (both Linux Ubuntu 20.04), the client asks me to improve the security of the Elastic nodes as they currently have default credentials (without authentication).
I searched Dojo and found this link to the Dataminer docs:
I would like to activate authentication, so I started following the steps:
- I stopped the services of the 2 DMAs;
- I accessed all 3 in Elastics and stopped the "elasticsearch.service" service;
- Opened elasticsearch.yml based on the path /etc/elasticsearch/;
- I added the line xpack.security.enabled: true to the end of elasticsearch.yml and saved it with the same name. I did not use the discovery.type: single-node line because it is a cluster with 3 nodes;
- I restarted the "elasticsearch.service" service and checked if it was active;
- I tried to run the script as shown in the documentation, but I believe that a small adjustment should be made to the procedure saying that you should access the path /usr/share/elasticsearch/ and then try to run the script bin/elasticsearch-setup-passwords interactive ( see Elastic link Set up minimal security for Elasticsearch | Elasticsearch Guide [7.17] | Elastic).
- The script presented the error below not requesting the insertion of new credentials.
"Connection failure to: http://[Elastic node IP]:9200/_xpack/security/_authenticate?pretty failed: Connection refused (Connection refused)
ERROR: Failed to connect to elasticsearch at http://[Elastic node IP]:9200/_xpack/security/_authenticate?pretty. Is the URL correct and elasticsearch running?"
After the script error, I checked and took some actions that I summarized below to speed things up:
- I added the line "xpack.security.enabled: true" to the end of the elasticsearch.yml file.
- I did not use the discovery.type: single-node line because it is a cluster with 3 nodes.
- I ran the script with the host's root credential and I am doing the activity with a connection via Putty from a server on the same network, that is, so firewall would not be a problem.
- I have already restarted the elasticsearch.service service because after running the script it stops due to failure.
- Ownership and permission of the script are ok because, as I said, I have the root credential of the host.
- I checked the log (/var/log/elasticsearch/elasticsearch.log) and it shows initialized with no apparent problems.
- I've already checked Elasticsearch.yml and removing the line xpack.security.enabled: true works without a problem, but without authentication.
- I double checked the Cluster settings, they are ok, as I said when removing the line xpack.security.enabled: true it works fine.
Could you help me, please? How to solve it and be able to enter the credentials using a usual procedure?
As communicated via email, we'll look into this together.
I'll post the solution then here and update our documentation accordingly.