Securing the Elasticsearch database – Authentication

Solved332 viewsElastic elastic cluster Elasticsearch security xpac.security
2
0 Comments

A DMA cluster of 2 agents with 3 cassandra nodes and 3 elasticsearch nodes (both Linux Ubuntu 20.04), the client asks me to improve the security of the Elastic nodes as they currently have default credentials (without authentication).

I searched Dojo and found this link to the Dataminer docs:

https://docs.dataminer.services/user-guide/Advanced_Functionality/Security/Advanced_security_configuration/Database_security/Security_Elasticsearch.html

I would like to activate authentication, so I started following the steps:

  1. I stopped the services of the 2 DMAs;
  2. I accessed all 3 in Elastics and stopped the "elasticsearch.service" service;
  3. Opened elasticsearch.yml based on the path /etc/elasticsearch/;
  4. I added the line xpack.security.enabled: true to the end of elasticsearch.yml and saved it with the same name. I did not use the discovery.type: single-node line because it is a cluster with 3 nodes;
  5. I restarted the "elasticsearch.service" service and checked if it was active;
  6. I tried to run the script as shown in the documentation, but I believe that a small adjustment should be made to the procedure saying that you should access the path /usr/share/elasticsearch/ and then try to run the script bin/elasticsearch-setup-passwords interactive ( see Elastic link Set up minimal security for Elasticsearch | Elasticsearch Guide [7.17] | Elastic).
  7. The script presented the error below not requesting the insertion of new credentials.

"Connection failure to: http://[Elastic node IP]:9200/_xpack/security/_authenticate?pretty failed: Connection refused (Connection refused)

 ERROR: Failed to connect to elasticsearch at http://[Elastic node IP]:9200/_xpack/security/_authenticate?pretty. Is the URL correct and elasticsearch running?"

After the script error, I checked and took some actions that I summarized below to speed things up:

  1. I added the line "xpack.security.enabled: true" to the end of the elasticsearch.yml file.
  1. I did not use the discovery.type: single-node line because it is a cluster with 3 nodes.
  1. I ran the script with the host's root credential and I am doing the activity with a connection via Putty from a server on the same network, that is, so firewall would not be a problem.
  1. I have already restarted the elasticsearch.service service because after running the script it stops due to failure.
  1. Ownership and permission of the script are ok because, as I said, I have the root credential of the host.
  1. I checked the log (/var/log/elasticsearch/elasticsearch.log) and it shows initialized with no apparent problems.
  1. I've already checked Elasticsearch.yml and removing the line xpack.security.enabled: true works without a problem, but without authentication.
  1. I double checked the Cluster settings, they are ok, as I said when removing the line xpack.security.enabled: true it works fine.

Could you help me, please? How to solve it and be able to enter the credentials using a usual procedure?

Marieke Goethals [SLC] [DevOps Enabler] Selected answer as best 22nd August 2024

2 Answers

0
1.48K 0 Comments

To conclude on this topic, the solution to set the admin password is that you first need to configure the TLS on your elasticsearch cluster. After that you can configure the administrative password.

The help has been updated with recommendations to make some items more clear.

Marieke Goethals [SLC] [DevOps Enabler] Selected answer as best 22nd August 2024
You are viewing 1 out of 2 answers, click here to view all answers.