Setup
ElasticSearch v6.8
Context
I'm trying to build a couple of AMI's for ElasticSearch and Kibana using Packer.
I've been reading the official docs and have run into something confusing (for me at least)
I'm setting up the built-in users in ElasticSearch according to this doc. I'm using the auto option as opposed to interactive
bin/elasticsearch-setup-passwords auto
Once this is done I need to modify the kibana.yml file to use the built-in user whilst communicating with ElasticSearch. This doc describes what to do. Essentially you add these two lines:
elasticsearch.username: "kibana"
elasticsearch.password: "kibanapassword"
Questions
How can I automatically read the password output for the built in Kibana user (bin/elasticsearch-setup-passwords auto) so that I can add it to the kibana.yml file?
Is storing the password in plain text in the 'kibana.yml' file secure? I fear it is not... but is there an alternative?
Thanks
For elasticsearch-setup-passwords rather than using auto, look into --batch, so you can define the password and then use that for Kibana.
You probably want to use a keystore for Kibana.
Related
I am just started exploring about the Elasticsearch + Kibana + Logstash combined as my requirement of integration this with other tool chains.
I have tried to successfully downloading of ElasticSearch & Kibana from official websites.
https://www.elastic.co/downloads/kibana
https://www.elastic.co/downloads/elasticsearch
And I am able to start the ElasticSearch as well.
When I go to browser to access this it is asking for me to enter credentials.
I saw lots of tutorials on youtube no one faced this problem.
Need to know what settings of configuration needs to apply here ?
My OS is : Windows-10
Thanks in advance !!
Adding below two lines in \elasticsearch-8.2.2\config\elasticsearch.yml
# Enable security features
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
I deployed Elasticsearch with the following the page below to my Azure Kubernetes environment.
https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-deploy-elasticsearch.html
It works fine.
But I want to add a basic user/password authentication for Elasticsearch page. I really don't get it why it's so complicated and needs to Google it.
Then I checked this page;
https://www.elastic.co/guide/en/elasticsearch/reference/current/get-started-enable-security.html
I guess I need to add "xpack.security.enabled: true" to elasticsearch.yaml file, but to where? How can I do that? I c/p and put the yaml file and it didn't worked.
https://www.elastic.co/guide/en/elasticsearch/reference/current/get-started-enable-security.html
Then the documentation below mentioned about the creating passwords for built-in users, but they mentioned only manual installations, not sure how to do with Kubernetes?
`
https://www.elastic.co/guide/en/elasticsearch/reference/current/get-started-built-in-users.html
`
Is there any basic documentation available for creating authentication on Elasticsearch? How can I do that?
Regards.
You can do it by installing elasticsearch using helm chart and modifying values.yaml. It allows you to modify elasticsearch.yaml.
You can enable xpack.security.enabled: true with following configuration:
esConfig: {}
elasticsearch.yml: |
xpack.security.enabled: true
My team has data stored on ElasticSearch and have given me an API key, the URL of a remote cluster, and a username/password combination (to what I dont know) to GET data.
How do I use this API key to get data from the ElasticSearch cluster with Python? I've looked through the docs, but none include the use of a raw API key and most involve localhost, not a remote host in my case.
Surely I need to know the names of nodes or indexes at least? For what would I need the username/password combo for? There must be more details I need to connect with than what I've been given?
We're moving from Node.js+couchbase work to ElasticSearch+Python so I'm more than a bit lost.
TYIA
Most probably x-pack basic security is enabled in your Elasticsearch(ES) cluster, which you can check by hitting http::9200, if it ask for username/password then you can provide what you have.
Please refer x-pack page for more info.
In short, its used to secure your cluster and indices and there are various types of authentication and basic auth(which requires username/password) is the one your team might be using.
Need to change the Kibana GUI password. I have to change the password in the customer system so I can't install Xpack. Please provide the solution.
What ES version you are using?
What do you mean by Kibana GUI password? Is it Kibana user? or Superuser? or Some other user?
Since you are using 5.2 as mentioned in your comments, here's the documentation for ES 5.2.
The command in your case would be:
curl -XPUT -u kibana:kibanauser 'http://localhost:9200/_xpack/security/user/kibana/_password' -d '{ "password": "kibana2019"}'
In SO, as a good practise, you need to specify what you tried and what didn't work
I am going to use logstash+ES+kibana for my project. I want to know how to use this framework for multi tenants. Can any one explain me how after the authentication Kibana query the elastic search index and load in Kibana's dashboard? Can I restrict kibana to look for a specifix index of Elastic search for a particular user or some-id? Anybody has tried this?
Thnx
You could, but depending on your use case it is probably not a good idea. There are a few gotchas, particularly regarding security and separating the users. First Kibana is just javascript running in the browser. So whatever Kibana is allowed to do so is your user. You can however have a separate index pattern for each "user", but elastic search does not provide you any ways of authenticating a users or authorizing a user access to a specific index. You would have to use some sort of proxy for this.
I recommend http://www.found.no/foundation/elasticsearch-in-production/ and http://www.found.no/foundation/elasticsearch-security/ for a more in depth explanation.
Create an index for each tenant.
In this way you can use a proxy (like the app the hosts kibana) to intercept the request and return a settings that includes the index to use.
The value that specifies the index to use can be the logged in user or you can get that value somewhere else.
To separate even more the data, you can use a prefix in each index name, and then when you specify an index you can use a pattern to take all the index related to only certain kind of data/entities.
Hope this help.
Elasticsearch announced today a plugin they are working on that should provide security features to ES product. Probably, this will contain ways of restricting access based on roles and users setup at cluster and indices level. If this happens I see no way for them not to extend this security layer to Kibana, as well. Also, it seems this plugin will have a commercial version only.