I have installed Elasticsearch 7, on Ubuntu. I believe X-Pack is installed by default, but I need to enable it.
In which file should I set this setting?
My cluster settings are in: /etc/elasticsearch/elasticsearch.yml and /etc/default/elasticsearch, but I cannot see xpack.security.enabled in either of files...
write the following line in /etc/elasticsearch/elasticsearch.yml :
xpack.security.enabled: true
when you enable xpack.security, you need to create user and password unless you cannot use elasticsearch or kibana. follow this guide:
https://www.elastic.co/guide/en/elastic-stack-overview/current/get-started-enable-security.html
Related
I'm attempting to test elastic replication and install multiple elastic instances on the same host.
I've created an additional elastic search configuration file and set the following config property:
http.port: 9500
The other elastic search configuration file contains the default value :
http.port: 9200
I attempt to start elastic using :
./bin/elasticsearch -Ees.config=./config/elasticsearch.yml
but receive error :
uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.IllegalArgumentException: unknown setting [es.config] please check that any required plugins are installed, or check the breaking changes documentation for removed settings
How to utilize 2 elasticsearch instances on the same host ?
Is there an alternative to the es.config parameter ?
ES_PATH_CONF=/path/to/my/config ./bin/elasticsearch
This is the way to do it according to the documentation https://www.elastic.co/guide/en/elasticsearch/reference/current/settings.html (depending on the version you are using, it might differ).
I would recommend using a docker setup for this endeavour as described here (official elasticsearch documentation) https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html
As #Alkis Kalogeris already stated, I would also recommend using docker/docker-compose. You would just need to expose a different port to your localhost.
I tried two hosters. Massivegrid and Unispace.
On both I created a new environment.
Then choose docker install. Choose elasticsearch.
After it finished, I took the url ipv4 address and pasted on the browser with port as 9200 and nothing popped up.
So I went into terminal and netstat told me there was no elastic service running. In fact nothing related to elastic was installed. No /etc/elasticsearch.
I used this tutorial https://docs.jelastic.com/elasticsearch
I failed on "Connection via Public IP" part.
Wondering what am I missing.
Edit: I created another new enviorment and installed Elasticsearch 6.8.1 image and this works as per tutorial. The newer range from 7.0 onwards is all blank inside. No Java, no elasticsearch etc.
In order to fix the problem with version 7.2 the next steps can be taken:
Add the following string in the /usr/local/bin/docker-entrypoint.sh file:
ulimit -n 65536
And in the elasticsearch.yml file (/usr/share/elasticsearch/config/elasticsearch.yml) please add:
cluster.initial master_nodes: node-1
After that restart the container.
Correct setting for elasticsearch.yml should look like the following:
cluster.initial_master_nodes: node-1
I had installed x-pack earlier and used it, but The elasticsearch.stdout log says :
java.lang.IllegalArgumentException: unknown secure setting
[bootstrap.password] please check that any required plugins are
installed, or check the breaking changes documentation for removed
settings
Thanks.
When you install X-Pack, bootstrap password is added to the keystore. If the elastic user does not have a password, the bootstrap is used by default. So, when it is set but don't run elasticsearch with X-Pack, elasticsearch fails!
Considering you uninstalled the X-Pack, I can recommend you remove it from the keystore by running the following command after navigating your [elacticsearch]/bin directory:
elasticsearch-keystore remove bootstrap.password
We set up a elasticsearch cluster, installed Kibana and x-pack. Now the Kibana login screen display error message:
Login is disabled because your license has expired. Please extend your license or disable Security in Elasticsearch.
On line document suggested to put
xpack.security.enabled: false
in both es and kibana configuration files. Made the change, restarted both services and still get the error message.
Tried to remove x-pack but got this error message:
# bin/elasticsearch-plugin remove x-pack
/etc/sysconfig/elasticsearch: line 67: xpack.security.enabled:: command not found
Unable to source environment file: /etc/sysconfig/elasticsearch
Have to change the ':' to '=' to complete the remove process. Seems no way to use x-pack without license.
I'm trying to setup Shield for Elasticsearch, but had some trouble
When I try to start Elasticsearch like:
/usr/share/elasticsearch/bin/elasticsearch
all work as expected, but when I'm trying to start/restart Elasticsearch like:
/etc/init.d/elasticsearch srart
I've got error described below
[2015-02-17 21:44:09,662][ERROR][shield.audit.logfile ] [Tusk] [rest] [authentication_failed] origin_address=[/192.168.88.17:58291], principal=[es_admin], uri=[/_aliases?pretty=true]
OS: Ubuntu 12.04
Elasticsearch: 1.4.3
Shield: 1.0.1
Elasticsearch and Shield were running with default settings
If your elasticsearch configs are not in /usr/share/elasticsearch but lets say at /etc/elasticsearch
Then just move the usr/share/elasticsearch/config/shield to /etc/elasticseach
Take care that if you start elasticsearch with the user elasticsearch that the new /etc/elasticsearch/shield folder belongs to the user elasticsearch.
If that doesn't make it, then also see this
http://www.elasticsearch.org/guide/en/shield/current/getting-started.html#_configuring_your_environment
Same thing happened with me when i tried to add shield to our elasticsearch cluster to add auth based access to elasticsearch data.
I was on ubuntu 14.04 machine and elasticsearch was installed using a .deb package from elastic-download-link.
Elasticsearch was using a service startup script from
/etc/init.d/elasticsearch
in which the configuration was mentioned as:
# Elasticsearch configuration directory
CONF_DIR=/etc/$NAME
But when i tried to install shield plugin on elasticsearch from this-link
and tried to add user on shield by following es-docs using this command.
sudo bin/shield/esusers useradd es_admin -r admin
shield configuration was being updated in
/usr/share/elasticsearch/config/shield/
but elasticsearch server was expecting configuration files to be in
/etc/elasticsearch/shield/
due to this mismatch in read configuration file for shield and new updated file with newly added users on shield causing this authentication failure.
This can be solved either by moving
/usr/share/elasticsearch/config/shield/
to
/etc/elasticsearch/shield/
or by changing conf file location in
/etc/init.d/elasticsearch
as
# Elasticsearch configuration directory
CONF_DIR=/usr/share/elasticsearch/config/