Securing Elasticsearch¶
Configuration file location¶
Most installations of Elasticsearch have the default config location at /etc/elasticsearch/
The default location depends on whether or not the installation is from an archive distribution (tar.gz or zip) or a package distribution (Debian or RPM packages).
For more info on Elasticsearch configuration please read Configuring Elasticsearch
Other default locations¶
Depending on the installation method the default location for Elasticsearch configuration and binary files can change.
-
Tarball Installation
-
Debian Package
-
RPM Package
Enable security features¶
Enabling the Elasticsearch security features enables basic authentication so that you can run a local cluster with username and password authentication.
This is part of the basic Elasticsearch licence, security is disabled by default on all Elasticsearch installs.
Edit /etc/elasticsearch/elasticsearch.yml and add/update the following line
xpack.security.enabled: true
Set passwords for default elastic built-in user¶
In the Elasticsearch home folder run the following commands to setup the default passwords.
Please only run one of the commands.
The below example will create a random secure password for the elastic user.
<DEFAULT LOCATION>/bin/elasticsearch-reset-password -u elastic
If you want to set the password using your own password, run the command with the interactive (-i) parameter. The example will set a self-assigned password for the elastic built-in user.
<DEFAULT LOCATION>/bin/elasticsearch-reset-password -i -u elastic
Create a dedicated role for AxonOps¶
The permissions required in Elasticsearch for the AxonOps Role should be as follows:
Cluster privileges: monitor, manage_index_templates
Index privileges: auto_configure, manage, read, view_index_metadata, write
You can specify the indices that the role is applied to as follows:
- orgs
- orgname_*
orgname is the organisation name that is set in your AxonOps server and agent config files
