Using ReadonlyREST security in elasticsearch-oss:7.6.2

synek · July 23, 2020, 2:16pm

Hi,

We are running ELK stack as containers managed by docker-compose as part of our software package.

We seek a free alternative to elastic x-pack. ReadonlyREST seemed like a deal but when I follow the guide here Quick Guide: Setting Up a Local Secured ELK Stack - ReadonlyREST
I am unable to get the plugin for elasticsearch running.

I install the plugin into the elastic container, mount the readonlyrest.yml to /usr/share/elasticsearch/config/readonlyrest.yml, restart the docker-compose but it seems to have no effect (eg. i can curl -vvv “http://localhost:9200/_cat/indices” without auth. error).

Is it because we are using oss version? For example, we cannot set xpack.security.enabled: false as xpack is not present.

coutoPL · July 23, 2020, 3:31pm

Hi @synek

Did you see our demo docker image? GitHub - sscarduzio/ror-docker-demo: All in one ELK + ReadonlyREST Free + ReadonlyREST Enterprise docker container for demo purposes

You should also see in ES logs that ROR starts.

sscarduzio · July 24, 2020, 10:04am

the docker demo comes with the non-OSS stack, and except the disabling of xpack security, should work the very same.

@synek the regular installation process is decribed in the docs

You basically download the zip and install it with bin/elasticsearch-plugin install file://<absolute_path>
Then you add your readonlyrest.yml and you restart ES. Please tell us where exactly you find a problem, i.e. paste some Dockerfile bits maybe.

synek · July 24, 2020, 11:21am

Thanks, for ensuring me it should work.

It started working when I have modified readonlyrest.yml

from (Quick Guide: Setting Up a Local Secured ELK Stack - ReadonlyREST):

 readonlyrest:
    enable: true
    access_control_rules:
    - name: "Basic Authentication to get started with"
      indices: ["*"]
      type: allow
      auth_key: RoRUser:readonlyrest

to (readonlyrest-docs/elasticsearch.md at master · beshu-tech/readonlyrest-docs · GitHub):

readonlyrest:
    access_control_rules:
    - name: "Require HTTP Basic Auth"
      type: allow
      auth_key: user:password

sscarduzio · July 24, 2020, 2:22pm

both configuration seem acceptable for me, maybe something went wrong with the indentation?