Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better visibility for security auto-configuration information on startup #82364

Closed
jkakavas opened this issue Jan 10, 2022 · 2 comments
Closed

Better visibility for security auto-configuration information on startup #82364

jkakavas opened this issue Jan 10, 2022 · 2 comments
Labels
>bug :Security/Security Security issues without another label Team:Security Meta label for security team v8.0.0-rc2

Comments

@jkakavas
Copy link
Member

We have received feedback from early adopters and internal users that the output of the security auto-configuration on startup is easy to miss and we have decided to make certain changes to alleviate that.

We introduced jansi recently in order to be able to check whether or not a terminal is attached when elasticsearch starts so that we can decide to print auto-configuration information or not.

We should take advantage of the features in order to make the auto-configuration information more prominent and easy to spot in the console by adding :

  • a little bit of coloring ( We have agreed to keep this minimal and use colors that should look ok in both light and dark backgrounds )
  • Formatting ( certain words or sentences can be bold )
  • Tweak wording: @bytebilly has some very nice suggestions tracked separately in a Gdoc

Irrespective to jAnsi features, we could possibly attempt to print some unicode symbols ( i.e. green check mark U+2705 etc. )

A visual representation of how this could look like:

✔️ Elasticsearch security features have been automatically configured!
✔️ Authentication is enabled and cluster connections are encrypted.

  • Password for the elastic user (reset with bin/elasticsearch-reset-password -u elastic):
    GpmUBuZ_h1mXwzQSxD*a

  • HTTP CA certificate SHA-256 fingerprint:
    ba52842c34885ca68746fcb017e8c3e51af510de988815cae5a512b13129a985

ℹ️ Configure Kibana to use this cluster:

  • Run Kibana and click the configuration link in the terminal when Kibana starts.

  • Copy the following enrollment token and paste it into Kibana in your browser (valid for the next 30 minutes):
    eyJ2ZXIiOiI4LjAuMCIsImFkciI6WyIxMC4xNzIuMC4xOTo5MjAwIl0sImZnciI6ImJhNTI4NDJjMzQ4ODVjYTY4NzQ2ZmNiMDE3ZThjM2U1MWFmNTEwZGU5ODg4MTVjYWU1YTUxMmIxMzEyOWE5ODUiLCJrZXkiOiJSQXhyTFgwQmFSUldtLTlhSmJsXzpRYU0tdWZDSFM1dWlfUy1rbHBsTGl3In0=

ℹ️ Configure other nodes to join this cluster:

  • On this node:

    • Create an enrollment token with 'bin/elasticsearch-create-enrollment-token -s node'.
    • Uncomment the ‘transport.host’ setting at the end of ‘config/elasticsearch.yml’.
    • Restart Elasticsearch.

  • On the other node:

    • Start Elasticsearch on other nodes with ‘bin/elasticsearch --enrollment-token ’, using the enrollment token that you generated.
@jkakavas jkakavas added >bug :Security/Security Security issues without another label v8.0.0 labels Jan 10, 2022
@elasticmachine elasticmachine added the Team:Security Meta label for security team label Jan 10, 2022
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

This was referenced Jan 13, 2022
Merged
Merged
@jkakavas
Copy link
Member Author

resolved by #82740

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
>bug :Security/Security Security issues without another label Team:Security Meta label for security team v8.0.0-rc2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pugnascotia @jkakavas @elasticmachine