Skip to main content

Create Users and Roles with X-Pack Security

Hands-On Lab

 

Photo of Myles Young

Myles Young

BigData Training Architect II in Content

Length

01:30:00

Difficulty

Advanced

To enforce data confidentiality and maintain user accessibility with Elasticsearch, we need to know how to create custom roles and users. In this hands-on lab, you will complete the following tasks on a single-node Elasticsearch cluster using either Kibana or curl on the command line: Install X-Pack on Elasticsearch Set built-in user passwords Install and configure X-Pack on Kibana (optional) Create a custom role * Create a user

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Create Users and Roles with X-Pack Security

Introduction

To enforce data confidentiality and maintain user accessibility with Elasticsearch, we need to know how to create custom roles and users. In this hands-on lab, you will complete the following tasks on a single-node Elasticsearch cluster using either Kibana or curl on the command line:

  • Install X-Pack on Elasticsearch
  • Set built-in user passwords
  • Install and configure X-Pack on Kibana (optional)
  • Create a custom role
  • Create a user

Solution

Install X-Pack for Elasticsearch and start Elasticsearch as a background daemon

Log In

  1. Using the Secure Shell (SSH), log in to Node 1 as cloud_user via the public IP address.
  2. Become the elastic user with:

    sudo su - elastic

Install X-Pack

  1. Change directory to the Elasticsearch installation path.

    cd /home/elastic/elasticsearch
  2. Install X-Pack with:

    ./bin/elasticsearch-plugin install file:///home/elastic/x-pack.zip
  3. Grant additional permissions for X-Pack at the prompts by typing Y and pressing Enter.

Start Elasticsearch

  1. Start Elasticsearch as a background daemon and record the PID to a file.

    ./bin/elasticsearch -d -p pid

Use the X-Pack setup-passwords utility to set built-in user passwords

Set Built-In User Passwords

  1. Set the built-in user passwords using the setup-passwords utility.

    ./bin/x-pack/setup-passwords interactive
  2. Use the following passwords:

    User: elastic
    Password: elastic
    
    User: kibana
    Password: kibana
    
    User: logstash_system
    Password: logstash_system

OPTIONAL: Install X-Pack for Kibana and start Kibana

NOTE: This task only needs to be performed if you're using the Kibana UI to interact with Elasticsearch.

Install X-Pack

  1. Change directory to the Kibana installation path.

    cd /home/elastic/kibana
  2. Install X-Pack with:

    ./bin/kibana-plugin install file:///home/elastic/x-pack.zip

NOTE: This may take some time to complete as Kibana builds the necessary caches.

Update the Kibana Configuration

  1. In /home/elastic/kibana/config/kibana.yml, change the lines:

    #elasticsearch.username: "user"
    #elasticsearch.password: "pass"

    to

    elasticsearch.username: "kibana"
    elasticsearch.password: "kibana"

Start Kibana

  1. Start Kibana in the foreground.

    ./bin/kibana

Set Up a Remote Tunnel

  1. Open a new terminal window and use SSH to log in to node1 as cloud_user with port forwarding.

    ssh cloud_user@your_public_ip -L 5601:localhost:5601
  2. Now you can access Kibana in your local web browser at http://localhost:5601.

Create the custom role and user

Option 1: Kibana Management Interface

Open the Kibana Management Interface

  1. In your local web browser, go to http://localhost:5601.
  2. Log in using the username elastic and the password elastic.
  3. In Kibana, navigate to the Management UI in the side navigation bar.

Create the Role

  1. In the Security section of the UI, click on Roles.
  2. Click the Create Role button.
  3. Create the custom role according to the instructions and then click Save.
    • Name: test_role_read
    • Indices: sample-*
    • Privileges: read

Create the User

  1. In the Security section of the UI, click on Users.
  2. Click the Create User button.
  3. Create the custom user according to the instructions and then click Save.
    • Username: terry
    • Password: tearbear123
    • Full Name: Terry Cox
    • Email: terry@company.com
    • Roles: kibana_user and test_role_read

Option 2: Kibana Console

Open the Kibana Console Tool

  1. In your local web browser, go to http://localhost:5601.
  2. In Kibana, navigate to Dev Tools in the side navigation bar.
  3. Select the Console tool (it should be the default tool that loads).

Create the Role

  1. To create the role, use the Console to send the following request to Elasticsearch:

    POST /_xpack/security/role/test_role_read
    {
      "indices": [
        {
          "names": [ "sample-*" ],
          "privileges": [ "read" ]
        }
      ]
    }

Create the User

  1. To create the user, use the Console to send the following request to Elasticsearch:

    POST /_xpack/security/user/terry
    {
      "roles": ["kibana_user","test_role_read"],
      "full_name": "Terry Cox",
      "email": "terry@company.com",
      "password": "tearbear123"
    }

Option 3: Command Line curl

Create the Role

  1. To create the role, use curl to send the following request to Elasticsearch:

    curl -u elastic -XPOST "http://localhost:9200/_xpack/security/role/test_role_read" -H 'Content-Type: application/json' -d'
    {
      "indices": [
        {
          "names": [ "sample-*" ],
          "privileges": [ "read" ]
        }
      ]
    }'

Create the User

  1. To create the user, use curl to send the following request to Elasticsearch:

    curl -u elastic -XPOST "http://localhost:9200/_xpack/security/user/terry" -H 'Content-Type: application/json' -d'
    {
      "roles": ["kibana_user","test_role_read"],
      "full_name": "Terry Cox",
      "email": "terry@company.com",
      "password": "tearbear123"
    }'

Conclusion

Congratulations — you've completed this hands-on lab!