Change and apply searchguard configuration in sg_config.yml

Search Guard
#1

Hi,
guys. I cannot find in the documentation how I can change the sg_config.yml for example add new header variable to authentication configuration and apply the changes.

Do i need to restart the cluster? As far as I can see I can also execute the sgadmin tool to init searchguard and apply the config but I do not want to intilize the config over and over again but just update it :).

Is there a way to update searchguard configuration without restarting the cluster and without intializing the searchguard config and users and roles?

Thanks

#2

Ok I found how to do it here: https://docs.search-guard.com/latest/first-steps-user-configuration#uploading-the-changes-to-your-cluster

But then again: When I do the configurations using the Search Guard GUI the changes won’t get reflected to the config files, that means that next time when I run sgadmin I will overwrite all my configurations I’ve done in kibana with the configurations I have done in config files, am I correct?

#3

Search Guard configuration is stored in an Elasticsearch index named searchguard. If you do configuration via UI, the changes go to the index. If you change the searchguard configuration (.yml) files manually and use sgadmin to apply, the changes go to the index, all the changes you did via UI are overwritten.

The recommendation is to configure authentication and authorization, apply it by sgadmin. Then you can proceed to configure other things via UI. Also, you can do updates to the sg_config.yml file later, execute sgadmin and not overwrite the UI. Just execute sgadmin for the sg_config.yml exclusively, for example:


"/Users/user/Development/kibana/dist/elasticsearch-7.7.1/plugins/search-guard-7/tools/sgadmin.sh" -t config -f "/Users/user/Development/kibana/dist/elasticsearch-7.7.1/plugins/search-guard-7/sgconfig/sg_config.yml" -icl -key "/Users/user/Development/kibana/dist/elasticsearch-7.7.1/config/kirk-key.pem" -cert "/Users/user/Development/kibana/dist/elasticsearch-7.7.1/config/kirk.pem" -cacert "/Users/user/Development/kibana/dist/elasticsearch-7.7.1/config/root-ca.pem" -nhnv

If you want to synchronize the configuration you have in the searchguard index and the configuration you have in the sgconfig/*.yml files you can do the following:

  1. Configure via UI. For example, add a user.

  2. When you finished the configuration, download it using REST API, for example, to download all users:

curl -k -u admin:admin -X GET https://localhost:9200/_searchguard/api/internalusers?pretty
  1. Convert JSON response to YAML and put it to the related config file, for example, sgconfig/sg_internal_users.yml.
#4

Amazing, thank you! That’s really helpful !