How can i add new user into the searchguard's internal users

Hi,
i’m using searchguard 6 and elasticsearch version 6.5.4-24-0.

I’m trying to add new users into the searchguard storage.

For now i tried to add a the following user into the configuration:


cat >> ${ES_PLUGINS_DIR}/search-guard-6/sgconfig/sg_internal_users.yml << 'EOF'

fluentd:

hash: {{ .Values.elasticsearch.sgPasswordHash }}

roles:

- logstash

EOF

After that I start the elasticsearch, but it does not update the indice and the user is not created.

How can i say to the plugin to take the users from that config file and to update his indice from it?

This is not how the Search Guard configuration management works: The actual configuration is not kept in configuration files, but is stored in an Elasticsearch index. This allows for hot configuration reloading in a running cluster and also means you do not need to place any configuration files on your nodes (and keep them in sync):

Generally speaking, there are three approaches:

  1. Using sgadmin

This is a command line tool for uploading configuration files to the Search Guard configuration index. If you have used the Search Guard demo installer, it already created a pre-configured sgadmin_demo.sh script which you can simply execute.

  1. Use the REST API

When using the REST API you need to first configure the Search Guard roles that should have access to it:

You can then use any of the endpoints to change configuration, like adding a user:

  1. Use the Kibana Config GUI

The Config GUI uses the REST API under the hood, but has a graphical interface:

···

On Thursday, March 7, 2019 at 8:42:13 AM UTC+1, k.zhelyazkov@sap.com wrote:

Hi,
i’m using searchguard 6 and elasticsearch version 6.5.4-24-0.

I’m trying to add new users into the searchguard storage.

For now i tried to add a the following user into the configuration:

cat >> ${ES_PLUGINS_DIR}/search-guard-6/sgconfig/sg_internal_users.yml << ‘EOF’

fluentd:

hash: {{ .Values.elasticsearch.sgPasswordHash }}

roles:

  • logstash

EOF

After that I start the elasticsearch, but it does not update the indice and the user is not created.

How can i say to the plugin to take the users from that config file and to update his indice from it?

Hi there @jkressin

What if I deployed in a Kubernetes cluster? How can I access the sgadmin cli tool?

Thank you

@luisarmando , to get access to the sgadmin tool if you run Docker:

  1. List active docker containers
docker ps
  1. Identify a container where Elasticsearch is running
  2. Attach to the container
docker exec -it <container_id> /bin/bash
  1. Find sgadmin
find / -name sgadmin*

Thank you @Sergey_Bondarenko