If you think it is a bug report or you have a technical issue, please answer the following questions. For general questions, you can delete these questions.
Elasticsearch version: 7.17.3
Server OS version: Windows 2019
Kibana version (if relevant): 7.17.3
Browser version (if relevant):
Browser OS version (if relevant):
Describe the issue: I want to create users in Search guard, so they can login to the Kibana. I am trying to do it via the command
./sgctl.sh add-user-local jdoe --search-guard-roles SGS_KIBANA_USER --password -o /path/to/a/local/sg_internal_users.yml
Is this the correct command... do i need to specify the roles some where and the password will be given after running this command
Steps to reproduce:
1.
2.
3.
Expected behavior:
Provide configuration:
elasticsearch/config/elasticsearch.yml
elasticsearch/plugins/search-guard-7/sgconfig/sg_config.yml
kibana/config/kibana.yml (if relevant)
I have installed the SG 53.1.0 , where i have only SG Admin in tools. I dont have the SGCTL.sh or sgctl.bat file. Can i download it and use it… will it impact my existing SG Cluster
If you install the Search Guard FLX version, you can use “sgctl.sh”. But if you install the Search Guard Classic version, then you have to use the regular “sgadmin.sh” tool.
After making changes to the sg_roles_mapping.yml file, you should upload the changes to the cluster.
For Search Guard FLX, you can do it by executing the command:
./sgctl.sh update-config path/to/config/dir/
For Search Guard Classic, you can do it by executing the script:
./load_config.sh
According to Search Guard documentation, the command will ask you to enter a password. Alternatively, you can specify the password after the --password switch. If the file specified by the -o switch does not exist, it is automatically created. If it already exists, the entry will be appended. Here you can find more information:
I am using Search guard classic. So if i edit the sg_roles_mapping.yml file , do i need to stop the SG Cluster …?
Or without stopping the cluster can i do the edit the file and load it to the cluster.
In classic, do i need to use the Hash password for generating the credentials for the users.
Sorry to reply you late. I just want to know , there are 3 ELastic servers in my cluster and SC is installed in all the 3 servers.
I see in all the 3 servers i see the sg_internal_users.ml , so should I be adding the users in all the sg_internal_users.yml file or just one ELK Server
You don’t need to add users to all sg_internal_users.yml files. You can add users to the sg_internal_users.yml file on one of the nodes. After that, you should apply your changes via the sgadmin tool.