Installing X-Pack in Elasticsearch

Installing X-Pack in Elasticsearch

After you install Elasticsearch, you can optionally obtain and install X-Pack. For more information about how to obtain X-Pack, see https://www.elastic.co/products/x-pack.

You must run the version of X-Pack that matches the version of Elasticsearch you are running. See the Elastic Support Matrix for more information about product compatibility.

If you are installing X-Pack for the first time on an existing cluster, you must perform a full cluster restart. Installing X-Pack enables security and security must be enabled on ALL nodes in a cluster for the cluster to operate correctly. When upgrading you can usually perform a rolling upgrade.

The following diagram provides an overview of the steps that are required to set up X-Pack on Elasticsearch:

Installation overview on Elasticsearch

To install X-Pack in Elasticsearch:

  1. Optional: If you want to install X-Pack on a machine that doesn’t have internet access:

    1. Manually download the X-Pack zip file: https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-6.1.4.zip (sha512)

      The plugins for Elasticsearch, Kibana, and Logstash are included in the same zip file. If you have already downloaded this file to install X-Pack on one of those other products, you can reuse the same file.

    2. Transfer the zip file to a temporary directory on the offline machine. (Do NOT put the file in the Elasticsearch plugins directory.)
  2. Run bin/elasticsearch-plugin install from ES_HOME on each node in your cluster:

    bin/elasticsearch-plugin install x-pack

    If you are using a DEB/RPM distribution of Elasticsearch, run the installation with superuser permissions.

    The plugin install scripts require direct internet access to download and install X-Pack. If your server doesn’t have internet access, specify the location of the X-Pack zip file that you downloaded to a temporary directory.

    bin/elasticsearch-plugin install file:///path/to/file/x-pack-6.1.4.zip

    You must specify an absolute path to the zip file after the file:// protocol.

  3. Confirm that you want to grant X-Pack additional permissions.

    Specify the --batch option when running the install command to automatically grant these permissions and bypass these install prompts.

    1. X-Pack needs these permissions to set the threat context loader during install so Watcher can send email notifications.

      @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
      @     WARNING: plugin requires additional permissions     @
      @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
      * java.lang.RuntimePermission accessClassInPackage.com.sun.activation.registries
      * java.lang.RuntimePermission getClassLoader
      * java.lang.RuntimePermission setContextClassLoader
      * java.lang.RuntimePermission setFactory
      * java.security.SecurityPermission createPolicy.JavaPolicy
      * java.security.SecurityPermission getPolicy
      * java.security.SecurityPermission putProviderProperty.BC
      * java.security.SecurityPermission setPolicy
      * java.util.PropertyPermission * read,write
      * java.util.PropertyPermission sun.nio.ch.bugLevel write
      * javax.net.ssl.SSLPermission setHostnameVerifier
      See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
      for descriptions of what these permissions allow and the associated risks.
      
      Continue with installation? [y/N]y
    2. X-Pack requires permissions to enable Elasticsearch to launch the machine learning analytical engine. The native controller ensures that the launched process is a valid machine learning component. Once launched, communications between the machine learning processes and Elasticsearch are limited to the operating system user that Elasticsearch runs as.

      @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
      @        WARNING: plugin forks a native controller        @
      @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
      This plugin launches a native controller that is not subject to
      the Java security manager nor to system call filters.
      
      Continue with installation? [y/N]y
  4. X-Pack will try to automatically create a number of indices within Elasticsearch. By default, Elasticsearch is configured to allow automatic index creation, and no additional steps are required. However, if you have disabled automatic index creation in Elasticsearch, you must configure action.auto_create_index in elasticsearch.yml to allow X-Pack to create the following indices:

    action.auto_create_index: .security,.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*

    If you are using Logstash or Beats then you will most likely require additional index names in your action.auto_create_index setting, and the exact value will depend on your local configuration. If you are unsure of the correct value for your environment, you may consider setting the value to * which will allow automatic creation of all indices.

  5. Configure Transport Layer Security (TLS/SSL).

    If you have a non-trial license and you want to use X-Pack security, you must configure TLS for internode-communication.

    This requirement applies to clusters with more than one node and to clusters with a single node that listens on an external interface. Single-node clusters that use a loopback interface do not have this requirement. For more information, see Encrypting Communications.

  6. Start Elasticsearch.

    bin/elasticsearch
  7. Set the passwords for all built-in users. The setup-passwords command is the simplest method to set the built-in users' passwords for the first time.

    For example, you can run the command in an "interactive" mode, which prompts you to enter new passwords for the elastic, kibana, and logstash_system users:

    bin/x-pack/setup-passwords interactive

    For more information about the command options, see setup-passwords.

    The setup-passwords command uses a transient bootstrap password that is no longer valid after the command runs successfully. You cannot run the setup-passwords command a second time. Instead, you can update passwords from the Management > Users UI in Kibana or use the security user API.

    For more information, see Setting Built-in User Passwords.

  8. Optional: Configure the Java Client.
  9. Install X-Pack on Kibana.
  10. Install X-Pack on Logstash.

Installing X-Pack on a DEB/RPM Package Installation

If you use the DEB/RPM packages to install Elasticsearch, by default Elasticsearch is installed in /usr/share/elasticsearch and the configuration files are stored in /etc/elasticsearch. (For the complete list of default paths, see Debian Directory Layout and RPM Directory Layout in the Elasticsearch Reference.)

To install X-Pack on a DEB/RPM package installation, you need to run bin/plugin install from the /usr/share/elasticsearch directory with superuser permissions:

cd /usr/share/elasticsearch
sudo bin/elasticsearch-plugin install x-pack

If the configuration files are not in /etc/elasticsearch you need to specify the location of the configuration files by setting the environment variable ES_PATH_CONF via ES_PATH_CONF=<path>.