Home

Enable authentication for the Unravel Elastic daemon

Important

You must have v4.5.1.0 in order to enable authentication. The auth plugin does not get installed as part of the rpm install.

  1. Login to your Unravel host.

  2. Execute bin/elasticsearch-plugin to install the ES auth plugin.

    cd /usr/local/unravel/elasticsearch/
    bin/elasticsearch-plugin install -b file:ZIP_FILE_NAME

    Example using the current location of the auth-plugin zip file.

    sudo /usr/local/unravel/elasticsearch/bin/elasticsearch-plugin install 
    -b 
    file:///usr/local/unravel/es-auth-plugin/unravel-es-auth-plugin_4.5.1.0rc0169-1.0.zip
  3. Generate an encrypted password using /usr/local/unravel/install_bin/pw_encrypt.sh.

    /usr/local/unravel/install_bin/pw_encrypt.sh

    Example output:

    ENC(Hsmrxf1LGHNzpqKHxV/2rw==)
  4. Add com.unraveldata.es.rest.password to /usr/local/unravel/etc/unravel.properties. Set it to the password you just generated (just the string without the parentheses).

    com.unraveldata.es.rest.password=ENCRYPTED_PASSWORD

    Example:

    com.unraveldata.es.rest.password=Hsmrxf1LGHNzpqKHxV/2rw==
  5. Check that the Unravel auth plugin is installed.

    curl "http://localhost:4171/_cat/plugins"
    curl -H "Authorization:UnravelDataBasic Hsmrxf1LGHNzpqKHxV/2rw==" "http://localhost:4171/_cat/plugins"
    
    unravel_s_1 UnravelDataAuth 4.5.1.0rc0169
  6. Restart all daemons.

    /etc/init.d/unravel_all.sh restart
  7. To verify the com.unraveldata.es.rest.password is correctly set, curl to internal elastic search with the wrong password. You should receive a response of not authorized.

    Example:

    curl -H "Authorization:UnravelDataBasic 3I3EbODrX4LyJr/metiJKQ==" "http://localhost:4171/_cat/“
    not authorized
  8. curl to internal elastic search with the correct password.

    Example:

    curl -H "Authorization:UnravelDataBasic Hsmrxf1LGHNzpqKHxV/2rw==" "http://localhost:4171/_cat/“
    =^.^=
    /_cat/allocation
    /_cat/shards
    /_cat/shards/{index}
    /_cat/master
    /_cat/nodes
    /_cat/tasks
    /_cat/indices
    /_cat/indices/{index}
    /_cat/segments
    /_cat/segments/{index}
    /_cat/count
    /_cat/count/{index}
    /_cat/recovery
    /_cat/recovery/{index}
    /_cat/health
    /_cat/pending_tasks
    /_cat/aliases
    /_cat/aliases/{alias}
    /_cat/thread_pool
    /_cat/thread_pool/{thread_pools}
    /_cat/plugins
    /_cat/fielddata
    /_cat/fielddata/{fields}
    /_cat/nodeattrs
    /_cat/repositories
    /_cat/snapshots/{repository}
    /_cat/templates
    
  9. If you do not see output similar to above verify:

    • The password is correct.

    • The call was properly formed.

    If necessary, repeat steps 1-8.

Testing
  1. Try steps 7 and 8 with the following endpoints to make sure it is working as expected.

    • curl "localhost:4171/_cat/shards"

    • curl "localhost:4171/_cluster/health?pretty"

    • curl "localhost:4171/_nodes/stats?pretty"

  2. Run an app and see if it appears in the UI.