Enabling Authentication in Elasticsearch

Why do you need to enable authentication?

By default, Elasticsearch doesn’t have authentication enabled. Typically, the Elasticsearch and Zephyr servers work in the same local network, and the connection between them is not “visible” outside that network.

You may need to turn on authentication in Elasticsearch, if your local security policy requires this, or if your Elasticsearch server can be accessed from the Web. Generally speaking, it is considered to be good practice to do this to increase the security level.

Supported Elasticsearch version

Use Elasticsearch version 7.9.2. You can download it from the Elasticsearch website:

https://www.elastic.co/downloads/past-releases/elasticsearch-7-9-2

1. Install and configure Elasticsearch

You can enable Elasticsearch authentication at any time after installing Zephyr Enterprise Server.

To enable authentication, you will have to restart the Zephyr server. So, select the appropriate time for this not to affect other users or automated test runs.

The configuration steps vary a little depending on the server operating system: Windows or Linux. See below for details.

  1. Download Elasticsearch and unpack the downloaded .zip archive.

  2. Find the <Elasticsearch>/config/elasticsearch.yml file and set the xpack.security.enabled setting in it to true (by default, this setting is false):

    xpack.security.enabled: true

    Configure the other settings in the file as described in Install and Run Elasticsearch.

  3. Now we will generate a certificate and user passwords.

1. Open the Command Line window using the “Run as Administrator” command and navigate to the <Elasticsearch>/bin folder.
2. To generate a security certificate for the nodes, run the following command:
elasticsearch-certutil ca
You will be asked to create a password for the certificate and a key. Enter the desired password or press Enter to leave the password blank.

3. Now, run the following command. It will create security certificates and will save them to the <Elasticsearch>/bin folder:
elasticsearch-certutil cert --ca elastic-stack-ca.p12
You will be asked to create a password for the certificates and a key. Enter the desired password or press Enter to leave the password blank.

4. Create the <Elasticsearch>/config/certs folder and put the certificate files to this folder.

5. Open the <Elasticsearch>/config/elasticsearch.yml file and add the following settings to it:

xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: <path>/certs/elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: <path>/certs/elastic-certificates.p12

Enter the fully-qualified names of the certificate files.

6. Start Elasticsearch.

7. Now we will generate user passwords. Open the Command Line window using the “Run as Administrator” command and navigate to the <Elasticsearch>/bin folder.
8. Run the following command to set a user password:
elasticsearch-setup-passwords interactive
You will be asked to enter a password for all built-in users. Enter a password for each user.
9. Check that Elasticsearch is up and running:
- In the address bar of your web browser, enter the Elasticsearch IP address and port number (for example, http://localhost:9200). The page will ask for a user name and password.
- Enter the username and password. If Elasticsearch is up, the next page will show its version.

1. Start the terminal and navigate to the <Elasticsearch>/bin directory.
2. To generate security certificates, run the following command:
./elasticsearch-certutil ca
You will be asked to create a password for the certificate and a key. Enter the desired password or press Enter to leave the password blank.
3. Now, run the following command. It will create security certificates and will save them to the <Elasticsearch>/bin folder:
./elasticsearch-certutil cert --ca elastic-stack-ca.p12
You will be asked to create a password for the certificates and a key. Enter the desired password or press Enter to leave the password blank.
4. Create the <Elasticsearch>/config/certs folder and put the certificate files to this folder.
5. Open the <Elasticsearch>/config/elasticsearch.yml file and add the following settings to it:

xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: <path>/certs/elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: <path>/certs/elastic-certificates.p12

Enter the fully-qualified names of the certificate files.

6. Start Elasticsearch.
7. Now we will generate user passwords. Start the terminal and navigate to the <Elasticsearch>/bin directory.
8. Run the following command to set a user password:
./elasticsearch-setup-passwords interactive
You will be asked to enter a password for all built-in users. Enter a password for each user.
9. Check that Elasticsearch is up and running:

  • In the address bar of your web browser, enter the Elasticsearch IP address and port number (for example, http://localhost:9200). The page will ask for a username and password

  • Enter the username and password. If Elasticsearch is up, the next page will show its version.

2. Configure Zephyr instance

After you install and configure Elasticsearch, you need to configure your Zephyr instance:

  1. Stop the Zephyr service and Elasticsearch if they are is running.

  2. Open the <Zephyr>/tomcat/webapps/flex/WEB-INF/classes/jdbc.properties file in any text editor and add the following line to it:

    elastic.rest.prop.xpack.security.user = username:password
    Note: Use the username and password of your Elasticsearch server you configured earlier.

3. Start Elasticsearch.
4. Restart the Zephyr service.

See Also

Zephyr On-Premise Production Installation
Zephyr On-Premise Upgrade Instructions
Install & Run Elasticsearch