29

I have a Rails app that uses Searchkick and after updating my gems and yarn, I'm getting this Elasticsearch warning"

warning: 299 Elasticsearch-7.13.1-9a7758028e4ea59bcab41c12004603c5a7dd84a9 "Elasticsearch built-in security features are not enabled. Without authentication, your cluster could be accessible to anyone. See https://www.elastic.co/guide/en/elasticsearch/reference/7.13/security-minimal-setup.html to enable security."

I tried following the instructions at the webpage mentioned, but I'm getting stuck at the run the elasticsearch-setup-passwords utility step. I can't find this script anywhere.

I'm currently on an M1 Mac, but running terminal with Rosetta, so homebrew was installed with Rosetta.

This is just for my development machine, so it doesn't seem like security is that important and previous versions of Elasticsearch installed with Homebrew did not display this warning.

Here's what I'm running now:

  • ruby 3.0.0p0
  • Rails 6.1.3.2
  • Elasticsearch 7.10.2 (but for some reason this error references 7.13.1 ??) I installed it with homebrew using brew install Elasticsearch && brew services start elasticsearch)
  • searchkick (4.5.0)

Is there a way to ignore this message? Or how do I fix this? It's so large in my console that I can't read my tests.

Lee McAlilly
  • 9,084
  • 12
  • 60
  • 94
  • according to the tutorial, his script should be in `bin/elasticsearch-setup-passwords` have you checked there? – beniutek Jun 18 '21 at 23:40
  • Yes, I don't have elasticsearch-setup-passwords in this directory. Followed the path here (https://www.elastic.co/guide/en/elasticsearch/reference/current/brew.html) and there is no "elasticsearch-setup-passwords" script. – Lee McAlilly Jun 21 '21 at 20:27
  • 1
    Ok the reason `bin/elasticsearch-setup-passwords` wasn't available is I ran `brew install elasticsearch` (per the Searchkick gem docs), when I should have run `brew install elasticsearch-full` to install `elasticsearch-full`. More on that here: https://www.elastic.co/guide/en/elasticsearch/reference/current/brew.html – Lee McAlilly Jun 21 '21 at 21:11

3 Answers3

53

This warning is shown because you have the security plugin enabled but not configurated.

If you don't want security you can disable xpack and it should do the trick

simply add this line in your configuration elasticsearch.yml :

xpack.security.enabled: false

UPDATE: to check the location of the elasticsearch.yml file in your Mac, run brew info elasticsearch and it will be located inside the config folder displayed.

sandre89
  • 5,218
  • 2
  • 43
  • 64
Luc E
  • 1,204
  • 8
  • 16
  • 1
    This is what I thought would work and I had already tried this to no avail. I did this in the elasticsearch.yml file at /usr/local/etc/elasticsearch per this doc -> https://www.elastic.co/guide/en/elasticsearch/reference/current/brew.html – Lee McAlilly Jun 21 '21 at 20:22
  • 7
    Update: This worked to fix it after I installed `elasticsearch-full` with homebrew instead of `elasticsearch`. First I ran `brew install elasticsearch-full`, then added the `xpack.security.enabled: false` line to `/usr/local/etc/elasticsearch/elasticsearch.yml`, then ran `brew services restart elasticsearch-full`. – Lee McAlilly Jun 21 '21 at 21:13
  • 4
    For my M1 Mac the folder was in a slightly different location `opt/homebrew/etc/elasticsearch` – rmaspero Feb 08 '22 at 14:38
12

Adding to @luc-e answer. If you have Elastic installed as Docker container, then you should do the following:

docker exec -it <container_id> bash
cd /usr/share/elasticsearch/config
echo "xpack.security.enabled: false" >> elasticsearch.yml

and restart your container

afrish
  • 3,167
  • 4
  • 30
  • 38
5

For development with docker where you don't care about security, you can disable this warning via environment variables:

docker-compose.yml

version: '3'

services:
  elasticsearch:
    image: blacktop/elasticsearch:7.17
    environment:
      - xpack.security.enabled=false
thisismydesign
  • 21,553
  • 9
  • 123
  • 126