kibana w/ saml, tribe nodes, multisearch
26 views
Skip to first unread message
erik clark
Sep 24, 2018, 10:57:59 AM9/24/18
to Search Guard Community Forum
I need to have SAML auth on exactly one host, and have multiple clusters I need to search, assumably as tribe nodes. How exactly is this possible? Purchasing hundreds of searchguard licenses doesnt make much sense when I really have only one host that needs the auth mechanism.
* Search Guard and Elasticsearch version
* Installed and used enterprise modules, if any
* JVM version and operating system version
* Search Guard configuration files
* Elasticsearch log messages on debug level
* Other installed Elasticsearch or Kibana plugins, if any
SG
Sep 24, 2018, 4:24:42 PM9/24/18
to search...@googlegroups.com
You only need a license per cluster (not per node). How many clusters do you have?
(Please keep in mind that the tribe node is deprecated since 5.4.0 in favor of cross cluster search and will be removed as of ES 7)
> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/4a1cd85b-321e-4565-8f5a-9e6e471987b0%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
(Please keep in mind that the tribe node is deprecated since 5.4.0 in favor of cross cluster search and will be removed as of ES 7)
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/4a1cd85b-321e-4565-8f5a-9e6e471987b0%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
erik clark
Sep 25, 2018, 9:21:29 AM9/25/18
to Search Guard Community Forum
We would have 10 clusters or so, possibly as many as 15. The only part we care about is a single pane of glass visibility into all the clusters, protected at a single point with SAML auth.
SG
Sep 25, 2018, 3:09:00 PM9/25/18
to search...@googlegroups.com
It's not a setup which is tested (or currently supported) by us but you can try:
- Setup one cluster with sg enterprise and configured saml auth as the tribe node/ccs node
- Setup all other clusters with the community version of sg
Check also https://docs.search-guard.com/latest/cross-cluster-tribe#tribe-nodes and https://docs.search-guard.com/latest/cross-cluster-tribe#cross-cluster-search-support
Please report back your experiences and/or issues.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/c9494bde-322d-4b7e-9fad-ebbec71aae57%40googlegroups.com.
- Setup one cluster with sg enterprise and configured saml auth as the tribe node/ccs node
- Setup all other clusters with the community version of sg
Check also https://docs.search-guard.com/latest/cross-cluster-tribe#tribe-nodes and https://docs.search-guard.com/latest/cross-cluster-tribe#cross-cluster-search-support
Please report back your experiences and/or issues.
Reply all
Reply to author
Forward
0 new messages