Skip to content

Nodes without security explicitly enabled cannot join cluster with security enabled. #31332

New issue
New issue
Closed
Closed
Nodes without security explicitly enabled cannot join cluster with security enabled.#31332
Assignees
tvernumjaymode
Labels
:Distributed Indexing/DistributedA catch all label for anything in the Distributed Indexing Area. Please avoid if you can.:Security/AuthenticationLogging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc)>bugv6.3.0
@tvernum

Description

@tvernum
tvernum
opened on Jun 14, 2018

This seems to be caused by the change to made security disabled by default on trial licenses.

If a node does not set xpack.security.enabled in the config, and tries to join a cluster, it doesn't know what type of license its supposed to be using, and seems to be acting as if its on a trial license with security disabled.

This means that SecurityServerTransportInterceptor.interceptSender().AsyncSender.sendRequest() does not intercept the request, and does not set the system-user context for outgoing requests.

Since the requests do not have an authentication header attached to their context, the remote node rejects the initial handshake, and the new node cannot join.

Metadata

Metadata

Assignees

Labels

:Distributed Indexing/DistributedA catch all label for anything in the Distributed Indexing Area. Please avoid if you can.:Security/AuthenticationLogging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc)>bugv6.3.0

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions