Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Breaking change] kibana user removed and replaced by kibana_system #81680

Open
kobelb opened this issue Oct 26, 2020 · 4 comments
Open

[Breaking change] kibana user removed and replaced by kibana_system #81680

kobelb opened this issue Oct 26, 2020 · 4 comments
Labels
Breaking Change loe:medium Medium Level of Effort NeededFor:Security Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!

Comments

@kobelb
Copy link
Contributor

kobelb commented Oct 26, 2020
edited by jportner
Loading

Change description

Which release will ship the breaking change?

8.0 (Edit Joe 9/1/21: this is deprecated but we are not yet sure when we will remove it)

Describe the change. How will it manifest to users?

The kibana user has been removed, and users should use the kibana_system user instead. Instances of Kibana that are configured to use the kibana will not be able to start-up.

(Edit Joe 9/7/21: we should encourage users to use a service account token instead, if possible. Need to find out if this can be done when accessing Elasticsearch without TLS in 7.16)

How many users will be affected?

I anticipate an overwhelming majority of users will still be using the kibana user. The kibana_system user was only recently added, and unless users are in the habit of reading the Kibana deprecation logs, they're likely unware of this change.

What can users do to address the change manually?

Use Kibana's user management to set the password for the kibana_system user, and update all kibana.yml's to use this username and password for the elasticsearch.username and elasticsearch.password.

How could we make migration easier with the Upgrade Assistant?

There isn't a good way to use the Upgrade Assistant to do so. We don't want the Kibana server to be able to write values to the kibana.yml, nor do we have a way of doing so across every instance of Kibana.

Are there any edge cases?

No

Test Data

Example kibana.yml:

elasticsearch.username: kibana
elasticsearch.password: changeme

Cross links

This is related to #51101.
@kobelb kobelb added Team:Kibana Management Dev Tools, Index Management, Upgrade Assistant, ILM, Ingest Node Pipelines, and more Feature:Upgrade Assistant labels Oct 26, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/es-ui (Team:Elasticsearch UI)

@kobelb kobelb changed the title [Breaking change] Remove kibana user (replaced with kibana_system user) [Breaking change] kibana user removed and replaced by kibana_system user Oct 26, 2020
@kobelb kobelb changed the title [Breaking change] kibana user removed and replaced by kibana_system user [Breaking change] kibana user removed and replaced by kibana_system Oct 26, 2020
@legrego legrego added the Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! label Nov 3, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

@kobelb kobelb mentioned this issue Dec 14, 2020
Closed
@alisonelizabeth
Copy link
Contributor

I'm going to remove the Elasticsearch UI team label. This deprecation should be registered by the plugin owner via the core deprecations service (#94845). All registered deprecations will be displayed in the Upgrade Assistant (to be implemented via #97159). Feel free to reach out to myself or the core team with any questions!

@alisonelizabeth alisonelizabeth removed the Team:Kibana Management Dev Tools, Index Management, Upgrade Assistant, ILM, Ingest Node Pipelines, and more label Apr 19, 2021
@exalate-issue-sync exalate-issue-sync bot added impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. loe:small Small Level of Effort labels Aug 5, 2021
@cjcenizal cjcenizal mentioned this issue Aug 18, 2021
Closed
@jportner
Copy link
Contributor

jportner commented Sep 2, 2021

We have not actually removed the kibana user yet, we are going to keep it around for the foreseeable future. We will leave it in the upgrade assistant as a "warning" to try to steer folks towards changing it, though.

I updated the issue description to clarify that we won't be breaking this in 8.0.

This was referenced Sep 2, 2021
Closed
Closed
@exalate-issue-sync exalate-issue-sync bot added loe:medium Medium Level of Effort and removed loe:small Small Level of Effort labels Sep 29, 2021
@jportner jportner mentioned this issue Sep 29, 2021
Closed
@jportner jportner mentioned this issue Oct 19, 2021
Open
@neptunian neptunian mentioned this issue Mar 24, 2022
Open
@legrego legrego removed EnableJiraSync impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. labels Aug 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Breaking Change loe:medium Medium Level of Effort NeededFor:Security Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@kobelb @legrego @alisonelizabeth @jportner @elasticmachine