Cross Cluster Search and Security

Cross Cluster Search enables federated search across multiple clusters. When using cross cluster search with secured clusters, all clusters must have X-Pack security enabled.

When using SSL/TLS, the local cluster (the cluster used to initiate cross cluster search) must be allowed to connect to the remote clusters, which means that the CA used to sign the SSL/TLS key of the local cluster must be trusted by the remote clusters.

User authentication is performed on the local cluster and the user and user’s roles are passed to the remote clusters. A remote cluster checks the user’s roles against its local role definitions to determine which indices the user is allowed to access.

To use cross cluster search with secured clusters:

  • Install X-Pack on every node in each connected cluster.
  • Enable encryption globally. To encrypt communications, you must enable enable SSL/TLS on every node.

    Important

    If you are using message authentication, all of the connected clusters must share the same system key. X-Pack security reads the system key from CONFIG_DIR/x-pack/system_key.

  • Enable a trust relationship between the cluster used for performing cross cluster search (the local cluster) and all remote clusters. This can be done either by:

  • Configure the local cluster to connect to remote clusters as described in Configuring Cross Cluster Search. For example, the following configuration adds two remote clusters to the local cluster:

    PUT _cluster/settings
    {
      "persistent": {
        "search": {
          "remote": {
            "cluster_one": {
              "seeds": [ "10.0.1.1:9300" ]
            },
            "cluster_two": {
              "seeds": [ "10.0.2.1:9300" ]
            }
          }
        }
      }
    }
  • On the local cluster, ensure that users are assigned to (at least) one role that exists on the remote clusters. On the remote clusters, use that role to define which indices the user may access. (See Configuring Role-based Access Control).

Example Configuration of Cross Cluster Search

In the following example, we will configure the user alice to have permissions to search any index starting with logs- in cluster two from cluster one.

First, enable cluster one to perform cross cluster search on remote cluster two by running the following request as the superuser on cluster one:

PUT _cluster_settings
{
  "persistent": {
    "search.remote.two.seeds": [ "10.0.2.1:9300" ]
  }
}

Next, set up a role called cluster_two_logs on both cluster one and cluster two.

On cluster one, this role allows the user to query indices called logs- on cluster two:

POST /_xpack/security/role/cluster_two_logs
{
  "indices": [
    {
      "names": [
        "two:logs-*"
      ],
      "privileges": [
        "read"
      ]
    }
  ]
}

On cluster two, this role allows the user to query local indices called logs- from a remote cluster:

POST /_xpack/security/role/cluster_two_logs
{
  "cluster": [
    "transport_client"
  ],
  "indices": [
    {
      "names": [
        "two:logs-*", 
        "logs-*" 
      ],
      "privileges": [
        "read",
        "read_cross_cluster",
        "manage"
      ]
    }
  ]
}

The index pattern needs to be specified with and without the cluster alias.

Finally, create a user on cluster one and apply the cluster_two_logs role:

POST /_xpack/security/user/alice
{
  "password" : "somepassword",
  "roles" : [ "cluster_two_logs" ],
  "full_name" : "Alice",
  "email" : "alice@example.com",
  "enabled": true
}

With all of the above setup, the user alice is able to search indices in cluster two as follows:

GET two:logs-*/_search
{
  "query": {
    "match_all": {}
  }
}