2019年1月30日,外媒又报道了一起Elasticsearch数据泄露事件!2019年1月份的至少有6起Elasticsearch数据泄露事件了。原因何在,很简单,开发者在服务启动之后总是懒得去修改,哪怕是添加个密码,不信?你去看看你们公司的REDIS服务器,看看有多少设置了密码,至少我公司不相关的部门的业务,他们的REDIS我都能远程登录(因对接关系我知道了redis服务器IP)。
好吧,回到Elasticsearch7.7的密码设置问题上来吧,说说我遇到的Elasticsearch设置账号密码时的矛盾问题,很扯蛋。不过也不要上纲上线,因为这问题肯定是可以解决的,但我在写这篇笔记的时候还没有找到方法,而我又想基于此留下点笔记。操作过程如下:
#1.开始给elasticsearch设置密码 tiger@n21-045-025:/usr/share/elasticsearch$ sudo bin/elasticsearch-setup-passwords interactive It doesn't look like the X-Pack security feature is enabled on this Elasticsearch node. Please check if you have enabled X-Pack security in your elasticsearch.yml configuration file. ERROR: X-Pack Security is disabled by configuration. #提示没有在配置文件中开启X-Pack,OK #2.开启X-Pack配置 tiger@n21-045-025:/opt/elasticsearch$ sudo vim /etc/elasticsearch/elasticsearch.yml http.cors.enabled: true http.cors.allow-origin: "*" #新增加了以下两行配置 xpack.security.enabled: true xpack.security.transport.ssl.enabled: true #3.增加完配置之后要重启elasticsearch不?你说不重启能行吗?不重启就还是没有配置啊。 #重启elasticsearch之后,然后我们再来配置密码 #修改完配置重启es之后使用elasticsearch-setup-passwords interactive tiger@n21-045-025:/usr/share/elasticsearch$ sudo bin/elasticsearch-setup-passwords interactive #Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user. Enter password for [elastic]: Reenter password for [elastic]: Enter password for [apm_system]: Reenter password for [apm_system]: Enter password for [kibana]: Reenter password for [kibana]: Enter password for [logstash_system]: Reenter password for [logstash_system]: Enter password for [beats_system]: Reenter password for [beats_system]: Enter password for [remote_monitoring_user]: Reenter password for [remote_monitoring_user]: Unexpected response code [503] from calling PUT http://192.21.15.25:9200/_security/user/apm_system/_password?pretty Cause: Cluster state has not been recovered yet, cannot write to the [null] index Possible next steps: * Try running this tool again. * Try running with the --verbose parameter for additional messages. * Check the elasticsearch logs for additional error details. * Use the change password API manually. ERROR: Failed to set password for user [apm_system]
#看设置报错:
tiger@n21-045-025:/usr/share/elasticsearch$ sudo bin/elasticsearch-setup-passwords interactive --verbose
Running with configuration path: /etc/elasticsearch
Testing if bootstrap password is valid for http://192.21.15.25:9200/_security/_authenticate?pretty
Checking cluster health: http://192.21.15.25:9200/_cluster/health?pretty
{
"error" : {
"root_cause" : [
{
"type" : "master_not_discovered_exception",
"reason" : null
}
],
"type" : "master_not_discovered_exception",
"reason" : null
},
"status" : 503
}
Failed to determine the health of the cluster running at http://192.21.15.25:9200
Unexpected response code [503] from calling GET http://192.21.15.25:9200/_cluster/health?pretty
Cause: master_not_discovered_exception
It is recommended that you resolve the issues with your cluster before running elasticsearch-setup-passwords.
It is very likely that the password changes will fail when run against an unhealthy cluster.
Do you want to continue with the password setup process [y/N]ERROR: User cancelled operation
看上面的报错,这时提示9200服务报503错误,什么原因呢?我设置了要要账号密码啊。现在从浏览器访问9200端口也是需要账号密码才能登录的,请求http://192.21.15.25:9200/_cluster/health?pretty接口也会阻塞一直不响应,因为在等待账号密码呢。
这就矛盾了:我没启用xpack.security.enabled时,不能进入设置密码。但我启动了之后设置密码时它会调用_cluster/health?pretty检查集群状态然后就有问题了。这不矛盾了吗?
网上找了一些资料,包括google,但也都没有解决:比如 https://stackoverflow.com/questions/61884976/apply-security-on-elk-cluster-authentication-issue 这里说把所有的节点都加上上面的X-pack配置重启,然后使用auto进行密码设置。一样会出现无法检查集群健康状态的问题。Failed to determine the health of the cluster running at http://192.21.15.25:9200 Unexpected response code [503] from calling GET http://192.21.15.25:9200/_cluster/health?pretty
这个肯定不能是个问题!这个也一定能解决的,暂时挺脑火,留个笔记在这里!