elasticsearch 6.3版本之前的添加认证需安装x-pack插件,6.3之后貌似去掉了这个。
1、安装x-pack
先切换到elastic用户下,在执行以下命令
$cd /data/elasticsearch-6.2.4 --进到elasticsearch的安装目录 $./bin/elasticsearch-plugin install x-pack
2、设置密码:
$cd /data/elasticsearch-6.2.4/bin/x-pack $./setup-passwords interactive
会对elasticsearch、logstash、kibana分别设置登录密码(默认es用户名为elastic,logstash用户名为logstash_system,kibana用户名为kibana)
3、设置elasticsearch配置文件
$vim /data/elasticsearch-6.2.4/config/elasticsearch.yml --添加如下三行 http.cors.enabled: true http.cors.allow-origin: '*' http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
配置完重启下elasticsearch服务
4、测试
[elastic@data-backup elasticsearch-6.2.4]$curl http://10.163.19.231:9600 --不用密码访问,会报错 {"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication token for REST request [/]","header": {"WWW-Authenticate":"Basic realm="security" charset="UTF-8""}}],"type":"security_exception","reason":"missing authentication token for REST request [/]","header":{"WWW-Authenticate":"Basic realm="security" charset="UTF-8""}},"status":401} [elastic@data-backup elasticsearch-6.2.4]$curl http://10.163.19.231:9600 -u elastic:elastic123 --用刚才新加的用户密码访问,能正常返回数据(elastic:用户名,elastic123:密码) { "name" : "eR3qSni", "cluster_name" : "elasticsearch", "cluster_uuid" : "pQbnNW7jRgmzbqvW7n2I5Q", "version" : { "number" : "6.2.4", "build_hash" : "ccec39f", "build_date" : "2018-04-12T20:37:28.497551Z", "build_snapshot" : false, "lucene_version" : "7.2.1", "minimum_wire_compatibility_version" : "5.6.0", "minimum_index_compatibility_version" : "5.0.0" }, "tagline" : "You Know, for Search" }
5、 添加自定义角色:
添加角色接口为:POST /_xpack/security/role/
下面添加一个超级管理员角色为例:
[elastic@data-backup elasticsearch-6.2.4]$ curl -XPOST -H 'Content-type: application/json' -u elastic:elastic123 'http://10.163.19.231:9600/_xpack/security/role/admin?pretty' -d '{
"run_as":["elastic"],
"cluster":["all"],
"indices":[
{
"names":["*"],
"privileges":["all"]
}
]
}'
{
"role" : {
"created" : true
}
}
[elastic@data-backup elasticsearch-6.2.4]$ curl -XGET -H 'Content-type: application/json' -u elastic:elastic123 'http://10.163.19.231:9600/_xpack/security/role/admin?pretty'
{
"admin" : {
"cluster" : [
"all"
],
"indices" : [
{
"names" : [
"*"
],
"privileges" : [
"all"
]
}
],
"run_as" : [
"elastic"
],
"metadata" : { },
"transient_metadata" : {
"enabled" : true
}
}
}
6、添加自定义用户:
添加用户接口为:POST/_xpack/security/user/
下面以添加一个test用户并添加至admin角色为例:
注:这里要注意的是用户密码最好不要有"$" "!"之类的字符,这样有可能会导致密码认证不成功,其他字符测试过暂时没问题(具体原因不详,反正我遇到过这个坑)
[elastic@data-backup elasticsearch-6.2.4]$ curl -XGET -H 'Content-type: application/json' -u test:Test123654% 'http://10.163.19.231:9600/_cat/indices?pretty' green open .monitoring-es-6-2019.09.17 J1K2XG1eTXqw0GHSOH5Gwg 1 0 848 104 846.9kb 846.9kb green open .watches qHj5owowRC-3DeK8DaLD-g 1 0 6 0 47.8kb 47.8kb green open .triggered_watches 2pm3BwCnTaKgyzl39eFpUw 1 0 0 0 5.1kb 5.1kb yellow open monitor yFnfztziSguTq9VsfSANpw 5 1 48 0 226.7kb 226.7kb green open .watcher-history-7-2019.09.17 uz6RA_8vRraHHLAitWKtAw 1 0 74 0 259.8kb 259.8kb green open .monitoring-alerts-6 ZPTqnNVOQ5GlUK1ncXNQDQ 1 0 2 0 18.1kb 18.1kb yellow open track AqSGAZnAQE2NGvZXlp9zcw 5 1 1343729 175384 201mb 201mb green open .security-6 83fAslPbQDSGbGWfhiMAXA 1 0
密码字符测试的部分截图:(这里用到的修改密码在下面有讲解)
7、修改用户密码:
修改密码需要使用超级管理员权限即elastic用户,接口为:POST /_xpack/security/user/要修改密码的用户名/_password
curl参数含义如下:
-XPOST 使用post方法传递参数
-H 指定http协议的header信息
-u 指定用于认证的用户信息,用户名与密码使用冒号分隔
-d 指定具体要传递的参数信息
例如:修改martin用户的密码为:dxm1234%
[elastic@data-backup elasticsearch-6.2.4]$curl -XPOST -H 'Content-type: application/json' -u elastic:elastic123 'http://10.163.19.231:9600/_xpack/security/user/martin/_password?pretty' -d '{"password": "dxm1234%"}'
修改密码后访问正常则说明修改成功,否则可能报错401
