0


Elasticsearch密码设置及其后续问题解决

一.设置密码

1.在elasticsearch.yml中配置

#开启密码验证
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
#不添加无法使用head连接es,连接时在http:ip:port/?auth_user=elastic&auth_password=密码
http.cors.allow-headers: Content-Type,Accept,Authorization, x-requested-with

2.在elasticsearch/bin下运行

elasticsearch-setup-passwords interactive

然后设置多个账号的密码

[es@k8snode2 elasticsearch-7.3.0]$ ./bin/elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
 
 
Enter password for [elastic]: 
Reenter password for [elastic]: 
Passwords do not match.
Try again.
Enter password for [elastic]: 
Reenter password for [elastic]: 
Enter password for [apm_system]: 
Reenter password for [apm_system]: 
Enter password for [kibana]: 
Reenter password for [kibana]: 
Enter password for [logstash_system]: 
Reenter password for [logstash_system]: 
Enter password for [beats_system]: 
Reenter password for [beats_system]: 
Enter password for [remote_monitoring_user]: 
Reenter password for [remote_monitoring_user]: 
Changed password for user [apm_system]              以下四个均为账号
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

3.启动es即可。

4.使用head连接es时,需要在连接输入框中

http://127.0.0.1:9200/?auth_user=elastic&auth_password=密码

二.修改密码

修改密码命令如下:

curl -H "Content-Type:application/json" -XPOST -u elastic 'http://127.0.0.1:9200/_xpack/security/user/elastic/_password' -d '{ "password" : "123456" }'

三.带密码查询

Elasticsearch设置用户名密码之后,不能再直接使用Elasticsearch head 访问,可以在查询等API上加上用户等参数:

curl -XGET --user(elasticsearch名称) user:passwd 'http://XXXX:9200/XX/XXX'

比如想要清空某个索引下的数据:

 curl -XPOST  --user(elasticsearch名称) admin:admin 'http://XXXX:9200/XXXX/XXX/_delete_by_query'  -H "Content-Type: application/json" -d '{ "query":{"match_all":{}}}'

四.添加自定义角色

添加角色接口为:POST /_xpack/security/role/

下面添加一个超级管理员角色为例:

[elastic@data-backup elasticsearch-6.2.4]$ curl -XPOST -H 'Content-type: application/json' -u elastic:elastic123 'http://10.163.19.231:9600/_xpack/security/role/admin?pretty' -d '{
"run_as":["elastic"],
"cluster":["all"],
"indices":[
 {
  "names":["*"],
  "privileges":["all"]
 }
]
}'
{
 "role" : {
 "created" : true
 }
}
[elastic@data-backup elasticsearch-6.2.4]$ curl -XGET -H 'Content-type: application/json' -u elastic:elastic123 'http://10.163.19.231:9600/_xpack/security/role/admin?pretty'
{
  "admin" : {
  "cluster" : [
   "all"
  ],
  "indices" : [
   {
     "names" : [
      "*"
     ],
     "privileges" : [
      "all"
     ]
    }
   ],
   "run_as" : [
    "elastic"
   ],
   "metadata" : { },
   "transient_metadata" : {
    "enabled" : true
  }
 }
}

五.添加自定义用户

添加用户接口为:POST/_xpack/security/user/

下面以添加一个test用户并添加至admin角色为例:

[elastic@data-backup elasticsearch-6.2.4]$ curl -XGET -H 'Content-type: application/json' -u test:Test123654% 'http://10.163.19.231:9600/_cat/indices?pretty'
green  open .monitoring-es-6-2019.09.17   J1K2XG1eTXqw0GHSOH5Gwg 1 0     848    104 846.9kb 846.9kb
green  open .watches                      qHj5owowRC-3DeK8DaLD-g 1 0       6      0  47.8kb  47.8kb
green  open .triggered_watches            2pm3BwCnTaKgyzl39eFpUw 1 0       0      0   5.1kb   5.1kb
yellow open monitor                       yFnfztziSguTq9VsfSANpw 5 1      48      0 226.7kb 226.7kb
green  open .watcher-history-7-2019.09.17 uz6RA_8vRraHHLAitWKtAw 1 0      74      0 259.8kb 259.8kb
green  open .monitoring-alerts-6          ZPTqnNVOQ5GlUK1ncXNQDQ 1 0       2      0  18.1kb  18.1kb
yellow open track                         AqSGAZnAQE2NGvZXlp9zcw 5 1 1343729 175384   201mb   201mb
green  open .security-6                   83fAslPbQDSGbGWfhiMAXA 1 0

注:这里要注意的是用户密码最好不要有"$" "!"之类的字符,这样有可能会导致密码认证不成功,其他字符测试过暂时没问题(具体原因不详,反正我遇到过这个坑)

六.RestHighLevelClient客户端验证密码

//初始化ES操作客户端
        final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
        credentialsProvider.setCredentials(AuthScope.ANY,
                new UsernamePasswordCredentials("elastic", "123456"));  //es账号密码(默认用户名为elastic,因为在设置密码时其中的一个用户就是elastic)
        RestHighLevelClient esClient =new RestHighLevelClient(
                RestClient.builder(
                        new HttpHost("127.0.0.1",9200)
                ).setHttpClientConfigCallback(new RestClientBuilder.HttpClientConfigCallback() {
                    public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) {
                        httpClientBuilder.disableAuthCaching();
                        return httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
                    }
                })/.setMaxRetryTimeoutMillis(2000)/
        );

七.设置密码后的使用

1.head连接

需要在http://127.0.0.1:9100/ 后添加?auth_user=elastic&auth_password=密码

2.logstash中

在conf文件中的output中进行修改
​
output {
 
    elasticsearch {
        #es服务器
        hosts => ["localhost:9200"]
        #ES索引名称
        index => "zfjd"
        #自增ID
        document_id => "%{id}"
        #当document_id 不存在时,自动生成
        #doc_as_upsert => true
        #索引类型
        document_type => "xzcf_common"
        
        
        #es的账号密码
        user => elastic
        password => "密码"
        
        # 主要实现想法,就来源于这里action可以指定,那么我前面给数据打上标识,就可以实现删除了
        action => "%{[@metadata][action]}" 
    }

3.linux命令行

curl --user elastic:密码 -XPUT 需要的操作 -d -H "Content-Type:application/json"


本文转载自: https://blog.csdn.net/weixin_51296247/article/details/123383221
版权归原作者 这个名字还中 所有, 如有侵权,请联系我们删除。

“Elasticsearch密码设置及其后续问题解决”的评论:

还没有评论