elasticsearch 6.3版本以前的添加認證需安裝x-pack插件,6.3以後貌似去掉了這個。json
一、安裝x-packvim
先切換到elastic用戶下,在執行如下命令app
$cd /data/elasticsearch-6.2.4 --進到elasticsearch的安裝目錄 $./bin/elasticsearch-plugin install x-pack
二、設置密碼:cors
$cd /data/elasticsearch-6.2.4/bin/x-pack $./setup-passwords interactive
會對elasticsearch、logstash、kibana分別設置登陸密碼(默認es用戶名爲elastic,logstash用戶名爲logstash_system,kibana用戶名爲kibana) curl
三、設置elasticsearch配置文件elasticsearch
$vim /data/elasticsearch-6.2.4/config/elasticsearch.yml --添加以下三行 http.cors.enabled: true http.cors.allow-origin: '*' http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
配置完重啓下elasticsearch服務post
四、測試測試
[elastic@data-backup elasticsearch-6.2.4]$curl http://10.163.19.231:9600 --不用密碼訪問,會報錯 {"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication token for REST request [/]","header": {"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"missing authentication token for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401} [elastic@data-backup elasticsearch-6.2.4]$curl http://10.163.19.231:9600 -u elastic:elastic123 --用剛纔新加的用戶密碼訪問,能正常返回數據(elastic:用戶名,elastic123:密碼) { "name" : "eR3qSni", "cluster_name" : "elasticsearch", "cluster_uuid" : "pQbnNW7jRgmzbqvW7n2I5Q", "version" : { "number" : "6.2.4", "build_hash" : "ccec39f", "build_date" : "2018-04-12T20:37:28.497551Z", "build_snapshot" : false, "lucene_version" : "7.2.1", "minimum_wire_compatibility_version" : "5.6.0", "minimum_index_compatibility_version" : "5.0.0" }, "tagline" : "You Know, for Search" }
五、 添加自定義角色:ui
添加角色接口爲:POST /_xpack/security/role/url
下面添加一個超級管理員角色爲例:
[elastic@data-backup elasticsearch-6.2.4]$ curl -XPOST -H 'Content-type: application/json' -u elastic:elastic123 'http://10.163.19.231:9600/_xpack/security/role/admin?pretty' -d '{
"run_as":["elastic"],
"cluster":["all"],
"indices":[
{
"names":["*"],
"privileges":["all"]
}
]
}'
{
"role" : {
"created" : true
}
}
[elastic@data-backup elasticsearch-6.2.4]$ curl -XGET -H 'Content-type: application/json' -u elastic:elastic123 'http://10.163.19.231:9600/_xpack/security/role/admin?pretty'
{
"admin" : {
"cluster" : [
"all"
],
"indices" : [
{
"names" : [
"*"
],
"privileges" : [
"all"
]
}
],
"run_as" : [
"elastic"
],
"metadata" : { },
"transient_metadata" : {
"enabled" : true
}
}
}
六、添加自定義用戶:
添加用戶接口爲:POST/_xpack/security/user/
下面以添加一個test用戶並添加至admin角色爲例:
注:這裏要注意的是用戶密碼最好不要有"$" "!"之類的字符,這樣有可能會致使密碼認證不成功,其餘字符測試過暫時沒問題(具體緣由不詳,反正我遇到過這個坑)
[elastic@data-backup elasticsearch-6.2.4]$ curl -XGET -H 'Content-type: application/json' -u test:Test123654% 'http://10.163.19.231:9600/_cat/indices?pretty' green open .monitoring-es-6-2019.09.17 J1K2XG1eTXqw0GHSOH5Gwg 1 0 848 104 846.9kb 846.9kb green open .watches qHj5owowRC-3DeK8DaLD-g 1 0 6 0 47.8kb 47.8kb green open .triggered_watches 2pm3BwCnTaKgyzl39eFpUw 1 0 0 0 5.1kb 5.1kb yellow open monitor yFnfztziSguTq9VsfSANpw 5 1 48 0 226.7kb 226.7kb green open .watcher-history-7-2019.09.17 uz6RA_8vRraHHLAitWKtAw 1 0 74 0 259.8kb 259.8kb green open .monitoring-alerts-6 ZPTqnNVOQ5GlUK1ncXNQDQ 1 0 2 0 18.1kb 18.1kb yellow open track AqSGAZnAQE2NGvZXlp9zcw 5 1 1343729 175384 201mb 201mb green open .security-6 83fAslPbQDSGbGWfhiMAXA 1 0
密碼字符測試的部分截圖:(這裏用到的修改密碼在下面有講解)
七、修改用戶密碼:
修改密碼須要使用超級管理員權限即elastic用戶,接口爲:POST /_xpack/security/user/要修改密碼的用戶名/_password
curl參數含義以下:
-XPOST 使用post方法傳遞參數
-H 指定http協議的header信息
-u 指定用於認證的用戶信息,用戶名與密碼使用冒號分隔
-d 指定具體要傳遞的參數信息
例如:修改martin用戶的密碼爲:dxm1234%
[elastic@data-backup elasticsearch-6.2.4]$curl -XPOST -H 'Content-type: application/json' -u elastic:elastic123 'http://10.163.19.231:9600/_xpack/security/user/martin/_password?pretty' -d '{"password": "dxm1234%"}'
修改密碼後訪問正常則說明修改爲功,不然可能報錯401