Elasticsearch & Kibana with Shield
/opt/elasticsearch-2.3.2/bin/plugin install licensehtml
/opt/elasticsearch-2.3.2/bin/plugin install shieldnode
或離線安裝linux
[root@ela-master1 ~]# /opt/elasticsearch-2.3.2/bin/plugin install file:///root/license-2.3.2.zip
-> Installing from file:/root/license-2.3.2.zip...session
Trying file:/root/license-2.3.2.zip ...curl
Downloading .DONEelasticsearch
Verifying file:/root/license-2.3.2.zip checksums if available ...ide
NOTE: Unable to verify checksum for downloaded plugin (unable to find .sha1 or .md5 file to verify)測試
Installed license into /opt/elasticsearch-2.3.2/plugins/license網站
[root@ela-master1 ~]# /opt/elasticsearch-2.3.2/bin/plugin install file:///root/shield-2.3.2.zip
-> Installing from file:/root/shield-2.3.2.zip...
Trying file:/root/shield-2.3.2.zip ...
Downloading .......................DONE
Verifying file:/root/shield-2.3.2.zip checksums if available ...
NOTE: Unable to verify checksum for downloaded plugin (unable to find .sha1 or .md5 file to verify)
Installed shield into /opt/elasticsearch-2.3.2/plugins/shield
shield.authc.realms.file1.type:
shield.authc.realms.file1.order:
HERE
2.啓動(或重啓)elasticsearch
3.建立file based用戶
https://www.elastic.co/guide/en/shield/current/defining-roles.html#valid-role-name
https://www.elastic.co/guide/en/shield/current/enable-basic-auth.html
/opt/elasticsearch-2.3.2/bin/shield/esusers useradd es_admin -p P@ssw0rd -r admin
/opt/elasticsearch-2.3.2/bin/shield/esusers useradd kibana -p P@ssw0rd -r kibana4_server
[root@ela-client ~]# /opt/elasticsearch-2.3.2/bin/shield/esusers list
es_admin
kibana
/opt/elasticsearch-2.3.2/config/shield/users
/opt/elasticsearch-2.3.2/config/shield/users_roles
5.測試用戶認證
[root@ela-client ~]# curl -u es_admin:P@ssw0rd 'http://localhost:9200/_cat/health?v'
epoch
1462705707 19:08:27
[root@ela-client ~]# curl -u es_admin:P@ssw0rd 'http://localhost:9200/_cat/indices?v'
health status index
green
green
green
green
green
green
shield.authc.realms.native1.type:
shield.authc.realms.native1.order:
HERE
2.啓動(或重啓)elasticsearch
3.建立native用戶
curl
{
}
'
說明:
1.新增native用戶也須要認證,但啓用了shield以後默認是沒有native用戶的,因此就須要藉助file based用戶來受權
2.native用戶是存放在elasticsearch集羣中,集羣中的全部節點會自動同步
[root@ela-client ~]# curl -u es_admin:P@ssw0rd -XPOST 'http://localhost:9200/_shield/user/fooadmin' -d '
{
}
'
{"user":{"created":true}}
[root@ela-data1 ~]# curl -u es_admin:P@ssw0rd 'http://localhost:9200/_shield/user'
{"fooadmin":{"username":"fooadmin","roles":["admin","other_role1"],"full_name":"Jlive Liu","email":"iliujun_live@163.com","metadata":{"intelligence":7}}}
4.測試用戶認證
[root@ela-master2 ~]# curl -u fooadmin:foo.123 'http://localhost:9200/_cat/health?v'
epoch
1462707192 19:33:12
/opt/kibana-4.5.0-linux-x64/bin/kibana plugin --install kibana/shield/2.3.2
或離線安裝
wget
/opt/kibana-4.5.0-linux-x64/bin/kibana plugin --install shield --url file:///mnt/hgfs/linux_soft/ELK/shield-2.3.2.tar.gz
root@jlive:~#/opt/kibana-4.5.0-linux-x64/bin/kibana plugin --install shield --url file:///mnt/hgfs/linux_soft/ELK/shield-2.3.2.tar.gz
Installing shield
Attempting to transfer from file:///mnt/hgfs/linux_soft/ELK/shield-2.3.2.tar.gz
Transferring 7933036 bytes....................
Transfer complete
Extracting plugin archive
Extraction complete
Optimizing and caching browser bundles...
Plugin installation complete
kibana_elasticsearch_username:
kibana_elasticsearch_password:
shield.encryptionKey:
shield.sessionTimeout:
/opt/elasticsearch-2.3.2/config/shield/roles.yml
# The required permissions for the kibana 4 server
kibana4_server:
注意:默認的kibana4-server角色用戶指對.kibana索引有全權限,但對其它indices沒有任何權限,若是不指定在登陸kibana後可能會出現以下狀況
4.受權用戶訪問指定indices(全部elasticsearch節點)
能夠修改原/opt/elasticsearch-2.3.2/config/shield/roles.yml默認定義的kibana4-server角色,也能夠從新定義一個新角色,這裏定義一個新角色kibana4_indices,能訪問Kibana 官方示例中對應的indices
i.定義角色並受權
cat >>/opt/elasticsearch-2.3.2/config/shield/roles.yml <<HERE
kibana4_indices:
HERE
ii.用戶受權
[root@ela-master2 ~]# /opt/elasticsearch-2.3.2/bin/shield/esusers roles kibana -a kibana4_indices
[root@ela-master2 ~]# /opt/elasticsearch-2.3.2/bin/shield/esusers list
es_admin
kibana
注意:全部的elasticsearch節點都要同步
5.重啓elasticsearch集羣
6.啓動(或重啓)kibana
B.native realm認證
上文中的native用戶(fooadmin/foo.123)由於是admin用戶,因此能夠直接認證成功。
固然還能夠單獨建個kibana_native用戶來認證
curl -u fooadmin:foo.123 -XPOST 'http://localhost:9200/_shield/user/kibana_native'
{
}
'
仍是native認證方便,用戶無需全部節點手動同步
- 1. Shield Your Kibana Dashboards
- 2. ASP.NET Core Logging in Elasticsearch with Kibana
- 3. Shield 2.0+ 配合Elasticsearch 和 kibana 以及 logstash的使用
- 4. Elasticsearch的Shield插件
- 5. Logging with ElasticSearch, Kibana, ASP.NET Core and Docker
- 6. Manage Spring Boot Logs with Elasticsearch, Logstash and Kibana
- 7. Kibana + ElasticSearch
- 8. NLog——ElasticSearch——Kibana
- 9. ElasticSearch + Logstash + kibana
- 10. Elasticsearch+Kibana+Logstash安裝
- 更多相關文章...
- • XSLT
- • PHP rtrim() 函數 - PHP參考手冊
- • 爲了進字節跳動,我精選了29道Java經典算法題,帶詳細講解
- • 算法總結-股票買賣
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. Duang!超快Wi-Fi來襲
- 2. 機器學習-補充03 神經網絡之**函數(Activation Function)
- 3. git上開源maven項目部署 多module maven項目(多module maven+redis+tomcat+mysql)後臺部署流程學習記錄
- 4. ecliple-tomcat部署maven項目方式之一
- 5. eclipse新導入的項目經常可以看到「XX cannot be resolved to a type」的報錯信息
- 6. Spark RDD的依賴於DAG的工作原理
- 7. VMware安裝CentOS-8教程詳解
- 8. YDOOK:Java 項目 Spring 項目導入基本四大 jar 包 導入依賴,怎樣在 IDEA 的項目結構中導入 jar 包 導入依賴
- 9. 簡單方法使得putty(windows10上)可以免密登錄樹莓派
- 10. idea怎麼用本地maven
- 1. Shield Your Kibana Dashboards
- 2. ASP.NET Core Logging in Elasticsearch with Kibana
- 3. Shield 2.0+ 配合Elasticsearch 和 kibana 以及 logstash的使用
- 4. Elasticsearch的Shield插件
- 5. Logging with ElasticSearch, Kibana, ASP.NET Core and Docker
- 6. Manage Spring Boot Logs with Elasticsearch, Logstash and Kibana
- 7. Kibana + ElasticSearch
- 8. NLog——ElasticSearch——Kibana
- 9. ElasticSearch + Logstash + kibana
- 10. Elasticsearch+Kibana+Logstash安裝