ELK使用总结:es配置X-PACK验证
这个文章的缘由: 开发的童鞋一直想在es上加一道验证,但是之前的es集群都没有对这个进行部署,被找了几次,还是给弄了个,但是有点坑啊,看官方说明,这个没有lisence 就只能免费用一个月,先用着吧,部署过程和参考文档如下,无坑详细教学,都是本人实际详细操作:
官方安装文档:https://www.elastic.co/guide/en/elasticsearch/reference/5.5/installing-xpack-es.html
模块下载地址:https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-5.4.2.zip 这个是我这边还在用的最多的版本。
参考文档:
https://blog.51cto.com/nginxs/2083985?source=dra
https://github.com/zhaoyunxing92/docker-case/tree/develop/elasticsearch
#说明:bin/elasticsearch-plugin install file:///path/to/file/x-pack-5.5.3.zip
/apps/svr/elasticsearch542/bin/elasticsearch-plugin install file://apps/svr/x-pack.5.4.2.zip --batch
xpack.security.enabled:(true/false) #是否开启安全验证
xpack.monitoring.enabled #是否开启监控
xpack.graph.enabled #是否开启图形
xpack.watcher.enabled #是否开启watcher 仅仅es配置
xpack.reporting.enabled #是否开启报表仅仅kibana配置
在ES 5.4.2版本实际配置添加到elasticsearch.yaml参数:
xpack.security.enabled: true
xpack.monitoring.enabled: false
xpack.graph.enabled: false
xpack.watcher.enabled: false
完整配置为:
cat elasticsearch.yml
cluster.name: uat_xpack
discovery.zen.ping.unicast.hosts: [“10.10.80.74”, “10.10.80.75”, “10.10.80.76”]
network.host: 10.10.80.76
node.name: xxxx.xxxx.com
http.port: 9200
path.data: /apps/elasticsearch542/data
path.logs: /apps/elasticsearch542/logs
script.engine.groovy.inline.search: true
node.master: true
cluster.routing.allocation.disk.threshold_enabled: true
cluster.routing.allocation.disk.watermark.low: 80%
cluster.routing.allocation.disk.watermark.high: 80%
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
http.cors.enabled: true
http.cors.allow-origin: “*”
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers: "X-Requested-With, Content-Type, Content-Length, X-User, Authorization "
#开启密码认证 xpack,通常配置这一行就可以了
xpack.security.enabled: true
xpack.monitoring.enabled: false
xpack.graph.enabled: false
xpack.watcher.enabled: false
然后正常启动:
bin/elasticsearch -d
#设置密码,默认为:user:elastic ;password: changeme ; 请求URL加密码: --user elastic:changeme
curl -XPUT --user elastic:changeme ‘localhost:9200/_xpack/security/user/elastic/_password?pretty’ -d’ { “password”: “elasticpassword” }’
curl -XPUT --user elastic:changeme ‘10.10.80.76:9200/_xpack/security/user/elastic/_password?pretty’ -d’ { “password”: “uatelastic” }’
elasticsearch-heard 链接修改这里发现elasticsearch-heard连不上es
修改配置文件elasticsearch.yml,增加
http.cors.allow-headers: Authorization
#案例:
http.cors.allow-headers: “X-Requested-With, Content-Type, Content-Length, X-User,Authorization”
访问head时,url修改为如下所示:
http://10.10.11.105:9100/?auth_user=elastic&auth_password=uatelastic
curl -XPOST --user elastic:fduatelastic ‘10.10.80.76:9200/_xpack/security/user/uat1?pretty’ -d ‘{
“password” : “uatpassword”,
“roles” : [“admin”, “users”],
“full_name” : “uat1”,
“email” : “uat1@xxxx.com”,
“metadata” : {
“intelligence” : 7
},
“enabled”: true
}’
curl -XDELETE --user elastic:fduatelastic ‘10.11.80.76:9200/_xpack/security/user/uat1?pretty’
报错处理curl -XPUT --user elastic:changeme ‘10.10.80.74:9200/_xpack/security/user/elastic/_password?pretty’ -d’ { “password”: “uatelastic” }’
{
“error” : {
“root_cause” : [
{
“type” : “security_exception”,
“reason” : “failed to authenticate user [elastic]”,
“header” : {
“WWW-Authenticate” : "Basic realm=“security” charset=“UTF-8"”
}
}
],
“type” : “security_exception”,
“reason” : “failed to authenticate user [elastic]”,
“header” : {
“WWW-Authenticate” : "Basic realm=“security” charset=“UTF-8"”
}
},
“status” : 401
}
出现这个是因为输入的密码错的,我在集群中的节点上执行了,然后再到这个节点执行就出现错误了。
作者:朝寒
