elasticsearch 7.12 x-pack 配置ldap 

# 安装基础环境
yum install git
curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

# 拉取docker elasticsearch/kibana 环境
cd /opt
git clone https://github.com/117503445/elasticsearch-deploy.git
# deploy edit password in .env

docker-compose up -d
# 查看日志
docker-compose logs -f

# visit http://localhost:5601
# default username: elastic
# default password: mypassword

# 配置激活x-path 白金版
cd /opt/elasticsearch-deploy
curl -XPUT -u elastic:mypassword 'http://172.22.2.222:9200/_xpack/license' -H "Content-Type: application/json" -d @license.json
docker-compose restart
# 检查激活
curl -XPOST -u elastic:mypassword http://172.22.2.222:9200/_license

# 配置ldap
# vim elasticsearch.yml

---
## Default Elasticsearch configuration from Elasticsearch base image.
## https://github.com/elastic/elasticsearch/blob/master/distribution/docker/src/docker/config/elasticsearch.yml
#
cluster.name: "docker-cluster"
network.host: 0.0.0.0

## X-Pack settings
## see https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-xpack.html

xpack.security.enabled: true
xpack.monitoring.collection.enabled: true
xpack:
  security:
    authc:
      realms:
        ldap:
          ldap1:
            order: 0
            url: "ldap://172.22.2.22:389"
            bind_dn: "cn=root,ou=管理,ou=企业,dc=tpping,dc=tp"
            user_search:
              base_dn: "ou=技术,ou=企业,dc=tpping,dc=tp"
              filter: "(cn={0})"
            group_search:
              base_dn: "ou=技术,ou=企业,dc=tpping,dc=tp"
            unmapped_groups_as_roles: false


# 配置ldap root用户管理密码
docker exec -it elasticsearch bash
elasticsearch-keystore add xpack.security.authc.realms.ldap.ldap1.secure_bind_password
# 交互式输入密码
docker-compose restart

# 授权chen.da 超级用户权限
curl -X PUT -u elastic:mypassword "http://172.22.2.222:9200/_xpack/security/role_mapping/ldap_super_user1?pretty" -H 'Content-Type: application/json' -d'
{
  "roles": [ "superuser" ],
  "enabled": true,
  "rules": {
    "any": [
      {
        "field": {
          "groups" : "ou=运维管理,ou=企业,dc=tpping,dc=tp" 
        }
      }
    ]
  }
}'

# 检查,可以查出license为正常
curl -XGET -u chen.da:ww232ww http://172.22.2.222:9200/_license

-- 引用连接
https://github.com/117503445/elasticsearch-deploy
https://www.117503445.top/2021/05/09/2021-05-09-ElasticSearch Xpack破解/
https://help.aliyun.com/document_detail/149442.html
https://www.jianshu.com/p/7154e80490ad

posted @ 2022-03-22 10:34  运维之爪  阅读(233)  评论(0编辑  收藏  举报