【Elasticsearch】如何给ES设置必须以用户名密码访问

【本文涉及ES版本】

7.11.1

【elasticsearch.yml中设置】

增加以下两项设置：

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true

【启动es后使用elasticsearch-setup-passwords进行密码设置】

在完成修改elasticsearch.yml后，先启动es；

之后再打开一个终端如putty，以同一用户登录，进入es的bin目录，敲入命令：./elasticsearch-setup-passwords interactive

之后分别给elastic, kibana, logstash_system,beats_system等用户设置密码，具体如下：

[hy@localhost bin]$ ./elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y


Enter password for [elastic]:
passwords must be at least [6] characters long
Try again.
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana_system]:
Reenter password for [kibana_system]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

执行完毕之后，访问es节点就需要用户名密码了，如下：

如果密码不对就会输出：

{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}

输对了密码才会有正常的：

{
  "name" : "node-1",
  "cluster_name" : "liangshan",
  "cluster_uuid" : "h6AscLaBS0qyOKdfq1DO8w",
  "version" : {
    "number" : "7.11.1",
    "build_flavor" : "default",
    "build_type" : "tar",
    "build_hash" : "ff17057114c2199c9c1bbecc727003a907c0db7a",
    "build_date" : "2021-02-15T13:44:09.394032Z",
    "build_snapshot" : false,
    "lucene_version" : "8.7.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

加了密码后，用RestTemplate访问es的方式也需要进行调整. 可以参考：https://www.cnblogs.com/heyang78/p/15945626.html

 

END