Elasticsearch 7.x设置密码访问
Elasticsearch在7.0.0之后免费使用x-pack,也为了系统业务数据安全,所以我们使用x-pack对Elasticsearch进行密码设置。
设置密码前注意事项
-
Elasticsearch需要提前启动一次,否则会出现以下Error:
ERROR: Elasticsearch keystore file is missing [/kaysen/daemon/elasticsearch-7.7.0/config/elasticsearch.keystore] -
Elasticsearch必须处于启动状态,否则会出现以下Error:
Connection failure to: http://127.0.0.1:9200/_security/_authenticate?pretty failed: Connection refused (Connection refused) ERROR: Failed to connect to elasticsearch at http://127.0.0.1:9200/_security/_authenticate?pretty. Is the URL correct and elasticsearch running? -
密码生成的两种方式:
- auto:各用户自动生成密码;
- interactive:手动设置密码。
-
以下操作操作都是使用
普通用户权限进行操作。
配置x-pack步骤
- 进入
elasticsearch目录,执行以下命令:./bin/elasticsearch-setup-passwords interactive - 会出现以下错误信息:
Unexpected response code [500] from calling GET http://127.0.0.1:9200/_security/_authenticate?pretty It doesn't look like the X-Pack security feature is enabled on this Elasticsearch node. Please check if you have enabled X-Pack security in your elasticsearch.yml configuration file. - 我们需要配置文件中开启x-pack验证,修改
config/elasticsearch.yml配置文件,在尾部添加以下内容,然后重启elasticsearch:xpack.security.enabled: true./bin/elasticsearch -d - 重复第1步,为
elastic、apm_system、kibana、logstash_system、beats_system、remote_monitoring_user设置密码,这里我设置了统一密码:123456,具体操作:./bin/elasticsearch-setup-passwords interactivefuture versions of Elasticsearch will require Java 11; your Java version from [/kaysen/tools/java/jre] does not meet this requirement Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user. You will be prompted to enter passwords as the process progresses. Please confirm that you would like to continue [y/N]y Enter password for [elastic]: Reenter password for [elastic]: Enter password for [apm_system]: Reenter password for [apm_system]: Enter password for [kibana]: Reenter password for [kibana]: Enter password for [logstash_system]: Reenter password for [logstash_system]: Enter password for [beats_system]: Reenter password for [beats_system]: Enter password for [remote_monitoring_user]: Reenter password for [remote_monitoring_user]: Changed password for user [apm_system] Changed password for user [kibana] Changed password for user [logstash_system] Changed password for user [beats_system] Changed password for user [remote_monitoring_user] Changed password for user [elastic] - 先不加用户密码进行访问:
curl 127.0.0.1:9200:{ "error": { "root_cause": [ { "type": "security_exception", "reason": "missing authentication credentials for REST request [/]", "header": { "WWW-Authenticate": "Basic realm=\"security\" charset=\"UTF-8\"" } } ], "type": "security_exception", "reason": "missing authentication credentials for REST request [/]", "header": { "WWW-Authenticate": "Basic realm=\"security\" charset=\"UTF-8\"" } }, "status": 401 }
CURL密码访问Elasticsearch
curl -u elastic:123456 127.0.0.1:9200
# 或者
curl -u elastic 127.0.0.1:9200
Enter host password for user 'elastic': 123456
成功打印:
{
"name" : "localhost.localdomain",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "MZlO8UPyS52AuuCrFwABvQ",
"version" : {
"number" : "7.7.0",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "81a1e9eda8e6183f5237786246f6dced26a10eaf",
"build_date" : "2020-05-12T02:01:37.602180Z",
"build_snapshot" : false,
"lucene_version" : "8.5.1",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
