一、安装X-pack
官方:https://www.elastic.co/guide/en/x-pack/5.5/installing-xpack.html
1、Elasticsearch安装命令:
cd /ES_home
./bin/elasticsearch-plugin install x-pack
#或者
./bin/elasticsearch-plugin install file:///data/apps/elk_home/elasticsearch-5.5.0/x-pack-5.5.0.zip
默认登录密码
user:elastic
password: changeme
访问9200端口需要输入用户名和密码。
配置elasticsearch.yaml
配置elasticsearch.yaml
xpack.security.enabled:(true/false) #是否开启安全验证
xpack.monitoring.enabled #是否开启监控
xpack.graph.enabled #是否开启图形
xpack.watcher.enabled #是否开启watcher 仅仅es配置
xpack.reporting.enabled #是否开启报表仅仅kibana配置
2、Kibana安装命令:
cd /kibana_home
./bin/kibana-plugin install x-pack
#或者
./bin/kibana-plugin install file:///path/to/file/x-pack-5.5.3.zip
登录Kibana的时候输入用户名和密码。
二、证书更新
1-1.查看ES证书状态
curl -XGET -u admin:passwd "http://IP:9200/_license"
{
"license" : {
"status" : "expired",
"uid" : "b8a8e848-9a49-4317-a787-ded1038ea631",
"type" : "trial",
"issue_date" : "2019-01-14T10:59:01.687Z",
"issue_date_in_millis" : 1547463541687,
"expiry_date" : "2019-02-13T10:59:01.687Z",
"expiry_date_in_millis" : 1550055541687,
"max_nodes" : 1000,
"issued_to" : "my-application",
"issuer" : "elasticsearch",
"start_date_in_millis" : -1
}
}
许可证到期:https://www.elastic.co/guide/en/x-pack/current/license-expiration.html
1-2.查看ES证书信息
curl -XGET "http://IP:9200/_xpack?pretty"
2.注册elasticsearch账号获取证书
证书分为付费版和免费版,免费版会对节点数量有限制,但是一般的工作环境足够使用,因此我们采用BASIC授权文件。
登陆地址https://register.elastic.co/安装提示填写相关内容,然后就会受到es发送的邮件。邮件内容如下:
Thank you for using the Elastic Stack and registering for your free Basic license! This license expires on February 19, 2020.
To download your license, please go to:
#此处链接为证书的下载地址
--> http://license.elastic.co/registration/download/d1bb*****************
For license installation instructions:
#下面3个链接为证书的导入方式,版本不同导入的方式也不一样
Elasticsearch 6.x -- https://www.elastic.co/guide/en/x-pack/current/license-management.html
Elasticsearch 5.x -- https://www.elastic.co/guide/en/x-pack/5.6/installing-license.html
Elasticsearch 2.x -- https://www.elastic.co/guide/en/marvel/current/license-management.html
Elasticsearch 1.x -- Use license code '1010' to register
If you have any questions or issues, please visit us on the forums: https://discuss.elastic.co/ or reach out to us directly at info@elastic.co.
Best,
The Elastic Team
--
http://elastic.co
3. 导入证书
1)检查es版本信息
curl -u <user>:<passwd> http://IP:9200
2)下载对应版本证书,上传证书到服务器
ll <license_name>.json
-rw-r--r-- 1 root root 1191 Jan 30 10:07 license.json
向license
API 发送请求并指定包含新许可证的文件:
curl -XPUT -u <user>:<passwd> 'http://<host>:<port>/_xpack/license?acknowledge=true' -H "Content-Type: application/json" -d @<license_name>.json
{"acknowledged":true,"license_status":"valid"}
- @符号不要遗漏
elastic
是内置的超级用户。默认密码是changeme
。如果您还没有,请更改默认密码。具有群集管理员权限的任何用户都可以安装许可证<host>
是Elasticsearch节点的主机名(localhost
如果在本地执行)<port>
是http端口(默认为9200
)license.json
是许可证JSON文件
如果您要安装的许可证不支持以前许可证中提供的所有功能,则会在响应中通知您。要完成许可证安装,必须重新提交许可证更新请求并将acknowledge
参数设置为true
以指示您了解更改。
curl -XPUT -u elastic 'http://<host>:<port>/_xpack/license?acknowledge=true' -H "Content-Type: application/json" -d @license.json
三、用户管理
角色:角色就是用户的标签,比如用户属于管理员、属于普通员工、或者公司A的用户、公司B的用户。
1、查看角色
GET /_xpack/security/role
返回结果:
{
"watcher_admin": {
......
}
}
修改密码
curl -XPUT 'localhost:9200/_xpack/security/user/elastic/_password?pretty' -d' { "password": "elasticpassword" }'
curl -XPUT 'localhost:9200/_xpack/security/user/kibana/_password?pretty' -d'
{
"password": "kibanapassword"
}'
添加新用户
curl -XPOST 'localhost:9200/_xpack/security/user/jacknich?pretty' -d'
{
"password" : "j@rV1s",
"roles" : [ "admin", "other_role1" ],
"full_name" : "Jack Nicholson",
"email" : "jacknich@example.com",
"metadata" : {
"intelligence" : 7
},
"enabled": true
}'
删除用户
curl -XDELETE 'localhost:9200/_xpack/security/user/jacknich?pretty'
https://blog.51cto.com/qiangsh/1853667