elasticsearch7。14。1部署集群设置账号密码
之前学习es都没有设置密码,但是为了安全考虑,规范的公司都会对es集群设置密码,所以今天测试了如何设置密码以及设置密码后常用插件如何连接es集群的问题,并做了记录。
elasticsearch版本7.14.1
es 添加账号密码
1.打开es配置文件 config/elasticsearch.yml
添加如下内容:xpack.security.enabled: true xpack.security.transport.ssl.enabled: true
2.重启 es 集群
只有es集群重启后才可以进行密码初始化的操作
先找到es集群的pid,根据pid杀死es进程,之后重启es,命令如下:ps -ef | grep elasticsearch kill -9 pid ./bin/elasticsearch -d
3.密码初始化./bin/elasticsearch-setup-passwords interactive
之后等待设置密码,分别设置6个密码:
elastic
apm_system
kibana_system
logstash_system
beats_system
remote_monitoring_user
提示信息如下Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user. You will be prompted to enter passwords as the process progresses. Please confirm that you would like to continue [y/N]y Enter password for [elastic]: Reenter password for [elastic]: Enter password for [apm_system]: Reenter password for [apm_system]: Enter password for [kibana_system]: Reenter password for [kibana_system]: Enter password for [logstash_system]: Reenter password for [logstash_system]: Enter password for [beats_system]: Reenter password for [beats_system]: Enter password for [remote_monitoring_user]: Reenter password for [remote_monitoring_user]: Changed password for user [apm_system] Changed password for user [kibana_system] Changed password for user [kibana] Changed password for user [logstash_system] Changed password for user [beats_system] Changed password for user [remote_monitoring_user]
4.如果后续再需要更改密码,可以用这个命令curl -H "Content-Type:application/json" -XPOST -u elastic "http://127.0.0.1:9200/_xpack/security/user/elastic/_password" -d "{ "password" : "admin123" }"
es-head 连接有密码的es集群
1.es配置文件添加配置#连接elasticsearch-head配置跨域 http.cors.enabled: true http.cors.allow-origin: "*" http.cors.allow-headers: Authorization,X-Requested-With,Content-Type,Content-Length
2. 更改连接 es-head,打开es-head页面网址上添加账号密码信息:http://127.0.0.1:9100/?auth_user=elastic&auth_password=123456
之后在这个页面连接时输入es的连接ip和端口号就可以了
kibana设置连接的es集群密码
1.打开 kibana 配置文件,添加如下配置信息:elasticsearch.username: "elastic" elasticsearch.password: "123456"
2.重启kibana
Java客户端使用es设置密码
工具方法public static RestHighLevelClient getEsConnectionSecurity(String ip,int port,String username,String password){ BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider(); basicCredentialsProvider.setCredentials(AuthScope.ANY,new UsernamePasswordCredentials(username,password)); RestClientBuilder restClientBuilder = RestClient.builder(new HttpHost(ip, port)) .setHttpClientConfigCallback( new RestClientBuilder.HttpClientConfigCallback() { @Override public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) { return httpClientBuilder.setDefaultCredentialsProvider(basicCredentialsProvider); } } ); return new RestHighLevelClient(restClientBuilder); }
pom文件: org.elasticsearch.client transport 7.6.2 org.elasticsearch.client elasticsearch-rest-high-level-client 7.6.2 org.elasticsearch.client elasticsearch-rest-client 7.6.2 org.elasticsearch elasticsearch 7.6.2
以上是单机版的es集群添加密码后的操作,适合平时练习使用,如果是es集群,该版本还需要开启集群认证的操作
1.更改es配置文件,添加如下配置(es开启集群模式后的配置有很多需要更改的,比如集群内部通信等,这里只简单记录下开启安全认证的配置):xpack.security.enabled: true xpack.security.transport.ssl.enabled: true xpack.license.self_generated.type: basic xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
2.开启集群认证
为es集群创建节点认证中心 ,生成证书
命令:./bin/elasticsearch-certuil ca
中间会有设置密码的操作,可以直接回车,代表设置密码为空
根据提示执行完该命令后,会生成一个elastic-stack-ca.p12文件,将这个文件scp到集群每一个节点上
之后每个节点都需要执行如下命令:./bin/elasticsearch-certutil cert --ca ./elastic-stack-ca.p12
命令执行完成后会生成一个elastic-certificates.p12文件
上面更改的集群配置文件中,最后两个配置的文件就是这两个生成的证书文件路径
3.重启es集群
-------------------------结束------------------------
以上就是学习es过程中记录的关于集群密码的设置方法
我是刚开始学习编程不久的小白,有什么错误欢迎大家指正,以后我会将学习中的笔记、记录整理好发出来,希望大家多多支持。