ES7.7以后的版本将安全认证功能免费开放了。并将X-pack插件集成了到了开源的ElasticSearch版本中。
1. 生成证书
切换到elastsearch的目录下,使用下列命令生成证书
bin/elasticsearch-certutil cert -out config/elastic-certificates.p12 -pass ""
2.修改配置文件,启用x-pack
vi conf/elasticsearch.yaml
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
3.重启elasticsearch
./bin/elasticsearch -d (这一步非常重要,必须启动才能新增用户名和密码);
4. 设置密码:
./elasticsearch-setup-passwords interactive
zftestest#2022
Changed password for user [apm_system]
Changed password for user [kibana_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
5.验证:
打开浏览器,输入我们的elasticsearch的网址,然后会弹出一个输入框,让我们输入账号和密码。
6.后续修改密码:
如果你觉得之前用户的密码设置的太简单了,你想修改密码可以采用如下方式:
curl -XPOST -u elastic "localhost:9200/_security/user/elastic/_password" -H 'Content-Type: application/json' -d'{"password" : "abcd1234"}'
7.修改kibana配置文件,config下的kibana.yml,添加如下内容
elasticsearch.username: “elastic”
elasticsearch.password: “password”
打开config/logstash.yml,添加下面一行代码:
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: elastic
xpack.monitoring.elasticsearch.password: password
xpack.monitoring.elasticsearch.hosts: ["http://127.0.0.1:9200"]
output {
if [type]=="user" {
elasticsearch {
hosts => "127.0.0.1:9200"
user => “elastic”
password => “password”
# index名
index => "user"
# type名
document_type => "_doc"
# 需要关联的数据库中有有一个id字段,对应索引的id号
document_id => "%{id}"
}
stdout {
codec => json_lines
}
}
}