elasticsearch 6.2.4添加用户密码认证

elasticsearch 6.3版本之前的添加认证需安装x-pack插件，6.3之后貌似去掉了这个。

1、安装x-pack

先切换到elastic用户下，在执行以下命令

$cd /data/elasticsearch-6.2.  --进到elasticsearch的安装目录

$./bin/elasticsearch-plugin install x-pack

elasticsearch 6.2.4添加用户密码认证

2、设置密码：

$cd /data/elasticsearch-6.2./bin/x-pack

$./setup-passwords interactive

会对elasticsearch、logstash、kibana分别设置登录密码（默认es用户名为elastic，logstash用户名为logstash_system，kibana用户名为kibana）　

elasticsearch 6.2.4添加用户密码认证

3、设置elasticsearch配置文件

$vim /data/elasticsearch-6.2./config/elasticsearch.yml   --添加如下三行

http.cors.enabled: true

http.cors.allow-origin: '*'

http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type

配置完重启下elasticsearch服务

4、测试

[elastic@data-backup elasticsearch-6.2.4]$curl http://10.163.19.231:9600  --不用密码访问，会报错

{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication token for REST request [/]","header":

{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"missing authentication

token for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":}

[elastic@data-backup elasticsearch-6.2.4]$curl http://10.163.19.231:9600 -u elastic:elastic123  --用刚才新加的用户密码访问，能正常返回数据(elastic:用户名,elastic123:密码)

{

"name" : "eR3qSni",

"cluster_name" : "elasticsearch",

"cluster_uuid" : "pQbnNW7jRgmzbqvW7n2I5Q",

"version" : {

"number" : "6.2.4",

"build_hash" : "ccec39f",

"build_date" : "2018-04-12T20:37:28.497551Z",

"build_snapshot" : false,

"lucene_version" : "7.2.1",

"minimum_wire_compatibility_version" : "5.6.0",

"minimum_index_compatibility_version" : "5.0.0"

},

"tagline" : "You Know, for Search"

}

5、添加自定义角色：

添加角色接口为：POST /_xpack/security/role/

下面添加一个超级管理员角色为例：

[elastic@data-backup elasticsearch-6.2.4]$ curl -XPOST -H 'Content-type: application/json' -u elastic:elastic123 'http://10.163.19.231:9600/_xpack/security/role/admin?pretty' -d '{
"run_as":["elastic"],
"cluster":["all"],
"indices":[
{
"names":["*"],
"privileges":["all"]
}
]
}'

{
"role" : {
"created" : true
}
}

[elastic@data-backup elasticsearch-6.2.4]$ curl -XGET -H 'Content-type: application/json' -u elastic:elastic123 'http://10.163.19.231:9600/_xpack/security/role/admin?pretty'
{
"admin" : {
"cluster" : [
"all"
],
"indices" : [
{
"names" : [
"*"
],
"privileges" : [
"all"
]
}
],
"run_as" : [
"elastic"
],
"metadata" : { },
"transient_metadata" : {
"enabled" : true
}
}
}

6、添加自定义用户：

添加用户接口为：POST/_xpack/security/user/

下面以添加一个test用户并添加至admin角色为例：

注：这里要注意的是用户密码最好不要有"$" "!"之类的字符，这样有可能会导致密码认证不成功，其他字符测试过暂时没问题（具体原因不详，反正我遇到过这个坑）

elasticsearch 6.2.4添加用户密码认证

[elastic@data-backup elasticsearch-6.2.]$ curl -XGET -H 'Content-type: application/json' -u test:Test123654% 'http://10.163.19.231:9600/_cat/indices?pretty'

green  open .monitoring-es--2019.09.   J1K2XG1eTXqw0GHSOH5Gwg            .9kb .9kb

green  open .watches                      qHj5owowRC-3DeK8DaLD-g                 .8kb  .8kb

green  open .triggered_watches            2pm3BwCnTaKgyzl39eFpUw                  .1kb   .1kb

yellow open monitor                       yFnfztziSguTq9VsfSANpw               .7kb .7kb

green  open .watcher-history--2019.09. uz6RA_8vRraHHLAitWKtAw               .8kb .8kb

green  open .monitoring-alerts-          ZPTqnNVOQ5GlUK1ncXNQDQ                 .1kb  .1kb

yellow open track                         AqSGAZnAQE2NGvZXlp9zcw       201mb   201mb

green  open .security-                   83fAslPbQDSGbGWfhiMAXA

密码字符测试的部分截图：（这里用到的修改密码在下面有讲解）

elasticsearch 6.2.4添加用户密码认证

7、修改用户密码：

修改密码需要使用超级管理员权限即elastic用户，接口为：POST /_xpack/security/user/要修改密码的用户名/_password

curl参数含义如下：

-XPOST 使用post方法传递参数

-H 指定http协议的header信息

-u 指定用于认证的用户信息，用户名与密码使用冒号分隔

-d 指定具体要传递的参数信息

例如：修改martin用户的密码为:dxm1234%
[elastic@data-backup elasticsearch-6.2.4]$curl -XPOST -H 'Content-type: application/json' -u elastic:elastic123 'http://10.163.19.231:9600/_xpack/security/user/martin/_password?pretty' -d '{"password": "dxm1234%"}'

修改密码后访问正常则说明修改成功，否则可能报错401

elasticsearch 6.2.4添加用户密码认证

秒客网

elasticsearch 6.2.4添加用户密码认证

相关文章