elasticsearch 配置 search-guard 插件

一、安装环境

  • Centos 7
  • es 6.4.2 (全部rpm包安装)
  • logstash 6.4.2
  • kibana 6.4.2

二、ES 安装 search guard

  1. 直接使用 ES plugin 插件管理程序进行安装(插件具体对应找对应es版本的下载,插件地址在这
cd /usr/share/elasticsearch/bin 
bash elasticsearch-plugin install -b com.floragunn:search-guard-6:6.4.2-24.0
  1. 执行脚本自动启用插件
cd /usr/share/elasticsearch/plugins/search-guard-6/tools
bash install_demo_configuration.sh # 连续输入3个 "y" 就行
  1. 重新启动 es 使插件生效,在浏览器中打开 https://IP:9200 进行验证(插件启用后需要输入用户名密码才可以使用)用户名密码保存路径如下:/usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_internal_users.yml;默认管理员用户为admin;密码为admin
  2. 修改默认的用户名密码
1. 生成新的密码
# root @ elastic in /usr/share/elasticsearch/plugins/search-guard-6/tools
$ cd /usr/share/elasticsearch/plugins/search-guard-6/tools && ls
hash.bat  hash.sh  install_demo_configuration.sh  sgadmin.bat  sgadmin_demo.sh  sgadmin.sh

$ bash hash.sh -p password
$2y$12$m5..B0RPu6Lwnz2mWbzbm.wvYYmqIKJHjuCLPzOSW9erF01dcK52C

2. 修改 sg_internal_users.yml 配置文件(/usr/share/elasticsearch/plugins/search-guard-6/sgconfi/sg_internal_users.yml)

#######################################################################
#password is: password
admin:
  readonly: false # 此选项为 true 时 不能在kibana中修改密码
  hash: $2y$12$nwfMezsKdWhPMoj5iqZ/6.H9RpXFvDbd59K1mTxqWmH8IY/bFWSXm
  roles:
    - admin
  attributes:
    #no dots allowed in attribute names
    attribute1: value1
    attribute2: value2
    attribute3: value3
#######################################################################

3. 重新加载配置文件
# root @ elastic in /usr/share/elasticsearch/plugins/search-guard-6/tools
$ cd /usr/share/elasticsearch/plugins/search-guard-6/tools && ./sgadmin_demo.sh && systemctl restart elasticsearch

二、配置kibana

  1. 安装 search-guard-kibana-plugin 插件(插件对应版本搜索地址
cd /usr/share/kibana/bin
./kibana-plugin install \
https://search.maven.org/remotecontent\?filepath\=com/floragunn/search-guard-kibana-plugin/6.4.2-16/search-guard-kibana-plugin-6.4.2-16.zip
  1. 重新配置 kibana,配置文件配置好如下
server.port: 5601
server.host: "127.0.0.1"
elasticsearch.url: "https://localhost:9200"
elasticsearch.username: "kibanaserver"
elasticsearch.password: "kibanaserver"
elasticsearch.ssl.verificationMode: none
elasticsearch.requestHeadersWhitelist: [ "Authorization", "sgtenant" ]
tilemap.url: 'http://webrd02.is.autonavi.com/appmaptile?lang=zh_cn&size=1&scale=1&style=7&x={x}&y={y}&z={z}'
xpack.monitoring.enabled: false
xpack.graph.enabled: false
xpack.ml.enabled: false
xpack.watcher.enabled: false
xpack.security.enabled: false
  1. 重新启动kibana,第一次启动时间有点长(几分钟左右),配置成功后用admin用户登陆后显示如下


三、 logstash output 配置

elasticsearch {
            codec => json
            hosts => ["https://ek:9200"]
            user => admin
            password => password
            ssl => false
            ssl_certificate_verification => false
            index => "nginx-%{+YYYY_MM}"
        }

推荐阅读更多精彩内容