- 如何為集群啟用X-Pack Security
- 如何為內置用戶設置密碼
- 設置 Kibana與ElasticSearch通信鑒權
- 使用安全API創建對特定索引具有有限訪問權限的用戶
This tutorial involves a single node cluster, but if you had multiple nodes, you would enable Elasticsearch security features on every node in the cluster and configure Transport Layer Security (TLS) for internode-communication, which is beyond the scope of this tutorial. By enabling single-node discovery, we are postponing the configuration of TLS. For example, add the following setting:
discovery.type: single-node
課程demo
#啟動單節點 bin/elasticsearch -E node.name=node0 -E cluster.name=geektime -E path.data=node0_data -E http.port=9200 -E xpack.security.enabled=true #使用Curl訪問ES,或者瀏覽器訪問 “localhost:9200/_cat/nodes?pretty”。返回401錯誤 curl 'localhost:9200/_cat/nodes?pretty' #運行密碼設定的命令,設置ES內置用戶及其初始密碼。 bin/elasticsearch-setup-passwords interactive curl -u elastic 'localhost:9200/_cat/nodes?pretty' # 修改 kibana.yml elasticsearch.username: "kibana" elasticsearch.password: "changeme" #啟動。使用用戶名,elastic,密碼elastic ./bin/kibana POST orders/_bulk {"index":{}} {"product" : "1","price" : 18,"payment" : "master","card" : "9876543210123456","name" : "jack"} {"index":{}} {"product" : "2","price" : 99,"payment" : "visa","card" : "1234567890123456","name" : "bob"} #create a new role named read_only_orders, that satisfies the following criteria: #The role has no cluster privileges #The role only has access to indices that match the pattern sales_record #The index privileges are read, and view_index_metadata #create sales_user that satisfies the following criteria: # Use your own email address # Assign the user to two roles: read_only_orders and kibana_user #驗證讀權限,可以執行 POST orders/_search {} #驗證寫權限,報錯 POST orders/_bulk {"index":{}} {"product" : "1","price" : 18,"payment" : "master","card" : "9876543210123456","name" : "jack"} {"index":{}} {"product" : "2","price" : 99,"payment" : "visa","card" : "1234567890123456","name" : "bob"}