2019年1月30日,外媒又報道了一起Elasticsearch數據泄露事件!2019年1月份的至少有6起Elasticsearch數據泄露事件了。原因何在,很簡單,開發者在服務啟動之后總是懶得去修改,哪怕是添加個密碼,不信?你去看看你們公司的REDIS服務器,看看有多少設置了密碼,至少我公司不相關的部門的業務,他們的REDIS我都能遠程登錄(因對接關系我知道了redis服務器IP)。
好吧,回到Elasticsearch7.7的密碼設置問題上來吧,說說我遇到的Elasticsearch設置賬號密碼時的矛盾問題,很扯蛋。不過也不要上綱上線,因為這問題肯定是可以解決的,但我在寫這篇筆記的時候還沒有找到方法,而我又想基於此留下點筆記。操作過程如下:
#1.開始給elasticsearch設置密碼 tiger@n21-045-025:/usr/share/elasticsearch$ sudo bin/elasticsearch-setup-passwords interactive It doesn't look like the X-Pack security feature is enabled on this Elasticsearch node. Please check if you have enabled X-Pack security in your elasticsearch.yml configuration file. ERROR: X-Pack Security is disabled by configuration. #提示沒有在配置文件中開啟X-Pack,OK #2.開啟X-Pack配置 tiger@n21-045-025:/opt/elasticsearch$ sudo vim /etc/elasticsearch/elasticsearch.yml http.cors.enabled: true http.cors.allow-origin: "*" #新增加了以下兩行配置 xpack.security.enabled: true xpack.security.transport.ssl.enabled: true #3.增加完配置之后要重啟elasticsearch不?你說不重啟能行嗎?不重啟就還是沒有配置啊。 #重啟elasticsearch之后,然后我們再來配置密碼 #修改完配置重啟es之后使用elasticsearch-setup-passwords interactive tiger@n21-045-025:/usr/share/elasticsearch$ sudo bin/elasticsearch-setup-passwords interactive #Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user. Enter password for [elastic]: Reenter password for [elastic]: Enter password for [apm_system]: Reenter password for [apm_system]: Enter password for [kibana]: Reenter password for [kibana]: Enter password for [logstash_system]: Reenter password for [logstash_system]: Enter password for [beats_system]: Reenter password for [beats_system]: Enter password for [remote_monitoring_user]: Reenter password for [remote_monitoring_user]: Unexpected response code [503] from calling PUT http://192.21.15.25:9200/_security/user/apm_system/_password?pretty Cause: Cluster state has not been recovered yet, cannot write to the [null] index Possible next steps: * Try running this tool again. * Try running with the --verbose parameter for additional messages. * Check the elasticsearch logs for additional error details. * Use the change password API manually. ERROR: Failed to set password for user [apm_system]
#看設置報錯:
tiger@n21-045-025:/usr/share/elasticsearch$ sudo bin/elasticsearch-setup-passwords interactive --verbose
Running with configuration path: /etc/elasticsearch
Testing if bootstrap password is valid for http://192.21.15.25:9200/_security/_authenticate?pretty
Checking cluster health: http://192.21.15.25:9200/_cluster/health?pretty
{
"error" : {
"root_cause" : [
{
"type" : "master_not_discovered_exception",
"reason" : null
}
],
"type" : "master_not_discovered_exception",
"reason" : null
},
"status" : 503
}
Failed to determine the health of the cluster running at http://192.21.15.25:9200
Unexpected response code [503] from calling GET http://192.21.15.25:9200/_cluster/health?pretty
Cause: master_not_discovered_exception
It is recommended that you resolve the issues with your cluster before running elasticsearch-setup-passwords.
It is very likely that the password changes will fail when run against an unhealthy cluster.
Do you want to continue with the password setup process [y/N]ERROR: User cancelled operation
看上面的報錯,這時提示9200服務報503錯誤,什么原因呢?我設置了要要賬號密碼啊。現在從瀏覽器訪問9200端口也是需要賬號密碼才能登錄的,請求http://192.21.15.25:9200/_cluster/health?pretty接口也會阻塞一直不響應,因為在等待賬號密碼呢。
這就矛盾了:我沒啟用xpack.security.enabled時,不能進入設置密碼。但我啟動了之后設置密碼時它會調用_cluster/health?pretty檢查集群狀態然后就有問題了。這不矛盾了嗎?
網上找了一些資料,包括google,但也都沒有解決:比如 https://stackoverflow.com/questions/61884976/apply-security-on-elk-cluster-authentication-issue 這里說把所有的節點都加上上面的X-pack配置重啟,然后使用auto進行密碼設置。一樣會出現無法檢查集群健康狀態的問題。Failed to determine the health of the cluster running at http://192.21.15.25:9200 Unexpected response code [503] from calling GET http://192.21.15.25:9200/_cluster/health?pretty
這個肯定不能是個問題!這個也一定能解決的,暫時挺腦火,留個筆記在這里!