一、概述
插件選擇
官方資料:
https://www.elastic.co/guide/en/elasticsearch/plugins/current/security.html
官方插件 X-Pack
X-Pack 插件在 docker 鏡像中默認已安裝,不過 X-Pack 中的 Security 模塊需要付費才能使用,所以棄用這個插件。
- 付費用戶相關資料: Security Settings in Elasticsearch
社區插件 Readonly REST
Readonly REST 是 Elasticsearch 原生 REST API 的高性能權限控制插件。
環境說明
操作系統:centos 7.6
docker版本:19.03.12
ip地址:192.168.31.190
配置:1核2g
二、構建鏡像
本文使用readonlyrest 插件來構建一個 Elasticsearch 鏡像下載插件
這里使用最新版本,目前為:7.12.1
訪問官方下載地址:https://readonlyrest.com/download/

注意:這里選擇免費版本,指定版本為7.12.1,輸入一個郵箱地址。這個郵箱地址可以是你的常用郵箱,比如QQ,163,新浪都可以。
點擊GET IT NOW,就會收到一封郵件
點擊郵件內容中的Download就會開啟下載,這里我們會得到一個文件readonlyrest-1.29.0_es7.12.1.zip
編輯dockerfile
登錄到centos 7.6服務器,新建目錄/opt/elasticsearch_7.12.1_security,將readonlyrest-1.29.0_es7.12.1.zip上傳到此目錄。
目錄結構如下:
./ ├── dockerfile ├── readonlyrest-1.29.0_es7.12.1.zip └── readonlyrest.yml
dockerfile
FROM elasticsearch:7.12.1 COPY readonlyrest-1.29.0_es7.12.1.zip /plugins/readonlyrest-1.29.0_es7.12.1.zip RUN sh -c 'echo -e "y" | /usr/share/elasticsearch/bin/elasticsearch-plugin install -b file:///plugins/readonlyrest-1.29.0_es7.12.1.zip' COPY readonlyrest.yml /usr/share/elasticsearch/config/readonlyrest.yml
readonlyrest.yml
readonlyrest: access_control_rules: - name: "Require HTTP Basic Auth" type: allow auth_key: admin:Passw0rd
說明,這里指定用戶名:admin,密碼:Passw0rd
請根據實際情況修改
構建鏡像
cd /opt/elasticsearch_7.12.1_security docker build -t elasticsearch:security-7.12.1 .
三、部署Elasticsearch
參考官方文檔:https://www.elastic.co/guide/en/elasticsearch/reference/7.12/docker.html
修改文件 /etc/sysctl.conf
增加一行
vm.max_map_count=262144
刷新參數
sysctl -p
啟動Elasticsearch
docker run -d --name=elasticsearch \ -p 9200:9200 -p 9300:9300 \ -e "discovery.type=single-node" \ -e "xpack.security.enabled=false" \ -e "TZ=Asia/Shanghai" \ elasticsearch:security-7.12.1
注意:啟動時,一定要設置 xpack.security.enabled=false,否則啟動會報錯
uncaught exception in thread [main] java.lang.IllegalArgumentException: Cannot have more than one plugin implementing a REST wrapper at org.elasticsearch.action.ActionModule.<init>(ActionModule.java:448) at org.elasticsearch.node.Node.<init>(Node.java:575) at org.elasticsearch.node.Node.<init>(Node.java:278) at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:217) at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:217) at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:397) at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:75) at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:116) at org.elasticsearch.cli.Command.main(Command.java:79) at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115) at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:81) For complete error details, refer to the log at /usr/share/elasticsearch/logs/docker-cluster.log
持久化存儲的文件夾
mkdir -p /data/elk7/elasticsearch docker cp elasticsearch:/usr/share/elasticsearch /data/elk7/ chmod g+rwx -R /data/elk7/elasticsearch chgrp 1000 -R /data/elk7/elasticsearch
注意:由於docker運行中的elasticsearch用戶id是1000,所以這里也設置1000
刪除elasticsearch
docker rm -f elasticsearch
掛載目錄方式啟動
docker run -d --name=elasticsearch \ -p 9200:9200 -p 9300:9300 \ -e "discovery.type=single-node" \ -e "xpack.security.enabled=false" \ -e "TZ=Asia/Shanghai" \ -v /usr/share/elasticsearch:/data/elk7/elasticsearch \ -e "ES_JAVA_OPTS=-Xms512m -Xmx512m" \ elasticsearch:security-7.12.1
注意:關於ES_JAVA_OPTS參數,堆內存一般設置為內存的一半,請根據實際情況修改。
驗證權限
不使用賬號密碼請求 API,請求失敗
[root@centos7 ~]# curl 127.0.0.1:9200/_cat/nodes {"error":{"root_cause":[{"reason":"forbidden","due_to":["OPERATION_NOT_ALLOWED"]}],"reason":"forbidden","due_to":["OPERATION_NOT_ALLOWED"],"status":401}}
使用賬號密碼請求 API,請求成功
[root@centos7 ~]# curl -u admin:Passw0rd 127.0.0.1:9200/_cat/nodes 172.17.0.2 20 93 0 0.00 0.01 0.05 cdfhilmrstw * f74fd2ea4785
補充知識點
Kibana 連接 Elasticsearch
docker run -d \ --name kibana \ --link elasticsearch:elasticsearch \ -e "ELASTICSEARCH_USERNAME=admin" \ -e "ELASTICSEARCH_PASSWORD=Passw0rd" \ -e "TZ=Asia/Shanghai" \ -p 5601:5601 \ kibana:7.12.1
- Kibana Docker 部署文檔:https://www.elastic.co/guide/en/kibana/current/docker.html
- Kibana 配置文檔:https://www.elastic.co/guide/en/kibana/current/settings.html
本文參考鏈接:
https://www.jianshu.com/p/d6a54b498283
https://blog.csdn.net/JISOOLUO/article/details/104739013