之前在docker中安装过elasticsearch和elasticsearchhead以及kibana都没有配置密码,在此记录下设置过程。
参考 官方文档
xpack.security.enabled: true
设置引导性密码
The setup-passwords tool is the simplest method to set the built-in users’ passwords for the first time. It uses the elastic user’s bootstrap password to run user management API requests. For example, you can run the command in an “interactive” mode, which prompts you to enter new passwords for the elastic, kibana, and logstash_system users:
修改容器内或者修改挂载出来的elasticsearch.yml
docker exec -it elasticsearch /bin/bash # 进入容器内部
vi /data/elasticsearch/config/elasticsearch.yml # 挂载目录
elasticsearch.yml 文件添加
cluster.name: "docker-cluster-01"
network.host: 0.0.0.0
http.cors.enabled: true
http.cors.allow-origin: "*"
# 此处开启xpack
xpack.security.enabled: true
重新启动elasticsearch。
docker restart elasticsearch
进入docker中的elasticsearch中,设置密码,执行
/usr/share/elasticsearch/bin/x-pack/setup-passwords interactive
依次设置用户:elastic、apm_system、kibana_system、logstash_system、beats_system、remote_monitoring_user共6个用户。
内部用户
X-Pack 安全有三个内部用户(_system、_xpack和_xpack_security),负责在 Elasticsearch 集群中进行的操作。
这些用户仅由源自集群内的请求使用。出于这个原因,它们不能用于对 API 进行身份验证,并且没有密码可以管理或重置。
有时,您可能会在日志中找到对这些用户之一的引用,包括审计日志。
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana_system]:
Reenter password for [kibana_system]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
curl localhost:9200
结果显示:
[root@VM-24-15-centos config]# curl localhost:9200
{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"missi
显示这个则设置成功。
使用密码访问elasticsearch测试是否可以访问。
curl localhost:9200 -u elastic
就可以看到elasticsearch信息。
POST _xpack/security/user/_password
POST _xpack/security/user/<username>/_password
# 将用户elastic 密码改为elastic
curl -u elastic -H "Content-Type: application/json" -X POST "localhost:9200/_xpack/security/user/elastic/_password" --data '{"password":"elastic"}'
# 测试是否修改成功
curl localhost:9200 -u elastic
登录成功的结果展示:
{
"name" : "384cda4775e5",
"cluster_name" : "docker-cluster-01",
"cluster_uuid" : "SOH21TLnQdSZnJq0ZW2iDw",
"version" : {
"number" : "7.14.2",
"build_flavor" : "default",
"build_type" : "docker",
"build_hash" : "6bc13727ce758c0e943c3c21653b3da82f627f75",
"build_date" : "2021-09-15T10:18:09.722761972Z",
"build_snapshot" : false,
"lucene_version" : "8.9.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
创建本地超级账户,然后使用api接口本地超级账户重置elastic账户的密码
docker exec -it elasticsearch /bin/bash
bin/x-pack/users useradd test_admin -p test_password -r superuser
docker restart elasticsearch
curl -u test_admin -XPUT -H 'Content-Type: application/json' 'http://localhost:9200/_xpack/security/user/elastic/_password' -d '{"password" : "新密码"}'
curl localhost:9200 -u elastic
文档
修改容器内或者修改挂载出来的kibana.yml
docker exec -it kibana /bin/bash # 进入容器内部
vi /data/kibana/config/kibana.yml # 挂载目录
kibana.yml 文件添加
#
# ** THIS IS AN AUTO-GENERATED FILE **
#
# Default Kibana configuration for docker target
server.host: "0"
server.shutdownTimeout: "5s"
elasticsearch.hosts: [ "http://172.17.0.3:9200" ]
monitoring.ui.container.elasticsearch.enabled: true
i18n.locale: "zh-CN"
# 此处设置elastic的用户名和密码
elasticsearch.username: elastic
elasticsearch.password: elastic
重新启动elasticsearch。
docker restart kibana
新手最近开始写文章,手敲不易,请多多支持!在此感谢每位读者0.0