Starting from Elasticsearch 6.8, free users are allowed to use the security features of X-Pack. Previously, installing es was a naked process. Next, we will record how to configure security authentication. To simplify the physical installation process, we will use docker to install our service. Some basic configurationes needs to modify some parameters of linux. Set sudo vim /etc/sysctl.conf vm.max_map_count=262144 Do not restart, directly take effect of the current command sysctl -w vm.max_map_count=262144 The data and logs directories of es need to be authorized to 1000 users. We assume that three es clusters are installed and create the corresponding data storage files first. mkdir -p es01/data mkdir -p es01/logs mkdir -p es02/data mkdir -p es02/logs mkdir -p es03/data mkdir -p es03/logs ## es's user ID is 1000, so let's temporarily authorize it to everyone sudo chmod 777 es* -R About versions and docker images Elasticsearch has several licenses, of which Open Source and Basic are free. Security features were only integrated into the Basic license after version 6.8. The corresponding docker image of Basic is docker pull docker.elastic.co/elasticsearch/elasticsearch:7.6.2 At the same time, Dockerhub is synchronized to elasticsearch. We can directly pull startFirst, create docker-compose.yml version: '2.2' services: es01: image: elasticsearch:7.6.2 container_name: es01 environment: - node.name=es01 - cluster.name=es-docker-cluster - discovery.seed_hosts=es02,es03 - cluster.initial_master_nodes=es01,es02,es03 - bootstrap.memory_lock=true - "ES_JAVA_OPTS=-Xms512m -Xmx512m" ulimits: memlock: soft: -1 hard: -1 volumes: - ./es01/data:/usr/share/elasticsearch/data - ./es01/logs:/usr/share/elasticsearch/logs - ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml - ./elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12 ports: - 9200:9200 networks: - elastic es02: image: elasticsearch:7.6.2 container_name: es02 environment: - node.name=es02 - cluster.name=es-docker-cluster - discovery.seed_hosts=es01,es03 - cluster.initial_master_nodes=es01,es02,es03 - bootstrap.memory_lock=true - "ES_JAVA_OPTS=-Xms512m -Xmx512m" ulimits: memlock: soft: -1 hard: -1 volumes: - ./es02/data:/usr/share/elasticsearch/data - ./es02/logs:/usr/share/elasticsearch/logs - ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml - ./elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12 ports: - 9201:9200 networks: - elastic es03: image: elasticsearch:7.6.2 container_name: es03 environment: - node.name=es03 - cluster.name=es-docker-cluster - discovery.seed_hosts=es01,es02 - cluster.initial_master_nodes=es01,es02,es03 - bootstrap.memory_lock=true - "ES_JAVA_OPTS=-Xms512m -Xmx512m" ulimits: memlock: soft: -1 hard: -1 volumes: - ./es03/data:/usr/share/elasticsearch/data - ./es03/logs:/usr/share/elasticsearch/logs - ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml - ./elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12 ports: - 9202:9200 networks: - elastic kib01: depends_on: -es01 image: kibana:7.6.2 container_name: kib01 ports: -5601:5601 environment: ELASTICSEARCH_URL: http://es01:9200 ELASTICSEARCH_HOSTS: http://es01:9200 volumes: - ./kibana.yml:/usr/share/kibana/config/kibana.yml networks: - elastic networks: elastic: driver: bridge About elasticsearch.ymlThe content is as follows network.host: 0.0.0.0 xpack.security.enabled: true xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.keystore.type: PKCS12 xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.type: PKCS12 xpack.security.audit.enabled: true
About the certificate elastic-certificates.p12 es provides a tool for generating certificates First run the es instance sudo docker run -dit --name=es elasticsearch:7.6.2 /bin/bash Enter the instance sudo docker exec -it es /bin/bash Generate ca: elastic-stack-ca.p12 [root@25dee1848942 elasticsearch]# ./bin/elasticsearch-certutil ca This tool assists you in the generation of X.509 certificates and certificate signing requests for use with SSL/TLS in the Elastic stack. The 'ca' mode generates a new 'certificate authority' This will create a new X.509 certificate and private key that can be used to sign certificate when running in 'cert' mode. Use the 'ca-dn' option if you wish to configure the 'distinguished name' of the certificate authority By default the 'ca' mode produces a single PKCS#12 output file which holds: * The CA certificate * The CA's private key If you elect to generate PEM format certificates (the -pem option), then the output will be a zip file containing individual files for the CA certificate and private key Please enter the desired output file [elastic-stack-ca.p12]: Enter password for elastic-stack-ca.p12 : Regenerate cert: elastic-certificates.p12 [root@25dee1848942 elasticsearch]# ./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 This tool assists you in the generation of X.509 certificates and certificate signing requests for use with SSL/TLS in the Elastic stack. The 'cert' mode generates X.509 certificate and private keys. The elastic-certificates.p12 generated is what we need to use. Copy the certificate and press ctrl+d to exit the container. sudo docker cp es:/usr/share/elasticsearch/elastic-certificates.p12 . # Close this container sudo docker kill es sudo docker rm es The certificate is thus obtained. Generate PasswordWe first need to start the es cluster and generate a password in it. sudo docker-compose up Then enter one of sudo docker exec -it es01 /bin/bash Use auto to generate passwords and [root@cfeeab4bb0eb elasticsearch]# ./bin/elasticsearch-setup-passwords -h Sets the passwords for reserved users Commands -------- auto - Uses randomly generated passwords interactive - Uses passwords entered by a user Non-option arguments: command Option Description ------ ----------- -E <KeyValuePair> Configure a setting -h, --help Show help -s, --silent Show minimal output -v, --verbose Show verbose output [root@cfeeab4bb0eb elasticsearch]# ./bin/elasticsearch-setup-passwords auto Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user. The passwords will be randomly generated and printed to the console. Please confirm that you would like to continue [y/N]y Changed password for user apm_system PASSWORD apm_system = YxVzeT9B2jEDUjYp66Ws Changed password for user kibana PASSWORD kibana = 8NnThbj0N02iDaTGhidU Changed password for user logstash_system PASSWORD logstash_system = 9nIDGe7KSV8SQidSk8Dj Changed password for user beats_system PASSWORD beats_system = qeuVaf1VEALpJHfEUOjJ Changed password for user remote_monitoring_user PASSWORD remote_monitoring_user = DtZCrCkVTZsinRn3tW3D Changed password for user elastic PASSWORD elastic = q5f2qNfUJQyvZPIz57MZ Use passwordThe browser accesses localhost:9200/9201/9202 and needs to enter the account Just enter the corresponding elastic/password Browse to localhost:5601 forget the passwordWhat if you forget the password after generating it? You can log into the machine to modify it. Enter the es machine sudo docker exec -it es01 /bin/bash Create a temporary superuser RyanMiao ./bin/elasticsearch-users useradd ryan -r superuser Enter new password: ERROR: Invalid password...passwords must be at least [6] characters long [root@cfeeab4bb0eb elasticsearch]# ./bin/elasticsearch-users useradd ryan -r superuser Enter new password: Retype new password: Use this user to change the password of elastic: curl -XPUT -u ryan:ryan123 http://localhost:9200/_xpack/security/user/elastic/_password -H "Content-Type: application/json" -d ' { "password": "q5f2qNfUJQyvZPIz57MZ" }' Reference http://codingfundas.com/setting-up-elasticsearch-6-8-with-kibana-and-x-pack-security-enabled/index.html This is the end of this article about how to install Elasticsearch 7.6 cluster with docker and set passwords. For more information about installing Elasticsearch 7.6 cluster with docker, please search for previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope you will support 123WORDPRESS.COM in the future! You may also be interested in:
|
<<: Analysis of the reasons why MySQL's index system uses B+ tree
>>: How to do a good refactoring is not only refactoring the code but also refactoring life
Detailed explanation of the usage of DECIMAL in M...
1. Command Introduction The date command is used ...
Table of contents 1. Concept 1.1 What are errors ...
This article describes how to install mysql5.6 us...
Table of contents 1. Repeated declaration 1.1 var...
In a recent problem, there is such a phenomenon: ...
mysql5.5.28 installation tutorial for your refere...
MySQL 5.7.8 and later began to support a native J...
Use CSS to modify scroll bars 1. Overflow setting...
There is a requirement to realize the shaking eff...
In rows, dark border colors can be defined indivi...
This article shares the specific code for WeChat ...
First delete mysql: sudo apt-get remove mysql-* T...
Table of contents Effect display Component Settin...
To summarize: Readonly is only valid for input (te...