赞
踩
用户名和密码是 Elasticsearch 最基本的安全功能,要使用这个功能我们要启用 X-Pack 安全功能,X-Pack是 Elasticsearch 的安全插件,在 elasticsearch.yml 文件添加配置 xpack.security.enabled
并设置为 true 来开启安全功能,修改我们的 docker-compose.yml 文件。
services:
es01:
image: elasticsearch:7.14.1
container_name: es01
environment:
- node.name=es01
- discovery.seed_hosts=es02
- cluster.initial_master_nodes=es01,es02
- cluster.name=docker-cluster
- bootstrap.memory_lock=true #开启内存锁定检查
- "ES_JAVA_OPTS=-Xms512m -Xmx512m" #限制堆大小
- xpack.security.enabled=true #开启安全功能
ulimits: #内存锁定
memlock:
soft: -1
hard: -1
es02:
image: elasticsearch:7.14.1
container_name: es02
environment:
- node.name=es02
- discovery.seed_hosts=es01
- cluster.initial_master_nodes=es01,es02
- cluster.name=docker-cluster
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- xpack.security.enabled=true
ulimits:
memlock:
soft: -1
hard: -1
kibana:
image: kibana:7.14.1
container_name: kibana
environment:
- SERVER_NAME=kibana.localhost
- ELASTICSEARCH_HOSTS=http://es01:9200
- I18N_LOCALE=zh-CN
ports:
- 5601:5601
depends_on:
- es01
Elasticsearch 官方提供了一个命令行工具来帮我们设置用户名和密码,该工具在 bin 目录下。
我们进入到 es01 中并cd到bin目录下
docker exec -it es01 bash
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-rdtKW1MM-1639706821835)(D:gitmarkdown-notesimagesDocker部署单机版EFKimage-20211216230401061.png)]
图中箭头所指的就是官方提供的工具
[root@1d0b0d774f90 bin]# elasticsearch-setup-passwords --help
Sets the passwords for reserved users
Commands
--------
auto - Uses randomly generated passwords
interactive - Uses passwords entered by a user
Non-option arguments:
command
Option Description
------ -----------
-E <KeyValuePair> Configure a setting
-h, --help Show help
-s, --silent Show minimal output
-v, --verbose Show verbose output
查看帮助信息可知该命令行工具只有两个参数
auto
表示随机生成设置密码后将密码显示在终端上interactive
表示用户交互式自定义设置密码我们选择自己设置密码,密码不会显示出来,我们要为多个用户设置密码,这里我给每个用户的密码都设置为 123123,在一个集群中,给一个 Elasticsearch 实例创建密码之后会自动应用到其他的实例中
[root@7bd455c1db3a bin]# elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana_system]:
Reenter password for [kibana_system]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
这是我们可以进入 Kibana 使用 curl 命令来连接 Elasticsearch 看时候可以连接成功
docker exec -it kibana bash
#使用用户名密码访问 es01
bash-4.4$ curl http://es01:9200 -u elastic:123123
{
"name" : "es01",
"cluster_name" : "docker-cluster",
"cluster_uuid" : "yOm6JKHKQVWeCilQCRVYqQ",
"version" : {
"number" : "7.14.1",
"build_flavor" : "default",
"build_type" : "docker",
"build_hash" : "66b55ebfa59c92c15db3f69a335d500018b3331e",
"build_date" : "2021-08-26T09:01:05.390870785Z",
"build_snapshot" : false,
"lucene_version" : "8.9.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
#使用用户名密码访问 es02
bash-4.4$ curl http://es02:9200 -u elastic:123123
{
"name" : "es02",
"cluster_name" : "docker-cluster",
"cluster_uuid" : "yOm6JKHKQVWeCilQCRVYqQ",
"version" : {
"number" : "7.14.1",
"build_flavor" : "default",
"build_type" : "docker",
"build_hash" : "66b55ebfa59c92c15db3f69a335d500018b3331e",
"build_date" : "2021-08-26T09:01:05.390870785Z",
"build_snapshot" : false,
"lucene_version" : "8.9.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
这说明 Elasticsearch 设置用户名密码成功。因为现在 Elasticsearch 集群已经配置了用户名和密码,所以要给 Kibana 配置 Elasticsearch 的用户名和密码,不然 Kibana 无法连接到 Elasticsearch,修改 docker-compose.yml 文件
坑:
Kibana 的环境变量配置和 Elasticsearch 不同,都是大写格式,并且和点号改成下划线
密码是字符串要用双引号括起来,同时不可以使用单引号
services:
es01:
image: elasticsearch:7.14.1
container_name: es01
environment:
- node.name=es01
- discovery.seed_hosts=es02
- cluster.initial_master_nodes=es01,es02
- cluster.name=docker-cluster
- bootstrap.memory_lock=true #开启内存锁定检查
- “ES_JAVA_OPTS=-Xms512m -Xmx512m” #限制堆大小
- xpack.security.enabled=true #开启安全功能
ulimits: #内存锁定
memlock:
soft: -1
hard: -1
es02:
image: elasticsearch:7.14.1
container_name: es02
environment:
- node.name=es02
- discovery.seed_hosts=es01
- cluster.initial_master_nodes=es01,es02
- cluster.name=docker-cluster
- bootstrap.memory_lock=true
- “ES_JAVA_OPTS=-Xms512m -Xmx512m”
- xpack.security.enabled=true
ulimits:
memlock:
soft: -1
hard: -1
kibana:
image: kibana:7.14.1
container_name: kibana
environment:
- SERVER_NAME=kibana.localhost
- ELASTICSEARCH_HOSTS=http://es01:9200
- I18N_LOCALE=zh-CN
- ELASTICSEARCH_USERNAME=elastic
- ELASTICSEARCH_PASSWORD=“123123”
ports:
- 5601:5601
depends_on:
- es01
启用
docker-compose up -d
访问 Kibana,输入之前设置的用户名和密码即可进入 Kibana
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。