热门标签
热门文章
- 1git学习笔记——git pull篇
- 2IDEA首次提交代码到GitLab上_idea gitlab 首次提交
- 3KMP算法详解以及Java代码实现_kmp算法java实现
- 4Ubuntu下载android源码_安卓系统源码包下载阿里云
- 5全量、增量数据在HBase迁移的多种技巧实践_hbase snapshot 增量
- 6强化学习——策略优化(笔记)
- 7从数据页的角度理解B+树查询_共享表空间是单个b树还是多个b树
- 8jenkins自动化部署(node服务器)_jenkins配置node
- 9C语言与嵌入式AI边缘计算:TinyML、TensorFlow Lite在嵌入式设备上的应用(一)_tenserflow tinyml
- 10新基建新场景新需求,激发智能化变革新联想_idc 重边缘 轻边缘
当前位置: article > 正文
ElasticSearch设置用户名和密码_elasticsearch设置用户名密码
作者:盐析白兔 | 2024-06-06 18:50:00
赞
踩
elasticsearch设置用户名密码
ES7.7以后的版本将安全认证功能免费开放了。并将X-pack插件集成了到了开源的ElasticSearch版本中。
下面将图文介绍如何利用X-pack给ElasticSearch相关组件设置用户名和密码:
1. 修改主站点的elasticsearch.yml添加一下行
vim /opt/module/elasticsearch-7.12.0/config/elasticsearch.yml
- 1
2. 添加内容
xpack.security.enabled: true
- 1
3. 生成证书
cd /opt/module/elasticsearch-7.12.0
bin/elasticsearch-certutil cert -out config/elastic-certificates.p12 -pass ""
- 1
- 2
生成的证书地址:/opt/module/elasticsearch-7.12.0/config/elastic-certificates.p12
继续修改elasticsearch.yml文件
添加以下四行:
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
- 1
- 2
- 3
- 4
4. 更新集群节点的配置
把elastic-certificates.p12复制到其他节点的config下,同时修改其他节点的yml
sh /opt/bash/xsync /opt/module/elasticsearch-7.12.0/config/elastic-certificates.p12
sh /opt/bash/batchexec "sudo chown -R bigdata:bigdata /opt/module/elasticsearch-7.12.0/config/elastic-certificates.p12"
- 1
- 2
其他节点yml文件直接添加内容【注意不要xsync yml到其他机器 配置不一样】
vim /opt/module/elasticsearch-7.12.0/config/elasticsearch.yml
- 1
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
- 1
- 2
- 3
- 4
- 5
5. 重启ES
jps | grep 'Elasticsearch' | awk '{print $1}' | xargs -n 1 kill -9
sh /opt/module/elasticsearch-7.12.0/bin/elasticsearch -d > /data/log/elasticsearch/elasticsearch.txt 2>&1 &
- 1
- 2
6. 密码设置
sh /opt/module/elasticsearch-7.12.0/bin/elasticsearch-setup-passwords interactive
- 1
** 修改kibana的配置kibana.yml**
vim /opt/module/kibana-7.12.0-linux-x86_64/config/kibana.yml
- 1
在文件末尾添加ES的用户名和密码
7. 测试
8. 如果需要修改ES密码
curl -H "Content-Type:application/json" -XPOST -u elastic 'http://$IP:9200/_xpack/security/user/elastic/_password' -d '{ "password" : "密码" }'
- 1
9. 代码添加账号密码
9.1 Flink写ES代码
val dnsDomainBlackListEventSinkBuilder: ElasticsearchSink.Builder[DnsDomainBlackListEvent] = new ElasticsearchSink.Builder[DnsDomainBlackListEvent](httpHosts, new DnsDomainBlackListEventEsSinkFunction())
//TODO 如果是加密了
if (ProjectConfiguration.ESUSERNAME != null && ProjectConfiguration.ESPASSWORD !=null) {
dnsDomainBlackListEventSinkBuilder.setRestClientFactory(new ElaticSearchRestClientFactory)
}
- 1
- 2
- 3
- 4
- 5
需要实现RestClientFactory
class ElaticSearchRestClientFactory extends RestClientFactory{
def configureRestClientBuilder(restClientBuilder: RestClientBuilder): Unit = {
val credentialsProvider: CredentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY,
new UsernamePasswordCredentials(ProjectConfiguration.ESUSERNAME, ProjectConfiguration.ESPASSWORD));
restClientBuilder.setHttpClientConfigCallback(new HttpClientConfigCallback() {
def customizeHttpClient(httpAsyncClientBuilder: HttpAsyncClientBuilder): HttpAsyncClientBuilder = {
httpAsyncClientBuilder.disableAuthCaching();
httpAsyncClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
}
})
}
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
9.2 Spark写ES代码
添加两行
.option(“es.net.http.auth.user”,es_user)
.option(“es.net.http.auth.pass”,es_pass)
9.3 Logstash写ES
在logstash的conf文件中添加user和password即可
output{
elasticsearch {
hosts => [ "$IP:9200" ]
user => "elastic"
password => "changeme"
}
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
9.4 Java ES High Level API代码
import org.apache.http.HttpHost
import org.apache.http.auth.{AuthScope, UsernamePasswordCredentials}
import org.apache.http.impl.client.BasicCredentialsProvider
import org.apache.http.impl.nio.client.HttpAsyncClientBuilder
import org.elasticsearch.client.{RestClient, RestClientBuilder, RestHighLevelClient}
def getClient(hosts: Seq[String], port: Int = 9200, schema: String = "http", account: (String, String) = null): RestHighLevelClient = {
val httpHosts = hosts.map(h => new HttpHost(h, port, schema))
val clientBuilder = RestClient.builder(httpHosts:_*)
if (account == null) {
new RestHighLevelClient(clientBuilder)
} else {
// login with credential
val credentialsProvider = new BasicCredentialsProvider()
credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(account._1, account._2))
new RestHighLevelClient(
clientBuilder.setHttpClientConfigCallback(new RestClientBuilder.HttpClientConfigCallback() {
def customizeHttpClient(httpClientBuilder: HttpAsyncClientBuilder): HttpAsyncClientBuilder = {
httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider)
}}
)
)
}
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/盐析白兔/article/detail/682149
推荐阅读
相关标签
