通过kibina创建api keys测试时,提示我没有开启:
解决方案如下:
1、开启,在elasticsearch.yml中添加配置:
xpack.security.authc.api_key.enabled: true
2、因为api_key比较敏感,需要TSL加密传输,因此我们还需要配置加密,首先生成证书,在elasticsearch执行目录bin下运行elasticsearch-certgen:./elasticsearch-certgen
3、解压zip,把crt、key分别拷贝到es的config、kibina的config下(zip中有两个证书,一个ca根证书、一个当前设备相关,这里我们使用ca根证书),elasticsearch.yml配置:
#
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: ca.key
xpack.security.transport.ssl.certificate: ca.crt
xpack.security.transport.ssl.certificate_authorities: [ "ca.crt" ]
#浏览器访问
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: ca.key
xpack.security.http.ssl.certificate: ca.crt
xpack.security.http.ssl.certificate_authorities: [ "ca.crt" ]
4、配置kibina.yml
############
elasticsearch.username: "elastic"
elasticsearch.password: "123456"
###
elasticsearch.ssl.certificateAuthorities: ["ca.crt"]
elasticsearch.ssl.verificationMode: certificate
elasticsearch.hosts: ["https://127.0.0.1:9200"]
###浏览器访问kibina
server.ssl.enabled: true
server.ssl.certificate: "ca.crt"
server.ssl.key: "ca.key"
5、重启es、kibina,再次执行:
PS:我得kibina管理页面,一直没有API keys菜单,只有用户和角色管理菜单,不知道为什么,有谁知道原因可以告诉我下:
正常情况显示: