ES服务集成的服务器内,为了安全起见增加了认证,这里采用了x-pack基本的认证方式。
x-pack 在6.8之后提供免费的认证,7.0的不支持,请使用7.1之后的版本,这里选择的是当前最新的7.12.1的版本。
角色管理方式 | 详情 |
---|---|
Role management UI | You can manage users and roles easily in Kibana. To manage roles, log in to Kibana and go to Management / Security / Roles. |
Role management API | The Role Management APIs enable you to add, update, remove and retrieve roles dynamically. When you use the APIs to manage roles in the native realm, the roles are stored in an internal Elasticsearch index. For more information and examples, see role management APIs. |
File-based role management | Apart from the Role Management APIs, roles can also be defined in local roles.yml file located in ES_PATH_CONF. This is a YAML file where each role definition is keyed by its name. |
官方提供了三种角色管理办法,第一种通过页面我们的环境没有用kiibana所以直接排除;第二种通过API,通过API就需要服务正常的时候调用API生成或者提前生成放在镜像中,这种会导致数据服务和业务耦合或者依赖严重,所以放弃;第三种采用文件管理,这种只要在elasticSearch对应的目录下放置提前生成好的角色和用户信息即可,所以选择该种实现方式。
查看内置的角色,生成用户的时候可以使用。
https://www.elastic.co/guide/en/elasticsearch/reference/current/built-in-roles.html
生成用户,用户名不能是内置用户如elastic
https://www.elastic.co/guide/en/elasticsearch/reference/current/users-command.html#_description_11
#常用命令
./elasticsearch-users useradd elastic1 -p 234234 -r superuser
./elasticsearch-users passwd elastic1 -p 2342341
启用内部用户和设置密码
https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-passwords.html
https://www.elastic.co/guide/en/elasticsearch/reference/6.8/release-highlights-6.8.0.html
https://www.elastic.co/guide/en/elasticsearch/reference/7.1/release-highlights-7.1.0.html
https://www.elastic.co/guide/en/elasticsearch/reference/7.1/release-highlights-7.0.0.html
从上面三个release-highlights里面可以看出7.0.0.不支持(RBAC (Role Based Access
Control))免费的认证,并且在线下安装测试发现确实不支持*