search guard用语elk的角色划分
./plugin install -b com.floragunn/search-guard-ssl/2.3.3.11
./plugin install -b com.floragunn/search-guard-2/2.3.5.5
下载源代码 使用工具包
git clone https://github.com/floragunncom/search-guard-ssl.git
cd search-guard-ssl/example-pki-scripts./example.sh
vim elasticsearch.yaml
cp node-1-keystore.jks /etc/elasticsearch/
cp truststore.jks /etc/elasticsearch/
security.manager.enabled: false
searchguard.authcz.admin_dn:
- "CN=kirk,OU=client,O=client,l=tEst, C=De"
searchguard.audit.type: internal_elasticsearch
searchguard.ssl.transport.enabled: true
searchguard.ssl.transport.keystore_type: JKS
searchguard.ssl.transport.keystore_filepath: node-1-keystore.jks
searchguard.ssl.transport.truststore_type: JKS
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password: changeit
searchguard.ssl.transport.enforce_hostname_verification: true
searchguard.ssl.transport.resolve_hostname: true
searchguard.ssl.transport.enable_openssl_if_available: false
service ealsticsearch restart
./tools/sgadmin.sh -h 127.0.0.1 -cd sgconfig -ks sgconfig/kirk-keystore.jks -kspass changeit -ts sgconfig/truststore.jks
具体信息修改example.sh