简介
Shield拦截所有对ElasticSearch的请求,并加上认证与加密,保障ElasticSearch及相关系统的安全性
准备
版本2.4.2安装ElasticSearch
以下操作需要你安装了elasticsearch为前提
安装
以es,插件为自定义目录为背景
es自定义目录**/opt/elasticsearch**
安装脚本plugin注意下面变量值
- CONF_DIR (elasticsearch.yml目录)
CONF_DIR="/opt/elasticsearch/config" - ES_ENV_FILE (elasticsearch目录)
ES_ENV_FILE="/opt/elasticsearch/config/default/elasticsearch"
license
1 | cs@debian:/opt/elasticsearch$ bin/plugin install file:///home/cs/Download/license-2.4.2.zip |
Installed license into /home/cs/Download/es/plugins/license
shield
1 | cs@debian:/opt/elasticsearch$ bin/plugin install file:///home/cs/Download/shield-2.4.2.zip |
Installed license into /home/cs/Download/es/plugins/shield
安装成功目录(部分)
1 | cs@debian:/opt/elasticsearch$ tree -L 3 /opt/elasticsearch |
添加新用户
执行脚本esusers需要注意参数
- CONF_DIR ( 判断 $CONF_DIR/shield 目录)
后面密码会写入到配置文件(usersusers_roles)内 - ES_CLASSPATH (shield 生成密码的执行类)
1
java -cp org.elasticsearch.shield.authc.esusers.tool.ESUsersTool
ESUsersTool类在shield插件目录shield-2.4.2.jar
注意 自定义目录即 plugins 不再 ES_HOME 目录下,执行脚本需要确认ES_CLASSPATH位置正确
1.添加变量 ES_PLUGIN
1
ES_PLUGIN=`dirname $(sed -n 's/path.plugins://p' $ES_HOME/config/elasticsearch.yml)`
2.修改
1
2ES_CLASSPATH="$ES_CLASSPATH:$ES_HOME/plugins/shield/*"
ES_CLASSPATH="$ES_CLASSPATH:$ES_PLUGIN/plugins/shield/*"
执行添加命令文档
1 | cs@debian:/opt/elasticsearch$ ./bin/shield/esusers useradd cs -p cs@121 -r admin |
useradd 添加的新用户名 cs
-p 密码 cs@121
-r 角色(role) admin
启动
1 | cs@debian:/opt/elasticsearch$ ./bin/elasticsearch -d |
cs@debian:`$ curl -u cs “http://localhost:9200/?pretty"
Enter host password for user ‘cs’:
{
“name” : “Sepulchre”,
“cluster_name” : “elasticsearch”,
“cluster_uuid” : “Ey7sWEIPRZGstn2LSKCCTQ”,
“version” : {
“number” : “2.4.2”,
“build_hash” : “161c65a337d4b422ac0c805f284565cf2014bb84”,
“build_timestamp” : “2016-11-17T11:51:03Z”,
“build_snapshot” : false,
“lucene_version” : “5.5.2”
},
“tagline” : “You Know, for Search”
}
总结
注意脚本运行,主要参数(变量)值
