Preface
On May 21, 2019, Elastic's official blog posted stating that ES 6.8 and 7.1 are free and open to basic security functions. include:
TLS 功能,可对通信进行加密 文件和原生 Realm,可用于创建和管理用户 基于角色的访问控制,可用于控制用户对集群 API 和索引的访问权限;通过针对 Kibana Spaces 的安全功能,还可允许在 Kibana 中实现多租户- World Interpretation: 161137158a0eee Elasticsearch 7.1 Free Security Function Panoramic Cognition
- Ruan Yiming " Elasticsearch Core Technology and Actual Combat " has a video explanation of security functions
- This article is available
Elasticsearch v7.13
Several aspects of ES security
- Cluster identity authentication and user authentication (account password)
- Secure communication within the cluster (
9300) - Secure communication between the cluster and the outside (
https) - This article only talks about the most basic account password settings
- ES built-in users: https://www.elastic.co/guide/en/elasticsearch/reference/7.13/built-in-users.html
Account password configuration
Open the configuration file
elasticsearch.yml, modify or add the following contentxpack.security.enabled: trueRestart elasticsearch
sudo systemctl restart elasticsearchGenerate password (in particular, remember the passwords of
elasticandkibana_system# 自动生成(须记住密码!!) /usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto # 手动生成 /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactiveOpen the configuration file
kibana.yml, modify or add the following contentelasticsearch.username: "kibana_system" elasticsearch.password: "刚才生成的密码- Restart kibana and log in
elastic - Different roles and users can be created under Stack Managent
Python client call example
from elasticsearch import Elasticsearch
host = '192.168.2.3:9200'
user = 'elastic'
pwd = 'xxx'
# 下面两种格式二选一
es = Elasticsearch(host, http_auth=(user, pwd))
#es = Elasticsearch(f'http://{user}:{pwd}@{host}')
es.cat.nodes()This article is from qbit snap
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。