Refuse to run streaking, set an account and password for Elasticsearch (qbit)

Preface

• On May 21, 2019, Elastic's official blog posted stating that ES 6.8 and 7.1 are free and open to basic security functions. include:

  TLS 功能，可对通信进行加密
  文件和原生 Realm，可用于创建和管理用户
  基于角色的访问控制，可用于控制用户对集群 API 和索引的访问权限；通过针对 Kibana Spaces 的安全功能，还可允许在 Kibana 中实现多租户

• World Interpretation: 161137158a0eee Elasticsearch 7.1 Free Security Function Panoramic Cognition
• Ruan Yiming " Elasticsearch Core Technology and Actual Combat " has a video explanation of security functions
• This article is available Elasticsearch v7.13

Several aspects of ES security

• Cluster identity authentication and user authentication (account password)
• Secure communication within the cluster ( 9300 )
• Secure communication between the cluster and the outside ( https )
  
• This article only talks about the most basic account password settings
• ES built-in users: https://www.elastic.co/guide/en/elasticsearch/reference/7.13/built-in-users.html

Account password configuration

• Open the configuration file elasticsearch.yml , modify or add the following content

  xpack.security.enabled: true

• Restart elasticsearch

  sudo systemctl restart elasticsearch

• Generate password (in particular, remember the passwords of elastic and kibana_system

  # 自动生成（须记住密码！！）
  /usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto
  # 手动生成
  /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive

• Open the configuration file kibana.yml , modify or add the following content

  elasticsearch.username: "kibana_system"
  elasticsearch.password: "刚才生成的密码

• Restart kibana and log in elastic
  
• Different roles and users can be created under Stack Managent
  

Python client call example

from elasticsearch import Elasticsearch
host = '192.168.2.3:9200'
user = 'elastic'
pwd = 'xxx'
# 下面两种格式二选一
es = Elasticsearch(host, http_auth=(user, pwd))
#es = Elasticsearch(f'http://{user}:{pwd}@{host}')
es.cat.nodes()

This article is from qbit snap