search

lanlin / notes

个人笔记
https://github.com/lanlin/notes/issues
30 stars 0 forks source link

Elasticsearch 初始化账户密码 or Elasticsearch Setup Passwords #112

Open lanlin opened 2 years ago

lanlin commented 2 years ago

前期准备

  1. 已经安装了 elasticsearch
  2. 找到 elasticsearch.yml 配置文件,添加如下配置项 
    xpack.security.enabled: true

    通常位于 /etc/elasticsearch/config/elasticsearch.yml

lanlin commented 2 years ago

方法一:使用 elasticsearch-setup-passwords

  1. 启动 elasticsearch

    systemctl start elasticsearch  # 启动指令
systemctl status elasticsearch # 查看状态

  2. 进入 elasticsearch 目录,不同系统默认安装目录可能不同。 以 CentOS 与 Ubuntu 为例,其目录在 /usr/share/elasticsearch

  3. 执行以下指令, 根据提示输入各个账户的密码

$ ./bin/elasticsearch-setup-passwords interactive

Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y

Enter password for [elastic]: 123456
Reenter password for [elastic]: 123456
Enter password for [apm_system]: 123456
Reenter password for [apm_system]: 123456
Enter password for [kibana_system]: 123456
Reenter password for [kibana_system]: 123456
Enter password for [logstash_system]: 123456
Reenter password for [logstash_system]: 123456
Enter password for [beats_system]: 123456
Reenter password for [beats_system]: 123456
Enter password for [remote_monitoring_user]: 123456
Reenter password for [remote_monitoring_user]: 123456

Changed password for user [apm_system]
Changed password for user [kibana_system]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
  1. 重动 elasticsearch 
    systemctl restart elasticsearch  # 重动指令
systemctl status elasticsearch   # 查看状态
curl -u elastic:123456 localhost:9200 # 验证下是否生效

可能出现的问题:

  1. 提示找不到 elasticsearch.keystore

    ERROR: Elasticsearch keystore file is missing [/etc/elasticsearch/config/elasticsearch.keystore]

    解决办法:在设置密码前,先把 elasticsearch 提前启动一次

  2. 提示连接失败

    Connection failure to: http://127.0.0.1:9200/_security/_authenticate?pretty failed: Connection refused (Connection refused) 
ERROR: Failed to connect to elasticsearch at http://127.0.0.1:9200/_security/_authenticate?pretty. Is the URL correct and elasticsearch running?

    解决办法:设置密码的时候,必须确保 elasticsearch 处于已启动的正常状态

  3. 提示检测 X-Pack 安全设置

    Unexpected response code [500] from calling GET http://127.0.0.1:9200/_security/_authenticate?pretty  
It doesn't look like the X-Pack security feature is enabled on this Elasticsearch node.
Please check if you have enabled X-Pack security in your elasticsearch.yml configuration file.

    解决办法:必须确保 xpack.security.enabled 是开启状态, https://github.com/lanlin/notes/issues/112#issue-1100194887

lanlin commented 2 years ago

方法二:使用 elasticsearch-keystore

  1. 进入 elasticsearch 目录,不同系统默认安装目录可能不同。 以 CentOS 与 Ubuntu 为例,其目录在 /usr/share/elasticsearch 下

  2. 执行以下指令, 创建 elasticsearch.keystore 文件

    
$ ./bin/elasticsearch-keystore create

Created elasticsearch keystore in /etc/elasticsearch/config/elasticsearch.keystore


3. 为 superuser 添加密码 (为 elastic 这个内置账户添加密码)
```shell
$ ./bin/elasticsearch-keystore add "bootstrap.password"
Enter value for bootstrap.password: 123456

  1. 启动 elasticsearch

    systemctl start elasticsearch  # 启动指令
systemctl status elasticsearch # 查看状态
curl -u elastic:123456 localhost:9200 # 验证下是否生效

  2. 用第 3 步设置的 elastic 密码,通过 RESTful API 为其他内置账户设置密码

# 设置 Kibana 密码
curl -u elastic:123456 -XPOST "http://localhost:9200/_security/user/kibana/_password" -H 'Content-Type: application/json' -d '{"password": "123456"}'

# 设置 Logstash 密码
curl -u elastic:123456 -XPOST "http://localhost:9200/_security/user/logstash_system/_password" -H 'Content-Type: application/json' -d '{"password": "123456"}'

# 设置 Beats 密码
curl -u elastic:123456 -XPOST "http://localhost:9200/_security/user/beats_system/_password" -H 'Content-Type: application/json' -d '{  "password": "123456"}'

# 设置 APM 密码
curl -u elastic:123456 -XPOST "http://localhost:9200/_security/user/apm_system/_password" -H 'Content-Type: application/json' -d '{"password": "123456"}'

# 设置 Remote Monitoring 密码
curl -u elastic:123456 -XPOST "http://localhost:9200/_security/user/remote_monitoring_user/_password" -H 'Content-Type: application/json' -d '{"password": "123456"}'

可能出现的问题:

  1. 启动时无法读取 elasticsearch.kestore, 原因是没有文件访问权限 
    1月 12 20:56:27 ed96450cc893 elasticsearch[1019]: Exception in thread "main" java.nio.file.AccessDeniedException: /etc/elasticsearch/config/elasticsearch.keystore
1月 12 20:56:27 ed96450cc893 elasticsearch[1019]: at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:90)
1月 12 20:56:27 ed96450cc893 elasticsearch[1019]: at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106)

    解决方案: 这是因为执行 elasticsearch-keystore create 指令时的账户,与运行 elasticsearch 的账户不一致。 将 /etc/elasticsearch/config/elasticsearch.keystore 文件的所有人改为 elasticsearch 的运行账户即可。