一、开启密码验证
1、修改elasticsearch.yml文件,重启ES
#允许head插件等访问的相关设置
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
http.cors.allow-credentials: true
#是否启用es的安全设置,启用安全设置后es各节点、客户端的传输都会加密,并需要账号密码
xpack.security.enabled: true
#此项不可更改,当启用安全设置后,此项必须为true
xpack.security.transport.ssl.enabled: true
2、设置默认用户密码
./bin/elasticsearch-setup-passwords interactive
[elsearch@HN-82 bin]$ ./elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
3、使用postman查询ES中所有用户信息。
注意:postman请求时,选择【Authorization】->【Basic Auth】,添加ES的用户名密码后,就能访问设置用户名密码的ES了。
二、添加新用户以及修改密码
Request edit
POST /_security/user/<username>
PUT /_security/user/<username>
{
"password" : "1234",
"roles" : [ "superuser" ],
"full_name" : "elastic-test",
"metadata" : {
"intelligence":7
}
}
Requestedit
POST /_security/user/_password
POST /_security/user/<username>/_password
POST /_security/user/elastic-test/_password
{
"password" : "43221"
}
三、忘记密码如何重置
1、修改elasticsearch.yml文件,重启ES
#是否启用es的安全设置,启用安全设置后es各节点、客户端的传输都会加密,并需要账号密码
xpack.security.enabled: false
2、删除 ES中.security-*的索引
curl -XDELETE localhost:9001/.security-6
{"acknowledged":true}