X-pack combination of LDAP for authentication authority

Others 2019-08-15 20:52:34 views: null

1, generate ssl certificate

By ES_HOME / bin / x-pack / certgen ssl certificate generation
IP:

10.17.90.20,10.17.90.21,10.17.90.22,10.17.90.24,10.17.90.25,10.17.90.26,10.17.90.27,10.17.90.28

hostname:

d1705027.grid.com,d1705028.grid.com,d1705029.grid.com,d1806001.grid.com,d1806002.grid.com,d1806003.grid.com,d1809002.grid.com,d1809003.grid.com

Modify salt configure add-ssl configuration (complete)
modify the configuration file elasticsearch.yml, open ssl transport

xpack.ssl.key: /data1/elasticsearch9201/config/elasticsearch/elasticsearch.key
xpack.ssl.certificate: /data1/elasticsearch9201/config/elasticsearch/elasticsearch.crt
xpack.ssl.certificate_authorities: /data1/elasticsearch9201/config/ca/ca.crt
xpack.security.transport.ssl.enabled: true

2, change passwords es cluster built-account

./bin/x-pack/setup-passwords interactive
custom built accounts (elastic, kibana, logstash_system) password
account elastic as elasticsearch super administrator, has all privileges
accounts kibana kibana components for access to relevant information for web display
account logstash_system logstash monitoring data for the service acquisition elasticsearch
Note: this step must first start elasticsearch service, and turn-Pack Security the X-
./bin/x-pack/setup-passwords Interactive
Elastic:
kibana:
logstash_system:

3, es open ldap verification

Modify elasticsearch.yml open configuration
Note:
es modify elasticsearch.yml cluster configuration Adding
http.cors.allow-headers: Authorization, X- Requested-With, Content-Length, Content-Type

4, kibana modify the startup script

Unmodified

5, kibana modify the configuration file

You need to install x-pack plug plugin
modify link es cluster account and password

6, logstash modify the configuration file

output elasticsearh
添加
user => elastic
password => password

7, restart the cluster

curl -XPUT -H  'Content-Type: application/json' "http://127.0.0.1:9200/_cluster/settings" -d '{ 
"transient" : { 
"cluster.routing.allocation.enable":"none"
} 
}'
curl -XPUT -u elastic: -H  'Content-Type: application/json' "http://127.0.0.1:9200/_cluster/settings" -d '{ 
"transient" : { 
"cluster.routing.allocation.enable":"all"
} 
}'

8, elasticsearch-head login authentication

?auth_user=elastic&auth_password=

9, add role

index_name=cron_term_log
role_name=${index_name}_all
echo "{\"cluster\":[],\"indices\":[{\"names\":[\"${index_name}*\"],\"privileges\":[\"all\"]}],\"run_as\":[],\"transient_metadata\":{\"enabled\":true}}" >${index_name}

    curl -XPOST -H "Content-Type: application/json"  -u elastic:  "http://localhost:9201/_xpack/security/role/$role_name" -d@${index_name}

10, the user is bound role

11, the configuration information is as follows

Cat elasticsearch.yml

cluster.name: elk_cluster
node.master: true
node.data: true
node.attr.box_type: hot
node.name: 10.20.90.36
path.data: /data1/data/elasticsearch
path.logs: /data1/logs/elasticsearch
network.host: 0.0.0.0
http.port: 9200
transport.tcp.compress: true
http.max_content_length: 200mb
discovery.zen.ping.unicast.hosts: ['10.22.90.36', '10.20.90.37']
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping_timeout: 120s
index.store.type: mmapfs
bootstrap.system_call_filter: false
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type

# thread_pool config
thread_pool.index.queue_size: 3000
thread_pool.search.min_queue_size: 400
thread_pool.search.max_queue_size: 3000
thread_pool.get.queue_size: 3000
thread_pool.bulk.queue_size: 3000
xpack.ssl.key: /data1/elasticsearch/config/elk_crt/elk.key
xpack.ssl.certificate: /data1/elasticsearch/config/elk_crt/elk.crt
xpack.ssl.certificate_authorities: /data1/elasticsearch/config/elk_crt/ca/ca.crt
xpack.security.transport.ssl.enabled: true
xpack.security.enabled: true
xpack.monitoring.enabled: true
xpack.graph.enabled: true
xpack.watcher.enabled: true
xpack.monitoring.exporters:
  id1:
    type: http
    host: ["http://10.20.90.36:9200"]
    auth.username: elastic
    auth.password: RHjv
action.auto_create_index: true
xpack:
  security:
    authc:
      realms:
        ldap1:
          type: ldap
          order: 0
          url: "ldap://111.151.118.122:389"
          bind_dn: 
          bind_password: admin
          user_search:
            base_dn: ""
            attribute: data
          group_search:
            base_dn: ""
          files:
            role_mapping: "/data1/elasticsearch/config/x-pack/role_mapping.yml"
          unmapped_groups_as_roles: true

Guess you like

Origin www.cnblogs.com/stone1989/p/11357797.html
Recommended
微软回应中国区AI团队“打包赴美”传闻
Ranking
How to use ChatGPT to write 100,000+ hot articles for public accounts (includes prompt words)
sudo echo command execution Permission denied
ADO: Using Transactions to Operate Oracle Database
[Java] [Class and Object] equals, hashCode, clone methods
Linux virtual host function
Порт управления rabbitmq открыт
on,where
jQuery WeUI
How can there be a weed pilot in Hangzhou?
tcp / ip model four
Daily
More
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)

Code World

© 2018 codetd.com