120 lines
4.5 KiB
Markdown
120 lines
4.5 KiB
Markdown
بسم الله الرحمن الرحیم
|
||
|
||
Enable Elasticsearch security features
|
||
edit
|
||
|
||
Enabling the Elasticsearch security features provides basic authentication so that you can run a local cluster with username and password authentication.
|
||
|
||
* On every node in your cluster, stop both Kibana and Elasticsearch if they are running.
|
||
|
||
* On every node in your cluster, add the xpack.security.enabled setting to the $ES_PATH_CONF/elasticsearch.yml file and set the value to true:
|
||
```r
|
||
nano /etc/elasticsearch/elasticsearch.yml
|
||
```
|
||
|
||
```r
|
||
xpack.security.enabled: true
|
||
```
|
||
|
||
The $ES_PATH_CONF variable is the path for the Elasticsearch configuration files. If you installed Elasticsearch using archive distributions (zip or tar.gz), the variable defaults to $ES_HOME/config. If you used package distributions (Debian or RPM), the variable defaults to /etc/elasticsearch.
|
||
|
||
If your cluster has a single node, add the discovery.type setting in the $ES_PATH_CONF/elasticsearch.yml file and set the value to single-node. This setting ensures that your node does not inadvertently connect to other clusters that might be running on your network.
|
||
|
||
```r
|
||
discovery.type: single-node
|
||
```
|
||
|
||
Set passwords for built-in users
|
||
edit
|
||
|
||
To communicate with your cluster, you must configure a password for the elastic and kibana_system built-in users. Unless you enable anonymous access (not recommended), all requests that don’t include credentials are rejected.
|
||
|
||
You only need to set passwords for the elastic and kibana_system users when enabling minimal or basic security.
|
||
|
||
On every node in your cluster, start Elasticsearch. For example, if you installed Elasticsearch with a .tar.gz package, run the following command from the ES_HOME directory:
|
||
```r
|
||
cd /usr/share/elasticsearch
|
||
```
|
||
|
||
```r
|
||
./bin/elasticsearch
|
||
```
|
||
|
||
On any node in your cluster, open another terminal window and set the password for the elastic built-in user by running the elasticsearch-reset-password utility. This command resets the password to an auto-generated value.
|
||
|
||
```r
|
||
./bin/elasticsearch-reset-password -u elastic
|
||
```
|
||
|
||
If you want to set the password to a specific value, run the command with the interactive (-i) parameter.
|
||
|
||
```r
|
||
./bin/elasticsearch-reset-password -i -u elastic
|
||
```
|
||
|
||
Set the password for the kibana_system built-in user.
|
||
|
||
```r
|
||
./bin/elasticsearch-reset-password -u kibana_system
|
||
```
|
||
|
||
Save the new passwords. In the next step, you’ll add the the password for the kibana_system user to Kibana.
|
||
|
||
Next: Configure Kibana to connect to Elasticsearch with a password
|
||
Configure Kibana to connect to Elasticsearch with a password
|
||
edit
|
||
|
||
When the Elasticsearch security features are enabled, users must log in to Kibana with a valid username and password.
|
||
|
||
You’ll configure Kibana to use the built-in kibana_system user and the password that you created earlier. Kibana performs some background tasks that require use of the kibana_system user.
|
||
|
||
This account is not meant for individual users and does not have permission to log in to Kibana from a browser. Instead, you’ll log in to Kibana as the elastic superuser.
|
||
|
||
Add the elasticsearch.username setting to the KIB_PATH_CONF/kibana.yml file and set the value to the kibana_system user:
|
||
```r
|
||
nano /etc/kibana/kibana.yml
|
||
```
|
||
|
||
```r
|
||
elasticsearch.username: "kibana_system"
|
||
```
|
||
|
||
The KIB_PATH_CONF variable is the path for the Kibana configuration files. If you installed Kibana using archive distributions (zip or tar.gz), the variable defaults to KIB_HOME/config. If you used package distributions (Debian or RPM), the variable defaults to /etc/kibana.
|
||
|
||
From the directory where you installed Kibana, run the following commands to create the Kibana keystore and add the secure settings:
|
||
|
||
Create the Kibana keystore:
|
||
```r
|
||
cd /usr/share/kibana
|
||
```
|
||
|
||
|
||
```r
|
||
./bin/kibana-keystore create
|
||
```
|
||
|
||
Add the password for the kibana_system user to the Kibana keystore:
|
||
```r
|
||
./bin/kibana-keystore add elasticsearch.password
|
||
```
|
||
|
||
```r
|
||
nano /etc/kibana/kibana.yml
|
||
```
|
||
|
||
```r
|
||
elasticsearch.username: "kibana_system"
|
||
elasticsearch.password: "************"
|
||
```
|
||
|
||
When prompted, enter the password for the kibana_system user.
|
||
|
||
Restart Kibana. For example, if you installed Kibana with a .tar.gz package, run the following command from the Kibana directory:
|
||
|
||
```r
|
||
./bin/kibana
|
||
```
|
||
Log in to Kibana as the elastic user. Use this superuser account to manage spaces, create new users, and assign roles. If you’re running Kibana locally, go to http://localhost:5601 to view the login page.
|
||
|
||
صلوات
|