ELK集群用户密码

Question

首先，我创建了一个节点ELK，并在我的elasticsearch.yml中使用了这个锥

# sed '/^#/d' /etc/elasticsearch/elasticsearch.yml
node.name: "elk01"
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
xpack.security.enabled: true
discovery.type: single-node

在使用此命令并创建自动内置用户之后

sudo /usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto

没什么大不了的。一切正常，但我想要麋鹿群。我创建一个新服务器并更改配置。

elk01

# sed '/^#/d' /etc/elasticsearch/elasticsearch.yml
cluster.name: "elk-testcluster"
node.name: "elk01"
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
discovery.seed_hosts: ["10.60.201.31", "10.60.201.32"]
cluster.initial_master_nodes: ["10.60.201.31"]
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true

elk02

# sed '/^#/d' /etc/elasticsearch/elasticsearch.yml
cluster.name: "elk-testcluster"
node.name: "elk02"
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
discovery.seed_hosts: ["10.60.201.31", "10.60.201.32"]
cluster.initial_master_nodes: ["10.60.201.31"]
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true

现在，当我在用户名/密码中使用curl时，我可以得到一个elk01，而不是elk02

# curl -XGET "10.60.201.31:9200" -u elastic:passcreatedonelk01
{
  "name" : "elk01",
  "cluster_name" : "elk-testcluster",
  "cluster_uuid" : "7513Zor7S3SHqVFzs0hEMQ",
  "version" : {
    "number" : "7.17.4",
    "build_flavor" : "default",
    "build_type" : "deb",
    "build_hash" : "79878662c54c886ae89206c685d9f1051a9d6411",
    "build_date" : "2022-05-18T18:04:20.964345128Z",
    "build_snapshot" : false,
    "lucene_version" : "8.11.1",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

# curl -XGET "10.60.201.32:9200" -u elastic:passcreatedonelk01
{"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [elastic] for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"unable to authenticate user [elastic] for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}

当我在elk02上创建一个新的elasticsearch--设置密码时，它会出错。

 sudo /usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto
Failed to determine the health of the cluster running at http://10.60.201.32:9200
Unexpected response code [503] from calling GET http://10.60.201.32:9200/_cluster/health?pretty
Cause: master_not_discovered_exception

It is recommended that you resolve the issues with your cluster before running elasticsearch-setup-passwords.
It is very likely that the password changes will fail when run against an unhealthy cluster.

Do you want to continue with the password setup process [y/N]y

Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
The passwords will be randomly generated and printed to the console.
Please confirm that you would like to continue [y/N]y



Unexpected response code [503] from calling PUT http://10.60.201.32:9200/_security/user/apm_system/_password?pretty
Cause: Cluster state has not been recovered yet, cannot write to the [null] index

Possible next steps:
* Try running this tool again.
* Try running with the --verbose parameter for additional messages.
* Check the elasticsearch logs for additional error details.
* Use the change password API manually.


ERROR: Failed to set password for user [apm_system].

当我创建一个集群时，是否没有提供通用密码？还是因为我在运行集群之前运行了一个elasticsearch设置密码？

Answer 1

启用ssl后，需要为传输层的每个节点添加证书和密钥。

您可以按照下面的说明https://www.elastic.co/guide/en/elasticsearch/reference/current/security-basic-setup.html