ElasricSearch &Search_guard5配置

郵箱：1405733736@qq.com

saber-sky@hotmail.com

-- elasticSearch版本5.6.3

-- search-guard版本5.6.3

一.? ElasticSearch安裝Search-guard

cd 至elasticsearch 的bin目錄：cd? /data/elasticsearch-5.6.3/bin

安裝search-guard : ./elasticsearch-plugin install -bcom.floragunn:search-guard-5:5.6.3-18

Search-guard 版本要和elasticsearch一致，查詢網址：https://oss.sonatype.org/content/repositories/releases/com/floragunn/search-guard-5/

安裝成功如下圖

二．快速啟動：

切換至elasticsearch/plugins 目錄看到search-guard已經安裝成功

運行:./search-guard-5/tools/install_demo_configuration.sh

運行開發這已經配置好的權限安裝至elasticsearch

(這一步已經幫你配置好elasticsearch,http訪問已經不可用,要是有https訪問)

啟動elasticSearch :? 切換至elasticseach/bin運行./ elasticseach

瀏覽器訪問 https://admin:admin@localhost:9200/_searchguard/authinfo?pretty

成功則顯示

三、權限配置

下載search-guard-ssl這里提供官方下載地址：https://github.com/floragunncom/search-guard-ssl.git

etc目錄下的兩個文件，就只是修改公司信息，兩個一直即可

兩個文件要一樣，公司信息

下面修改證書生成信息

example.sh

運行后會生成證書

把? 服務端證書.jks+truststore.jks復制到elasticsearch/config目錄下

把?客戶端證書.jks+ truststore.jks 復制到elasticsearch/ plugins/search-guard-5/sgconfig目錄下

修改elasticsearch配置文件

修改用戶權限

（1）sg_config.yml

Configure

authenticators and authorization backends。主配置文件不需要做改動。

（2）sg_internal_users.yml

本地用戶文件，定義用戶密碼以及對應的權限。例如：對于 我們需要一個 kibana 登錄用戶和一個 logstash 用戶：

kibana4:

? hash:$2a$12$xZOcnwYPYQ3zIadnlQIJ0eNhX1ngwMkTN.oMwkKxoGvDVPn4/6XtO

? #password is: kirk

? roles:

??? - kibana4

logstash:

? hash: $2a$12$xZOcnwYPYQ3zIadnlQIJ0eNhX1ngwMkTN.oMwkKxoGvDVPn4/6XtO

? #password is: kirk

? roles:

??? - logstash

密碼可用plugins/search-guard-5/tools/hash.sh生成。

（3）sg_roles.yml

權限配置文件，這里提供 kibana4 和 logstash 的權限樣例。

sg_kibana4:

? cluster:

????? - cluster:monitor/nodes/info

????? - cluster:monitor/health

? indices:

??? '*':

????? '*':

??????? - indices:admin/mappings/fields/get

??????? - indices:admin/validate/query

??????? - indices:data/read/search

??????? - indices:data/read/msearch

??????? - indices:admin/get

??????? - indices:data/read/field_stats

??? '?kibana':

????? '*':

??????? - indices:admin/exists

??????? - indices:admin/mapping/put

??????? - indices:admin/mappings/fields/get

??????? - indices:admin/refresh

??????? - indices:admin/validate/query

??????? - indices:data/read/get

sg_logstash:

? cluster:

??? - indices:admin/template/get

??? - indices:admin/template/put

? indices:

??? 'logstash-*':

????? '*':

??????? - WRITE

??????? - indices:data/write/bulk

??????? - indices:data/write/delete

??????? - indices:data/write/update

??????? - indices:data/read/search

??????? - indices:data/read/scroll

??????? - CREATE_INDEX

（4）sg_roles_mapping.yml

定義用戶的映射關系，添加 kibana 及 logstash 用戶對應的映射：

sg_logstash:

? users:

??? - logstash

sg_kibana4:

? backendroles:

??? - kibana

? users:

??? - kibana4

（5）sg_action_groups.yml

定義權限

3、啟動

（1）到Elasticsearch的bin目錄下，重啟Elasticsearch。

（2）通過下面命令啟動search-guard。

新增用戶配置成功顯示

四．Java SSL連接

public static void main(String[] args) throws UnknownHostException{

??? Settings settings = Settings.builder()

??????????? .put("searchguard.ssl.transport.enabled", true)

??????????? .put("searchguard.ssl.transport.keystore_filepath", "D:\\William\\Projects\\searchGuardTest\\src\\main\\resources\\test-keystore.jks")

??????????? .put("searchguard.ssl.transport.truststore_filepath",

"D:\\William\\Projects\\searchGuardTest\\src\\main\\resources\\truststore.jks")

??????????? .put("searchguard.ssl.transport.keystore_password", "12345678")

??????????? .put("searchguard.ssl.transport.truststore_password", "12345678")

??????????? .put("searchguard.ssl.transport.enforce_hostname_verification", false)

??????????? .put("client.transport.ignore_cluster_name", true)

? ? ? ? ? ?.build();

TransportClient client =new PreBuiltTransportClient(settings,SearchGuardSSLPlugin.class)

??????????? .addTransportAddress(new InetSocketTransportAddress(InetAddress.getByName("127.0.0.1"),9300));

client.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet();

//搜索數據

??? GetResponse response = client.prepareGet("agin", "log_bet_rcd_agin_live", "171212226218993").execute().actionGet();

//輸出結果

??? System.out.println(response.getSourceAsString());

//關閉client

client.close();

}