精华内容
参与话题
问答
  • Xpack

    2020-11-28 02:08:39
    <div><p>该提问来源于开源项目:elastic/ansible-elasticsearch</p></div>
  • <div><p>Currently Elasic fetches unnecessary xpack archive even when it's disabled.</p><p>该提问来源于开源项目:mesosphere/dcos-commons</p></div>
  • xpack compiling error

    2020-12-26 11:51:49
    <div><p>xpack/lib/xpack_compress.c:120: warning: declaration does not declare anything xpack/lib/xpack_compress.c:121: warning: declaration does not declare anything xpack/lib/xpack_compress.c: In ...
  • xpack已经在es6.3之后默认集成 开启xpack elasticsearch.yml 中加上: xpack.security.enabled: true 注::后空一个空格,如果是es集群请务必全部添加此配置 确保集群健康访问_xpack/license/start_trial?...
    • xpack已经在es6.3之后默认集成,本文包含:
    • 1、es集群使用xpack加密,达到访问集群需要用户密码登录的效果。
    • 2、采用SSL加密通信,提供https访问方式
    • 3、java客户端如何连接加密后的es集群(9200,9300端口)httpclient方式,restClient高低版本方式都有包含
    • 4、使用kibana界面化工具连接操作加密后的es集群
    开启xpack
    • elasticsearch.yml 中加上: xpack.security.enabled: true

      注::后空一个空格,如果是es集群请务必全部添加此配置

    • 确保集群健康访问_xpack/license/start_trial?acknowledge=true

      开启xpack功能,这时候集群会立马提示您输入用户名密码的弹窗进行登录,别急还需要设置一下
      注:(如果只需要加密功能,可以省略此步骤,以便永久免费使用,官方对于基本版不收费)此开启的是试用版,xpack的破解,请自行搜索,我文末也会提供一个6.5.0的破解包,替换一下就可以用了

    • 设置es集群用户名密码

      #自动生成(二选一) elasticsearch-setup-passwords auto    
      #手动生成(推荐) 	 elasticsearch-setup-passwords interactive
      

      此处最容易出现错误,请保证您的集群是健康的并且全部开启了xpack功能,且配置一样,如果生成失败,请检查自己的集群配置,如果设置密码失败的可以试试这个博文的顺序ELK6.6.0 Xpack

    • 为Elasticearch集群创建一个证书颁发机构

      PKCS#12格式生成(代码推荐):elasticsearch-certutil ca
      PEM格式格式生成(kibana推荐):elasticsearch-certutil ca --pem
      

      生成过程会提示输入密码,作用是访问证书的安全性,可以不设置

    • 为es集群生成证书和秘钥

      PKCS#12格式生成:elasticsearch-certutil cert --ca elastic-stack-ca.p12 
      PEM格式格式生成:elasticsearch-certutil cert --pem
      

      同上会提示输入密码,略过
      pkcs12证书里面包含了秘钥所以只有一个文件,pem会有独立的证书和key
      请把生成的证书elastic-certificates.p12拷贝到集群中的其他节点,否则加密失效

    • TLS/SSL加密Transport通信

       xpack.security.transport.ssl.enabled: true  
       xpack.security.transport.ssl.verification_mode: certificate
       xpack.security.transport.ssl.keystore.path: certs\elastic-certificates.p12
       xpack.security.transport.ssl.truststore.path: certs\elastic-certificates.p12
      
    • 加密https访问

      xpack.security.http.ssl.enabled: true 
      xpack.security.http.ssl.keystore.path: certs\elastic-certificates.p12
      xpack.security.http.ssl.truststore.path: certs\elastic-certificates.p12
      
    按照上面的步骤集群就可以实现加密访问,下面是使用java访问加密后的es集群
    给出pom
    <repositories>
          <!-- add the elasticsearch repo -->
          <repository>
              <id>elasticsearch-releases</id>
              <url>https://artifacts.elastic.co/maven</url>
              <releases>
                  <enabled>true</enabled>
              </releases>
              <snapshots>
                  <enabled>false</enabled>
              </snapshots>
          </repository>
      </repositories>
      <!-- 加入elasticsearch -->
            <!-- https://mvnrepository.com/artifact/org.elasticsearch.plugin/transport-netty4-client -->
            <dependency>
                <groupId>org.elasticsearch.plugin</groupId>
                <artifactId>transport-netty4-client</artifactId>
                <version>${es.version}</version>
            </dependency>
    
            <dependency>
                <groupId>org.elasticsearch</groupId>
                <artifactId>elasticsearch</artifactId>
                <version>${es.version}</version>
            </dependency>
            <dependency>
                <groupId>org.elasticsearch.client</groupId>
                <artifactId>transport</artifactId>
                <version>${es.version}</version>
            </dependency>
            <dependency>
                <groupId>org.elasticsearch.client</groupId>
                <artifactId>x-pack-transport</artifactId>
                <version>${es.version}</version>
            </dependency>
            <!--java rest客户端连接9200-->
            <dependency>
                <groupId>org.elasticsearch.client</groupId>
                <artifactId>elasticsearch-rest-client</artifactId>
                <version>6.5.0</version>
            </dependency>
    
            <!--httpclient-->
            <!-- https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient -->
            <dependency>
                <groupId>org.apache.httpcomponents</groupId>
                <artifactId>httpclient</artifactId>
                <version>4.5.2</version>
            </dependency>
    
    HttpClient方式
    package com.**.**.configuration;
    
    import org.apache.http.auth.AuthScope;
    import org.apache.http.auth.UsernamePasswordCredentials;
    import org.apache.http.client.CredentialsProvider;
    import org.apache.http.client.HttpClient;
    import org.apache.http.config.Registry;
    import org.apache.http.config.RegistryBuilder;
    import org.apache.http.conn.socket.ConnectionSocketFactory;
    import org.apache.http.conn.socket.PlainConnectionSocketFactory;
    import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
    import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
    import org.apache.http.impl.client.BasicCredentialsProvider;
    import org.apache.http.impl.client.CloseableHttpClient;
    import org.apache.http.impl.client.HttpClients;
    import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
    import org.apache.http.ssl.SSLContextBuilder;
    import org.apache.http.ssl.SSLContexts;
    import org.springframework.context.annotation.Bean;
    import org.springframework.context.annotation.Configuration;
    
    import javax.net.ssl.HostnameVerifier;
    import javax.net.ssl.SSLContext;
    import javax.net.ssl.SSLSession;
    import java.io.InputStream;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    import java.security.KeyStore;
    
    /**
     * Created by Majg on 2019-06-04
     **/
    @Configuration
    public class ESHttpClientConfig {
    
        @Bean(name = "EsHttpClient")
        public HttpClient getHttpClient() throws Exception {
            KeyStore truststore = KeyStore.getInstance("PKCS12");
    
    //        File file = ResourceUtils.getFile(ResourceUtils.CLASSPATH_URL_PREFIX + "certs/elastic-certificates.p12");
    //        //生产环境,打包方式不同,获取的是jar内的环境
    //        String absolutePath = file.getAbsolutePath();
            String absolutePath = "C:\\certs\\elastic-certificates.p12";
    
            try (InputStream is = Files.newInputStream(Paths.get(absolutePath))) {
                truststore.load(is, "".toCharArray());
            }
            SSLContextBuilder sslBuilder = SSLContexts.custom().loadTrustMaterial(truststore, new TrustSelfSignedStrategy());
    
            // 获取证书
            SSLContext sslcontext = sslBuilder.build();
    
            // 以上证书有效,但是证书签名是instance,下方有设置跳过签名验证
            final CredentialsProvider credentialsProvider =
                    new BasicCredentialsProvider();
            credentialsProvider.setCredentials(AuthScope.ANY,
                    new UsernamePasswordCredentials("elastic", "密码"));
    
            //创建自定义的httpclient对象
            CloseableHttpClient client = HttpClients.custom()
                    .setDefaultCredentialsProvider(credentialsProvider)
                    //跳过证书签名
                    .setSSLHostnameVerifier(new HostnameVerifier() {
                        public boolean verify(String hostname, SSLSession session) {
                            return true;
                        }
                    })
                    .setSSLContext(sslcontext)
                    .build();
            return client;
        }
    
    //    // 跳过证书签名
    //    private HostnameVerifier getTrustedVerifier() {
    //        if (TRUSTED_VERIFIER == null)
    //            TRUSTED_VERIFIER = new HostnameVerifier() {
    //
    //                public boolean verify(String hostname, SSLSession session) {
    //                    return true;
    //                }
    //            };
    //        return TRUSTED_VERIFIER;
    //    }
    
    }
    
    
    restClient方式(本人觉得最好用,也是官方推荐的)
    import org.apache.http.HttpHost;
    import org.apache.http.auth.AuthScope;
    import org.apache.http.auth.UsernamePasswordCredentials;
    import org.apache.http.client.CredentialsProvider;
    import org.apache.http.client.config.RequestConfig;
    import org.apache.http.client.config.RequestConfig.Builder;
    import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
    import org.apache.http.impl.client.BasicCredentialsProvider;
    import org.apache.http.impl.nio.client.HttpAsyncClientBuilder;
    import org.apache.http.ssl.SSLContexts;
    import org.elasticsearch.client.Node;
    import org.elasticsearch.client.RestClient;
    import org.elasticsearch.client.RestClientBuilder;
    import org.slf4j.Logger;
    import org.slf4j.LoggerFactory;
    import org.springframework.beans.factory.annotation.Value;
    import org.springframework.context.annotation.Bean;
    import org.springframework.context.annotation.Configuration;
    
    import javax.net.ssl.HostnameVerifier;
    import javax.net.ssl.SSLContext;
    import javax.net.ssl.SSLSession;
    import java.io.IOException;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    import java.security.KeyManagementException;
    import java.security.KeyStore;
    import java.security.KeyStoreException;
    import java.security.NoSuchAlgorithmException;
    import java.security.cert.CertificateException;
    
    /**
     * Created by JGMa on 2019-06-03
     **/
    @Configuration
    public class ESRestConfig {
    
        private static Logger logger = LoggerFactory.getLogger(ESRestConfig.class);
        private int connectTimeOut = 1000;
        private int socketTimeOut = 30000;
        private int maxConnectNum = 100;
        private int maxConnectPerRoute = 100;
        private int connectionRequestTimeOut = 5000;
    
        @Value("${elasticsearch.cluster-nodes}")
        private String clusterNodes;
    
        @Value("${is_SSL_es}")
        private Boolean is_SSL_es;
    
        @Value("${elasticsearch.certPath:certs\\elastic-certificates.p12}")
        private String certPath;
    
        @Bean("restHighLevelClient")
        public RestClient RestClient() {
            RestClient restClient = null;
            String scheme = null;
            if (is_SSL_es) {
                scheme = "https";
            } else {
                scheme = "http";
            }
    
            // 配置hostName
            String[] split = clusterNodes.split(",");
    
            int length = split.length;
            HttpHost[] https = new HttpHost[length];
    
            for (int i = 0; i < length; i++) {
    
                String[] split1 = split[i].split(":");
                https[i] = new HttpHost(split1[0], Integer.valueOf(split1[1]), scheme);
    
            }
    
            RestClientBuilder builder = RestClient.builder(https)
                    .setFailureListener(new RestClient.FailureListener() {
                        @Override
                        public void onFailure(Node node) {
                            HttpHost host = node.getHost();
                            logger.error("连接ES节点失败,host:{}", host);
                        }
                    });
            //连接数配置
            setMutiConnectConfig(builder);
            //超时配置
            setRequestTimeOutConfig(builder);
    
            restClient = builder.build();
            return restClient;
        }
    
        /**
         * 异步httpclient的连接延时配置
         */
        public void setRequestTimeOutConfig(RestClientBuilder builder) {
            builder.setRequestConfigCallback(new RestClientBuilder.RequestConfigCallback() {
                @Override
                public Builder customizeRequestConfig(RequestConfig.Builder requestConfigBuilder) {
                    requestConfigBuilder.setConnectTimeout(connectTimeOut);
                    requestConfigBuilder.setSocketTimeout(socketTimeOut);
                    requestConfigBuilder.setConnectionRequestTimeout(connectionRequestTimeOut);
                    return requestConfigBuilder;
                }
            });
        }
    
        /**
         * 异步httpclient的连接数配置
         */
        public void setMutiConnectConfig(RestClientBuilder builder) {
            builder.setHttpClientConfigCallback(new RestClientBuilder.HttpClientConfigCallback() {
                @Override
                public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) {
                    if (is_SSL_es) {
                        try {
                            KeyStore truststore = KeyStore.getInstance("PKCS12");
    
                            truststore.load(Files.newInputStream(Paths.get(certPath)), "".toCharArray());
    
                            SSLContext sslcontext = SSLContexts.custom().loadTrustMaterial(truststore, new TrustSelfSignedStrategy()).build();
                            CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
                            credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("elastic", "123456"));
    
                            httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
                            httpClientBuilder.setSSLHostnameVerifier(new HostnameVerifier() {
                                public boolean verify(String hostname, SSLSession session) {
                                    return true;
                                }
                            });
                            httpClientBuilder.setSSLContext(sslcontext);
                            httpClientBuilder.setMaxConnTotal(maxConnectNum);
                            httpClientBuilder.setMaxConnPerRoute(maxConnectPerRoute);
                        } catch (KeyStoreException | IOException | CertificateException | NoSuchAlgorithmException | KeyManagementException e) {
                            logger.error("配置ES加密集群连接数错误!-", e);
                            e.printStackTrace();
                        }
                    } else {
                        httpClientBuilder.setMaxConnTotal(maxConnectNum);
                        httpClientBuilder.setMaxConnPerRoute(maxConnectPerRoute);
                    }
                    return httpClientBuilder;
                }
            });
        }
    
    }
    
    
    transport方式(一般代码写入会使用这个使用9300端口,但是官方不推荐并且会在8之后移除此)
    
    import org.elasticsearch.client.transport.TransportClient;
    import org.elasticsearch.common.settings.Settings;
    import org.elasticsearch.common.transport.TransportAddress;
    import org.elasticsearch.xpack.client.PreBuiltXPackTransportClient;
    import org.springframework.beans.factory.annotation.Value;
    import org.springframework.context.annotation.Bean;
    import org.springframework.context.annotation.Configuration;
    import org.springframework.data.elasticsearch.core.ElasticsearchTemplate;
    
    import java.io.FileNotFoundException;
    import java.net.InetAddress;
    import java.net.UnknownHostException;
    
    /**
     * Created by JGMa on 2019-06-03
     **/
    @Configuration
    public class ESTransportConfig {
        @Value("${elasticsearch.cluster_name:elasticsearch}")
        private String clusterName;
    
        @Value("${elasticsearch.transport_es_nodes:127.0.0.1:9300}")
        private String clusterNodes;
    
        @Value("${is_SSL_es}")
        private Boolean is_ssl_es;
    
        @Value("${elasticsearch.certPath:certs\\elastic-certificates.p12}")
        private String certPath;
    
        @Bean(name = "sslTransportClient")
        public TransportClient getTransportClient() throws FileNotFoundException {
            try {
                PreBuiltXPackTransportClient packTransportClient = new PreBuiltXPackTransportClient(settings());
                String[] split = clusterNodes.split(",");
                for (String s : split) {
                    String[] split1 = s.split(":");
                    int port = Integer.parseInt(split1[1]);
                    packTransportClient.addTransportAddress(new TransportAddress(InetAddress.getByName(split1[0]), port));
                }
    
                return packTransportClient;
            } catch (UnknownHostException e) {
                e.printStackTrace();
                return null;
            }
        }
    
        private Settings settings() throws FileNotFoundException {
            if (is_ssl_es) {
                Settings.Builder builder = Settings.builder();
                builder.put("cluster.name", clusterName);
                builder.put("xpack.security.user", "elastic:123456");
                builder.put("xpack.security.enabled", true);
                builder.put("xpack.security.transport.ssl.keystore.path", certPath);
                builder.put("xpack.security.transport.ssl.truststore.path", certPath);
                builder.put("xpack.security.transport.ssl.verification_mode", "certificate");
                builder.put("xpack.security.transport.ssl.enabled", true);
                builder.put("thread_pool.search.size", 10);//增加线程池个数,暂时设为10
                return builder.build();
            } else {
                Settings.Builder builder = Settings.builder();
                return builder.build();
    
            }
        }
    
        @Bean(name = "elasticsearchTemplate")
        public ElasticsearchTemplate getElasticSearchTemplate() throws Exception {
            return new ElasticsearchTemplate(getTransportClient());
        }
    }
    
    

    上方给出了elasticsearchTemplate访问xpack的集成,springboot使用方便

    kibana集成xpack

    使用xpack加密集群之后,es-header就不可以使用了,不过kibana要更好用

    如上文所说PEM格式格式生成后后出现一个压缩包,正常的里面会有如下目录
    instance
    在这里插入图片描述
    ca
    在这里插入图片描述
    然后下载响应的kibana版本配置yml如下

    # 用于所有查询的ElasticSearch实例的url,7.2的kibana是.host
    elasticsearch.url: "https://localhost:9200"
    
    # es集群设置的xpack密码
    elasticsearch.username: "elastic"
    elasticsearch.password: "123456"
    
    # 提供PEM格式SSL证书和密钥文件路径的可选设置。 
    # 这些文件确认您的弹性搜索后端使用相同的密钥文件。
    elasticsearch.ssl.certificate: D:\\certs\\certificate-bundle\\instance\\instance.crt
    elasticsearch.ssl.key: D:\\certs\\certificate-bundle\\instance\\instance.key
    
    # 可选设置,用于为证书指定到PEM文件的路径 
    # 您的ElasticSearch实例的权限。 
    elasticsearch.ssl.certificateAuthorities: [ "D:\\certs\\certificate-bundle\\ca\\ca.crt" ]
    
    # 若要忽略SSL证书的有效性,请将此设置的值更改为'none'
    elasticsearch.ssl.verificationMode: none
    

    访问就输入用户名密码就可以了,如果是服务器,请填写kibana的ip配置文件里面有

    xpack破解
    • 破解思路:需要修改es的源码

    • 下面这个是我已经破解了的针对es6.5.0的jar包

      • 检查x-pack 的许可证状态:_xpack/license
        在这里插入图片描述
      • 先关闭x-park 功能:xpack.security.enabled: false
      • \elasticsearch-6.5.0\modules\x-pack-core 替换 ,重启服务
      • 使用post访问_xpack/license 注册许可证
        在这里插入图片描述

        这里不能上传文件大家可以取我得页面下载,license文件和破解的xpack jar文件,没有积分的联系我发你。

    展开全文
  • xpack and marvel

    2020-11-28 01:40:02
    However, when installing xpack and setting marve-agent as feature of xpack, there are no performance or monitoring data fed into the kibana marvel application. I can also not find any files or ...
  • es xpack 配置详情

    2020-12-15 20:10:13
    es xpack 配置详情 7.10.1,通过安装 es kibana,使用自带的 x pack 插件来完成权限控制,网上很多都不全,本文非常详细。es kibana 版本号为 7.10.1 与 7.10.0,并且附带相关的步骤,以及方案。
  • xpack-basic" and "xpack-pro" roles, so that we can tag pages differently depending on the high-level subscription types (https://www.elastic.co/subscriptions). </p><p>该提问来源于开源项目&...
  • - es_enable_xpack: false - es_xpack_features: ["alerting","monitoring","graph","ml","security"] <p>With the default values, XPACK is not installed But the ...
  • 1、elasticsearch安装xpack插件离线安装xpack:/usr/local/elasticsearch-5.4.0/bin/elasticsearch-plugin install file:///usr/local/software/x-pack-5.4.0.zip卸载xpack:/usr/local/elasticsearch-5.4.0/bin/...

    1、elasticsearch安装xpack插件

    离线安装xpack:

    /usr/local/elasticsearch-5.4.0/bin/elasticsearch-plugin install file:///usr/local/software/x-pack-5.4.0.zip

    卸载xpack:

    /usr/local/elasticsearch-5.4.0/bin/elasticsearch-plugin remove x-pack

    Downloading file:///usr/local/software/x-pack-5.4.0.zip

    [=================================================] 100%

    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

    @ WARNING: plugin requires additional permissions @

    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

    * java.io.FilePermission \\.\pipe\* read,write

    * java.lang.RuntimePermission accessClassInPackage.com.sun.activation.registries

    * java.lang.RuntimePermission getClassLoader

    * java.lang.RuntimePermission setContextClassLoader

    * java.lang.RuntimePermission setFactory

    * java.security.SecurityPermission createPolicy.JavaPolicy

    * java.security.SecurityPermission getPolicy

    * java.security.SecurityPermission putProviderProperty.BC

    * java.security.SecurityPermission setPolicy

    * java.util.PropertyPermission * read,write

    * java.util.PropertyPermission sun.nio.ch.bugLevel write

    * javax.net.ssl.SSLPermission setHostnameVerifier

    See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html

    for descriptions of what these permissions allow and the associated risks.

    Continue with installation? [y/N]y

    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

    @ WARNING: plugin forks a native controller @

    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

    This plugin launches a native controller that is not subject to the Java

    security manager nor to system call filters.

    Continue with installation? [y/N]y

    -> Installed x-pack

    更改密码,初始密码changeme

    curl -XPUT -u elastic '192.168.1.101:9200/_xpack/security/user/elastic/_password' -H "Content-Type: application/json" -d '{

    "password" : "123456"

    }'

    更改kibana密码,此时密码为上一步刚改的es的密码

    curl -XPUT -u elastic '192.168.1.101:9200/_xpack/security/user/kibana/_password' -H "Content-Type: application/json" -d '{

    "password" : "123456"

    }'

    新创建角色

    curl -XPOST -u elastic '192.168.1.101:9200/_xpack/security/role/events_admin' -H "Content-Type: application/json" -d '{

    "indices" : [

    {

    "names" : [ "events*" ],

    "privileges" : [ "all" ]

    },

    {

    "names" : [ ".kibana*" ],

    "privileges" : [ "manage", "read", "index" ]

    }

    ]

    }'

    新创建账户

    curl -XPOST -u elastic '192.168.1.101:9200/_xpack/security/user/admin' -H "Content-Type: application/json" -d '{

    "password" : "111111",

    "full_name" : "administrator",

    "email" : "admin@anony.mous",

    "roles" : [ "events_admin" ]

    }'

    2、kibana安装xpack插件:

    离线安装xpack:

    /usr/local/kibana-5.4.0-linux-x86_64/bin/kibana-plugin install file:///usr/local/software/x-pack-5.4.0.zip

    Retrieving metadata from plugin archive

    Extracting plugin archive

    Extraction complete

    Optimizing and caching browser bundles...(此步时间较长,耐心等待)

    Plugin installation complete

    修改kibana.yml配置:

    vim /usr/local/kibana-5.4.0-linux-x86_64/config/kibana.yml

    elasticsearch.username: "elastic"

    elasticsearch.password: "123456"

    重启kibana:

    nohup /usr/local/kibana-5.4.0-linux-x86_64/bin/kibana -c /usr/local/kibana-5.4.0-linux-x86_64/config/kibana.yml> /dev/null 2>&1 &

    卸载xpack:

    /usr/local/kibana-5.4.0-linux-x86_64/bin/kibana-plugin remove x-pack

    进入http://localhost:5601/ ,输入用户名和密码登录,默认分别是 elastic 和 changeme

    展开全文
  • Xpack basic licence 6.4

    2020-11-27 18:38:28
    <p>How can I add the basic license of xpack by ansible? <p>There is no equivalent to "xpack.license.self_generated.type" <p>Thanks in advance William</p><p>该提问来源于开源项目:elastic/...
  • Settings settings = Settings.builder().put("xpack.security.transport.ssl.enabled", true).put("xpack.security.enabled", true).put("xpack.security.user", "elastic:elastic")// .put("client.transport.igno...

    Settings settings = Settings.builder()

    .put("xpack.security.transport.ssl.enabled", true)

    .put("xpack.security.enabled", true)

    .put("xpack.security.user", "elastic:elastic")

    // .put("client.transport.ignore_cluster_name", true)

    .put("client.transport.sniff", false) //自动嗅探整个集群的状态,把集群中其他ES节点的ip添加到本地的客户端列表中

    .put("cluster.name", esClusterName)

    .put("request.headers.X-Found-Cluster",esClusterName)

    .build();

    PreBuiltTransportClient preBuiltTransportClient = new PreBuiltXPackTransportClient(settings);

    for (String host : esHost.split(",")) {

    preBuiltTransportClient.addTransportAddress(new TransportAddress(InetAddress.getByName(host), 9300));

    }

    断点发现 client存在异常(使用9300端口)

    Method threw 'java.lang.StackOverflowError' exception. Cannot evaluate org.elasticsearch.common.inject.InjectorImpl.toString()

    且 使用RestHighLevelClient 方式 获取数据没有异常(http走的9200端口)

    展开全文
  • New STIG Xpack playbook

    2020-11-28 01:26:57
    <p>Currently this works by importing the xpack.yml playbook and then building off of that. The intention was to keep the STIG playbook separate without making changes to current files in master. Newly...
  • In this instance both xpack and sentinl are installed . When i remove xpack and then run kibana , sentinl is working properly. </li></ol>该提问来源于开源项目:lmangani/sentinl</p></div>
  • # xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12 # xpack.security.http.ssl.enabled: true # xpack.security....
  • <div><p>The following proposes a design for XPack support in the role. This should allow us to handle plugins in the future which have similar complexity to shield. Feedback requested. <p>The XPack ...
  • xpack用户管理

    2018-07-04 12:07:00
    xpack对权限的管理包含两个主要的概念,用户和角色。角色可以限定具体的权限,包括读、写、管理等,可以限定到index或具体字段级别。用户则可以拥有一个或多个角色信息。有了这两个概念就使得权限的管理非常明确清晰...

    xpack对权限的管理包含两个主要的概念,用户和角色。角色可以限定具体的权限,包括读、写、管理等,
    可以限定到index或具体字段级别。用户则可以拥有一个或多个角色信息。有了这两个概念就使得权限的管理非常明确清晰。

    权限管理主要有两种方式:

    1.kibana mangement管理界面进行角色和用户的管理操作

    2.通过RESTful API的方式进行用户管理
    推荐使用第一种,直观方便,但是需要收费。
    ###########################################################################################
    下面是使用ESTful API的方式进行用户管理的demo及相关信息:

    权限控制流程:
    1.创建角色

    POST /_xpack/security/role/my_admin_role
    {
    "cluster": ["all"],
    "indices": [
    {
    "names": [ "index1", "index2" ],
    "privileges": ["all"],
    "field_security" : {
    "grant" : [ "title", "body" ]
    },
    "query": "{\"match\": {\"title\": \"foo\"}}" // optional
    }
    ],
    "run_as": [ "other_user" ], // optional
    "metadata" : {
    "version" : 1
    }
    }

    request body
    cluster:集群级别操作权限的列表
    indices:索引权限列表
    field_security:字段权限
    names (required):赋予权限的索引名称
    privileges(required):索引级别的权限
    query:查询规则限定
    metadata:暂时不了解其作用
    run_as:允许已认证的用户代表其他用户执行操作

    删除角色

    DELETE /_xpack/security/role/my_admin_role

    api官网地址
    https://www.elastic.co/guide/en/elasticsearch/reference/6.2/security-api-roles.html


    2.添加用户

    POST /_xpack/security/user/jacknich
    {
    "password" : "j@rV1s",
    "roles" : [ "admin", "other_role1" ],
    "full_name" : "Jack Nicholson",
    "email" : "jacknich@example.com",
    "metadata" : {
    "intelligence" : 7
    }
    }

    request body
    enabled:用户是否有效
    email:email地址
    full_name:全称
    metadata:要与用户关联的任意元数据
    password (required):密码
    roles (required):角色

    修改密码

    PUT /_xpack/security/user/jacknich/_password
    {
    "password" : "s3cr3t"
    }

    用户管理api

    GET /_xpack/security/user
    GET /_xpack/security/user/<username>
    DELETE /_xpack/security/user/<username>
    POST /_xpack/security/user/<username>
    PUT /_xpack/security/user/<username>
    PUT /_xpack/security/user/<username>/_disable
    PUT /_xpack/security/user/<username>/_enable
    PUT /_xpack/security/user/<username>/_password

    api官网地址
    https://www.elastic.co/guide/en/elasticsearch/reference/6.2/security-api-users.html


    角色管理api

    GET /_xpack/security/role
    GET /_xpack/security/role/<name>
    POST /_xpack/security/role/<name>/_clear_cache
    POST /_xpack/security/role/<name>
    PUT /_xpack/security/role/<name>
    DELETE /_xpack/security/role/<name>

    创建角色

    POST /_xpack/security/role/my_admin_role
    {
    "cluster": ["all"],
    "indices": [
    {
    "names": [ "index1", "index2" ],
    "privileges": ["all"],
    "field_security" : { // optional
    "grant" : [ "title", "body" ]
    },
    "query": "{\"match\": {\"title\": \"foo\"}}" // optional
    }
    ],
    "run_as": [ "other_user" ], // optional
    "metadata" : { // optional
    "version" : 1
    }
    }

    #################################################################
    其他相关信息
    内置账号

    username    role    权限
    elastic    superuser    内置的超级用户
    kibana    kibana_system    用户kibana用来连接elasticsearch并与之通信。Kibana服务器以该用户身份提交请求以访问集群监视API和 .kibana索引。不能访问index。
    logstash_system    logstash_system    用户Logstash在Elasticsearch中存储监控信息时使用

    Security-Roles权限

    ingest_admin    授予访问权限以管理所有索引模板和所有摄取管道配置。这个角色不能提供创建索引的能力; 这些特权必须在一个单独的角色中定义。
    kibana_dashboard_only_user    授予对Kibana仪表板的访问权限以及对.kibana索引的只读权限。 这个角色无法访问Kibana中的编辑工具。
    kibana_system    授予Kibana系统用户读取和写入Kibana索引所需的访问权限,管理索引模板并检查Elasticsearch集群的可用性。 此角色授予对.monitoring- 索引的读取访问权限以及对.reporting- 索引的读取和写入访问权限。
    kibana_user    授予Kibana用户所需的最低权限。 此角色授予访问集群的Kibana索引和授予监视权限。
    logstash_admin    授予访问用于管理配置的.logstash *索引的权限。
    logstash_system    授予Logstash系统用户所需的访问权限,以将系统级别的数据(如监视)发送给Elasticsearch。不应将此角色分配给用户,因为授予的权限可能会在不同版本之间发生变化。此角色不提供对logstash索引的访问权限,不适合在Logstash管道中使用。
    machine_learning_admin    授予manage_ml群集权限并读取.ml- *索引的访问权限。
    machine_learning_user    授予查看X-Pack机器学习配置,状态和结果所需的最低权限。此角色授予monitor_ml集群特权,并可以读取.ml-notifications和.ml-anomalies *索引,以存储机器学习结果
    monitoring_user    授予除使用Kibana所需的X-Pack监视用户以外的任何用户所需的最低权限。 这个角色允许访问监控指标。 监控用户也应该分配kibana_user角色
    remote_monitoring_agent    授予远程监视代理程序将数据写入此群集所需的最低权限
    reporting_user    授予使用Kibana所需的X-Pack报告用户所需的特定权限。 这个角色允许访问报告指数。 还应该为报告用户分配kibana_user角色和一个授予他们访问将用于生成报告的数据的角色。 
    superuser #授予对群集的完全访问权限,包括所有索引和数据。 具有超级用户角色的用户还可以管理用户和角色,并模拟系统中的任何其他用户。 由于此角色的宽容性质,在将其分配给用户时要格外小心
    transport_client    通过Java传输客户端授予访问集群所需的权限。 Java传输客户端使用节点活性API和群集状态API(当启用嗅探时)获取有关群集中节点的信息。 如果他们使用传输客户端,请为您的用户分配此角色。使用传输客户端有效地意味着用户被授予访问群集状态的权限。这意味着用户可以查看所有索引,索引模板,映射,节点以及集群基本所有内容的元数据。但是,此角色不授予查看所有索引中的数据的权限
    watcher_admin    授予对.watches索引的写入权限,读取对监视历史记录的访问权限和触发的监视索引,并允许执行所有监视器操作
    watcher_user    授予读取.watches索引,获取观看动作和观察者统计信息的权限

    官网地址
    https://www.elastic.co/guide/en/x-pack/6.2/built-in-roles.html


    cluster权限,可以分配给角色的权限
    权限详情

    all    所有集群管理操作,如快照,节点关闭/重新启动,设置更新,重新路由或管理用户和角色
    monitor    所有集群只读操作,如集群运行状况,热线程,节点信息,节点和集群统计信息,快照/恢复状态,等待集群任务
    monitor_ml    所有只读机器学习操作,例如获取有关数据传输,作业,模型快照或结果的信息
    monitor_watcher    所有只读操作,例如获取watch和watcher统计信息
    manage    构建monitor并添加更改集群中值的集群操作。这包括快照,更新设置和重新路由。此特权不包括管理安全性的能力
    manage_index_templates    索引模板上的所有操作
    manage_ml    所有机器学习操作,例如创建和删除数据传输,作业和模型快照。数据处理以具有提升特权的系统用户身份运行,包括读取所有索引的权限
    manage_pipeline    摄取管道的所有操作
    manage_security    所有与安全相关的操作,例如对用户和角色的CRUD操作以及缓存清除
    manage_watcher    所有观察者操作,例如放置watches,执行,激活或确认。Watches作为具有提升特权的系统用户运行,包括读取和写入所有索引的权限。Watches作为具有提升特权的系统用户运行,包括读取和写入所有索引的权限
    transport_client    传输客户端连接所需的所有权限。远程群集需要启用跨级群搜索

    indices权限
    权限详情

    all    索引上的任何操作
    monitor    监控所需的所有操作(恢复,细分信息,索引统计信息和状态)
    manage    所有monitor特权加索引管理(别名,分析,缓存清除,关闭,删除,存在,刷新,映射,打开,强制合并,刷新,设置,搜索分片,模板,验证)
    view_index_metadata    对索引元数据(别名,别名存在,获取索引,存在,字段映射,映射,搜索分片,类型存在,验证,warmers,设置)进行只读访问。此特权主要供Kibana用户使用
    read    只读操作(计数,解释,获取,mget,获取索引脚本,更多像这样,多渗透/搜索/ termvector,渗透,滚动,clear_scroll,搜索,建议,tv)
    read_cross_cluster    只读访问来自远程集群的搜索操作
    index    索引和更新文件。还授予对更新映射操作的访问权限
    create    索引文件。还授予对更新映射操作的访问权限
    delete    删除文件
    write    对文档执行所有写入操作的权限,包括索引,更新和删除文档以及执行批量操作的权限。还授予对更新映射操作的访问权限
    delete_index    删除索引
    create_index    创建索引。创建索引请求可能包含在创建索引时添加到索引的别名。在这种情况下,该请求最好有manage权限,同时设置索引和别名

    官网地址
    https://www.elastic.co/guide/en/x-pack/6.2/security-privileges.html

    转载于:https://www.cnblogs.com/libin2015/p/9262650.html

    展开全文
  • elasticsearch xpack crack

    2018-01-12 10:23:54
    How to crack xpack license on elasticsearch the script for crack xpack, it will generate a xpack crack jar and a license.json; usage: replace the value of ES_HOME to your...
  • XPACK_INFRA_SOURCES_DEFAULT_METRICALIAS XPACK_INFRA_SOURCES_DEFAULT_LOGALIAS XPACK_INFRA_SOURCES_DEFAULT_FIELDS_MESSAGE XPACK_INFRA_SOURCES_DEFAULT_FIELDS_HOST XPACK_INFRA_SOURCES_DEFAULT_FIELDS_...
  • 环境:linux系统 ubuntu;JDK8; Elasticsearch 6.5.1 xpack 试用版
  • elasticsearch kibana开启xpack认证

    千次阅读 2019-08-19 17:52:02
    文章目录场景kibana开启xpackelasearch开启xpack使用auth过的kibana 场景 elasticsearch kibana 基本上是多人使用的, 所以进行权限控制是必然 kibana开启xpack 登录kibana 在管理页面升级许可证 路径 Management...
  • <div><p>APM in x-pack currently uses <code>xpack.apm.ui.enabled</code> but the plan is to move to <code>xpack.apm.enabled</code> for consistency with the other options. Since this is a breaking change...
  • <ol><li>Deploy elasticsearch without xpack security turn on (basic license)</li><li>Verify the cluster is running correctly</li><li>Enable xpack security and monitoring to true (gold license)</li><li>...
  • <div><p>This breaks the xpack tag out of the main CSS file, moving it into one that we import with the goal of making the CSS more manageable.</p><p>该提问来源于开源项目:elastic/docs</p></div>
  • <div><p>Anyone have a config with XPACK Security? I have been trying to get it setup on a single node "test". I can get the Kibana and Elasticsearch setup and working but I am having trouble ...
  • Elastic 安全配置 开启xpack

    千次阅读 2019-09-18 06:39:01
    1、生成证书 bin/elasticsearch-certutil ca bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 mv bin/elastic-certificates.p12 config/ mv bin/elastic-stack-ca...2、编辑elasticsearch.yml开启xpack ...
  • t seem to have included support for xpack as it exists in 5.0. Using the default recipe won't result in success if you've got a subscription and try this for 5.0. I ran into this when I ...
  • SSL with XPACK does not work

    2020-11-29 07:21:09
    <p>If I deactivate SSL for elasticsearch transport ( xpack.security.transport.ssl.enabled: false in elastic config) I have no more the problem. <p>Best Regards Eric</p><p>该提问来源于开源项目:...
  • xPack 来自于许多年前我写的 xywhPack 项目的重构。 写 xywhPack 时还很稚嫩,功能贪多,工具难用,只在XGE早期版本做过集成。 xPack 相对来说目的明确了很多,功能不求多,能把文件打包起来,可以用工具或者...
  • m setting a number of environment variables on the Kibana container to disable XPack extensions. <p>The Crate website has a <a href="https://crate.io/faq/visualization/can-i-use-kibana-with-crate/">...
  • self.xpack = XPackClient(self) File "/home/ubuntu/.local/lib/python3.7/site-packages/elasticsearch/client/xpack/__init__.py", line 42, in __init__ setattr(self, namespace, getattr(self....

空空如也

1 2 3 4 5 ... 20
收藏数 963
精华内容 385
关键字:

xpack