【问题标题】:how enable anonymous access in ElasticSearch 5.3如何在 ElasticSearch 5.3 中启用匿名访问
【发布时间】:2017-04-07 14:57:52
【问题描述】:

我刚刚下载了 ElasticSearch、LogStash 和 Kibana 5.3 版(直到几个小时前我还在使用 5.2.something)。我在每个 ELK 中都安装了 XPack。之后我就不能再使用logstash了。

LogStash 错误:

./logstash -f /log_to_elastic53.conf

...
    [2017-04-06T19:25:55,704][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>#<URI::HTTP:0x3c6582db URL:http://127.0.0.1:9200/>, :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :error=>"Got response code '401' contacting Elasticsearch at URL 'http://127.0.0.1:9200/'"}

我的 log_to_elastic53.conf

input { stdin { } }
output {
  elasticsearch { hosts => ["127.0.0.1:9200"] }
  stdout { codec => rubydebug }
}

我设置 ElasticSearch 以这种方式接受匿名呼叫:

来源想法:https://www.elastic.co/guide/en/x-pack/current/anonymous-access.html

elasticsearch.yml

xpack.security.authc:
  anonymous:
    username: anonymous_user 
    roles: role1, role2 
    authz_exception: false

附:我在 authz_exception 中尝试了 false/true

有趣的是 Kibana 也抱怨一些权限,但我想知道它是否与 Debian 相关而不是 ELK:无法提取 phantom.js 档案

./kibana

undefined accessed the autoload lists which are no longer available via the Plugin API.Use the `ui/autoload/*` modules instead.
undefined accessed the autoload lists which are no longer available via the Plugin API.Use the `ui/autoload/*` modules instead.
  log   [22:24:55.244] [warning] Plugin "Sense" was disabled because it expected Kibana version "2.0.0-snapshot", and found "5.3.0".
  log   [22:24:55.499] [info][status][plugin:kibana@5.3.0] Status changed from uninitialized to green - Ready
  log   [22:24:55.568] [info][status][plugin:elasticsearch@5.3.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch
  log   [22:24:55.575] [info][status][plugin:xpack_main@5.3.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch
  log   [22:24:55.739] [info][status][plugin:graph@5.3.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch
  log   [22:24:55.747] [info][status][plugin:monitoring@5.3.0] Status changed from uninitialized to green - Ready
  log   [22:24:55.751] [warning][reporting] Generating a random key for xpack.reporting.encryptionKey. To prevent pending reports from failing on restart, please set xpack.reporting.encryptionKey in kibana.yml
  log   [22:24:55.756] [info][status][plugin:reporting@5.3.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch
  log   [22:24:55.958] [error][reporting] ExtractError: Failed to extract the phantom.js archive
    at Extract.<anonymous> (/home/demetrio/Servers/DBs/kibana-5.3.0-amd64/usr/share/kibana/plugins/x-pack/plugins/reporting/server/lib/extract/bunzip2.js:18:16)
    at emitOne (events.js:101:20)
    at Extract.emit (events.js:188:7)
    at Extract.destroy (/home/demetrio/Servers/DBs/kibana-5.3.0-amd64/usr/share/kibana/plugins/x-pack/node_modules/tar-stream/extract.js:191:17)
    at onunlock (/home/demetrio/Servers/DBs/kibana-5.3.0-amd64/usr/share/kibana/plugins/x-pack/node_modules/tar-stream/extract.js:69:26)
    at stat (/home/demetrio/Servers/DBs/kibana-5.3.0-amd64/usr/share/kibana/plugins/x-pack/node_modules/tar-fs/index.js:232:23)
    at /home/demetrio/Servers/DBs/kibana-5.3.0-amd64/usr/share/kibana/plugins/x-pack/node_modules/mkdirp/index.js:46:53
    at FSReqWrap.oncomplete (fs.js:123:15)
  log   [22:24:55.959] [error][reporting] Error: EACCES: permission denied, mkdir '/var/lib/kibana/phantomjs-2.1.1-linux-x86_64'
    at Error (native)
  log   [22:24:55.960] [error][status][plugin:reporting@5.3.0] Status changed from yellow to red - Insufficient permissions for extracting the phantom.js archive. Make sure the Kibana data directory (path.data) is owned by the same user that is running Kibana.
  log   [22:24:55.968] [info][status][plugin:security@5.3.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch
  log   [22:24:55.969] [warning][security] Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in kibana.yml
  log   [22:24:55.972] [warning][security] Session cookies will be transmitted over insecure connections. This is not recommended.
  log   [22:24:56.022] [info][status][plugin:searchprofiler@5.3.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch
  log   [22:24:56.033] [info][status][plugin:tilemap@5.3.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch
  log   [22:24:56.042] [info][status][plugin:console@5.3.0] Status changed from uninitialized to green - Ready
  log   [22:24:56.217] [info][status][plugin:elasticsearch@5.3.0] Status changed from yellow to green - Kibana index ready
  log   [22:24:56.219] [info][status][plugin:timelion@5.3.0] Status changed from uninitialized to green - Ready
  log   [22:24:56.223] [info][listening] Server running at http://localhost:5601
  log   [22:24:56.225] [info][status][ui settings] Status changed from uninitialized to green - Ready
  log   [22:24:56.355] [info][license][xpack] Imported license information from Elasticsearch: mode: trial | status: active | expiry date: 2017-05-06T18:53:19-03:00
  log   [22:24:56.365] [info][status][plugin:monitoring@5.3.0] Status changed from green to yellow - Waiting for Monitoring Health Check
  log   [22:24:56.368] [info][status][plugin:xpack_main@5.3.0] Status changed from yellow to green - Ready
  log   [22:24:56.369] [info][status][plugin:graph@5.3.0] Status changed from yellow to green - Ready
  log   [22:24:56.370] [info][status][plugin:reporting@5.3.0] Status changed from red to green - Ready
  log   [22:24:56.371] [info][status][plugin:security@5.3.0] Status changed from yellow to green - Ready
  log   [22:24:56.371] [info][status][plugin:searchprofiler@5.3.0] Status changed from yellow to green - Ready
  log   [22:24:56.372] [info][status][plugin:tilemap@5.3.0] Status changed from yellow to green - Ready
  log   [22:24:58.357] [info][status][plugin:monitoring@5.3.0] Status changed from yellow to green - Ready

【问题讨论】:

    标签: elasticsearch logstash kibana elastic-stack


    【解决方案1】:

    您可以关注the official documentation配置一个角色和用户,让Logstash连接Elasticsearch,而不是允许具有高安全风险的匿名访问。

    Logstash 需要能够管理索引模板、创建索引以及在它创建的索引中写入和删除文档。

    为 Logstash 设置身份验证凭据:

    1. 创建一个拥有 manage_index_templates 集群权限以及 Logstash 索引的写入、删除和创建索引权限的 logstash_writer 角色。您可以从 Kibana 中的管理 > 角色 UI 或通过角色 API 创建角色:

      POST _xpack/security/role/logstash_writer
      {
        "cluster": ["manage_index_templates", "monitor"],
        "indices": [
          {
            "names": [ "logstash-*" ], 
            "privileges": ["write","delete","create_index"]
          }
        ]
      }
      
    2. 创建一个 logstash_internal 用户并为其分配 logstash_writer 角色。您可以从 Kibana 中的管理 > 用户 UI 或通过用户 API 创建用户:

      POST _xpack/security/user/logstash_internal
      {
        "password" : "changeme",
        "roles" : [ "logstash_writer"],
        "full_name" : "Internal Logstash User"
      }
      
    3. 将 Logstash 配置为以您刚刚创建的 logstash_internal 用户身份进行身份验证。您可以在 Logstash .conf 文件中为每个 Elasticsearch 插件单独配置凭据。例如:

      input {
          ...
          user => logstash_internal
          password => changeme
        }
      filter {
          ...
          user => logstash_internal
          password => changeme
        }
      output {
        elasticsearch {
          ...
          user => logstash_internal
          password => changeme
        }
      

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2014-03-12
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2016-02-15
      • 2015-11-14
      • 1970-01-01
      相关资源
      最近更新 更多