网站设计学习机构,关注公众号赚钱,一个网站做多少关键词,互联网营销设计一#xff0c;
前言
本文主要内容是通过elasticsearch的api来进行一些集群的管理和信息查询工作#xff0c;以及elasticsearch用户的增删改查和密码的重设以及重置如何操作
接上文#xff1a;elasticsearch|大数据|elasticsearch低版本集群的部署安装和安全增强---密码设…一
前言
本文主要内容是通过elasticsearch的api来进行一些集群的管理和信息查询工作以及elasticsearch用户的增删改查和密码的重设以及重置如何操作
接上文elasticsearch|大数据|elasticsearch低版本集群的部署安装和安全增强---密码设置问题-CSDN博客
上文主要介绍了elasticsearch低版本集群的部署和密码的设定这些是大大的提高了集群的安全性但关于security安全性只是稍微提及本文将要更加的深入的介绍这些安全措施其次是部署完集群仅仅是第一步如何正确的使用高效的使用集群才是最终的目的本文也将从这些方面做一个简单的论述。
二
elasticsearch的安全插件----xpack
该插件主要是两个功能第一个是通过config文件夹下的elasticsearch-keystone文件加密api使得在使用api的时候必须要先检验预设的用户和密码
其次是ssl加密通过certgen这个工具生成自签的ca证书高版本的es这个工具可能改名以提高elasticsearch的网络安全
在主配置文件中有以下三个选项这三个选项是这两个功能的开关
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: false
xpack.security.http.ssl.ssl.enabled: false
上文讲了密码校验的开启ssl如何开启没有说本文就把这个补充上吧
xpack.security.transport.ssl.enabled: false 这个选项应该是集群间ssl自签证书验证防止恶意的增添节点
xpack.security.http.ssl.ssl.enabled: false 这个选项应该是使用自签证书外部访问集群的时候需要证书验证通俗的说就是https
那么先开启xpack.security.transport.ssl.enabled具体步骤如下
1在master节点生成ca证书这个证书带密码也可以不带密码我这里用了密码随意设置一个记得住的就可以了# 生成elastic-stack-ca.p12文件
[rootnode1 es]# ./bin/x-pack/certutil ca
This tool assists you in the generation of X.509 certificates and certificate
signing requests for use with SSL/TLS in the Elastic stack.The ca mode generates a new certificate authority
This will create a new X.509 certificate and private key that can be used
to sign certificate when running in cert mode.Use the ca-dn option if you wish to configure the distinguished name
of the certificate authorityBy default the ca mode produces a single PKCS#12 output file which holds:* The CA certificate* The CAs private keyIf you elect to generate PEM format certificates (the -pem option), then the output will
be a zip file containing individual files for the CA certificate and private keyPlease enter the desired output file [elastic-stack-ca.p12]:
Enter password for elastic-stack-ca.p12 : 2生成elastic-certificates.p12这个文件在其它节点生成同样的文件命令稍微修改一下#### 生成elastic-certificates.p12文件供elasticsearch使用只在master节点生成然后拷贝到其它节点即可scp命令或者什么其它的方式都可以不得在其它节点自己生成
[rootnode1 es]# ./bin/x-pack/certutil cert --ca elastic-stack-ca.p12
This tool assists you in the generation of X.509 certificates and certificate
signing requests for use with SSL/TLS in the Elastic stack.The cert mode generates X.509 certificate and private keys.* By default, this generates a single certificate and key for useon a single instance.* The -multiple option will prompt you to enter details for multipleinstances and will generate a certificate and key for each one* The -in option allows for the certificate generation to be automated by describingthe details of each instance in a YAML file* An instance is any piece of the Elastic Stack that requires a SSL certificate.Depending on your configuration, Elasticsearch, Logstash, Kibana, and Beatsmay all require a certificate and private key.* The minimum required value for each instance is a name. This can simply be thehostname, which will be used as the Common Name of the certificate. A fulldistinguished name may also be used.* A filename value may be required for each instance. This is necessary when thename would result in an invalid file or directory name. The name provided hereis used as the directory name (within the zip) and the prefix for the key andcertificate files. The filename is required if you are prompted and the nameis not displayed in the prompt.* IP addresses and DNS names are optional. Multiple values can be specified as acomma separated string. If no IP addresses or DNS names are provided, you maydisable hostname verification in your SSL configuration.* All certificates generated by this tool will be signed by a certificate authority (CA).* The tool can automatically generate a new CA for you, or you can provide your own with the-ca or -ca-cert command line options.By default the cert mode produces a single PKCS#12 output file which holds:* The instance certificate* The private key for the instance certificate* The CA certificateIf you elect to generate PEM format certificates (the -pem option), then the output will
be a zip file containing individual files for the instance certificate, the key and the CA certificateIf you elect to generate multiple instances certificates, the output will be a zip file
containing all the generated certificatesEnter password for CA (elastic-stack-ca.p12) :
Please enter the desired output file [elastic-certificates.p12]:
Enter password for elastic-certificates.p12 : Certificates written to /data/es/elastic-certificates.p12This file should be properly secured as it contains the private key for
your instance.This file is a self contained file and can be copied and used as is
For each Elastic product that you wish to configure, you should copy
this .p12 file to the relevant configuration directory
and then follow the SSL configuration instructions in the product guide.For client applications, you may only need to copy the CA certificate and
configure the client to trust this certificate.3如果该证书设置了证书那么需要节点认证通过否则会报没有权限读取每个节点都执行
./bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
./bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password4为了防止elasticsearch因为权限问题启动失败再次递归赋属组
chown -Rf es. /data/es
5elasticsearch主配置文件的修改
在主配置文件末尾添加如下内容
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
http.cors.enabled: true
http.cors.allow-origin: *
http.cors.allow-methods : OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers : X-Requested-With,X-Auth-Token,Content-Type,Content-Length
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /data/es/config/cert/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /data/es/config/cert/elastic-certificates.p126在补充说明一下 因为elasticsearch集群是使用的发现机制因此master在扫描到同网段其它的服务器的9300-9305端口的时候就会将其自动加入集群而如果没有任何验证的加入节点是非常危险的因此证书的密码建议是最好设置恶意节点将会因为没有证书文件并通过节点认证而无法随意加入集群这样我们的集群将会比较的安全。 verification_mode 控制服务器证书的验证。有效值为 # full 验证提供的证书是否由可信机构 (CA) 签名并验证服务器的主机名或 IP 地址是否与证书中标识的名称相匹配。 # strict 验证提供的证书是否由可信机构 (CA) 签名并验证服务器的主机名或 IP 地址是否与证书中标识的名称相匹配。如果 Subject Alternative Name 为空则返回错误。# certificate 验证提供的证书是否由可信机构 (CA) 签名但不执行任何主机名验证。# none 不执行服务器证书的验证。此模式会禁用 SSL/TLS 的许多安全优势应仅在谨慎考虑后使用。它主要用作尝试解决 TLS 错误时的临时诊断机制强烈建议不要在生产环境中使用它。 keystore:存放公钥私钥数字签名等信息 truststore:存放信任的证书 keystore和truststore都存放key,不同的地方是truststore只存放公钥的数字证书,代表了可以信任的证书,keystore存放私钥相关. 三
elasticsearch利用x-pack开启https
得先说明https是可以使用自签证书的虽然实际意义不大那在elasticsearch里自然也是可以使用自签证书的了在elasticsearch里主要是通过certutil这个工具生成的该工具主要是自动化使用简单。
集群主机名信息
[rootnode4 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6# kubekey hosts BEGIN
192.168.123.14 node4.cluster.local node4 node-4
192.168.123.11 node1.cluster.local node1 node-1
192.168.123.12 node2.cluster.local node2 node-2
192.168.123.13 node3.cluster.local node3 node-3
127.0.0.1 lb.kubesphere.local
# kubekey hosts END根据以上信息编写证书信息文件主机名和IP地址一一对应哦
[rootnode4 ~]# cat instances.yml
instances:- name: node-1dns: [192.168.123.11]- name: node-2dns: [192.168.123.12]- name: node-3dns: [192.168.123.13] - name: node-4dns: [192.168.123.14]执行以下命令生成证书包
###注生成的证书格式是pem的可以直接使用无需任何转换哪个服务器都可以随便找个服务器就可以了
/data/es/bin/x-pack/certutil cert ca --pem --in instances.yml --out /root/certs.zip
解压上面在root根目录下生成的证书包
replace ca/ca.crt? [y]es, [n]o, [A]ll, [N]one, [r]ename: Ainflating: ca/ca.crt inflating: node-1/node-1.crt inflating: node-1/node-1.key inflating: node-2/node-2.crt inflating: node-2/node-2.key inflating: node-3/node-3.crt inflating: node-3/node-3.key inflating: node-4/node-4.crt inflating: node-4/node-4.key
可以看到有5个文件夹在elasticsearch的主配置文件末尾添加如下内容
node-1服务器
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /data/es/config/cert/node-1.key
xpack.security.http.ssl.certificate: /data/es/config/cert/node-1.crt
xpack.security.http.ssl.certificate_authorities: /data/es/config/cert/ca.crtnode-2服务器
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /data/es/config/cert/node-2.key
xpack.security.http.ssl.certificate: /data/es/config/cert/node-2.crt
xpack.security.http.ssl.certificate_authorities: /data/es/config/cert/ca.crtnode-3服务器
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /data/es/config/cert/node-3.key
xpack.security.http.ssl.certificate: /data/es/config/cert/node-3.crt
xpack.security.http.ssl.certificate_authorities: /data/es/config/cert/ca.crtnode-4服务器
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /data/es/config/cert/node-4.key
xpack.security.http.ssl.certificate: /data/es/config/cert/node-4.crt
xpack.security.http.ssl.certificate_authorities: /data/es/config/cert/ca.crt以上配置都是用的绝对路径因此将前面的cert.zip 文件内的对应文件放置到对应的服务器的指定路径下即可了注意注意需要给证书赋予es用户权限这一步不能漏也就是chown -Rf /data/es 这个命令
然后重启所有节点的elasticsearch服务
如果没有报错的话打开浏览器输入以下网址将可以看到https开启了 可以看到13服务器有日志警告不过无所吊谓
[2023-12-12T23:04:38,187][INFO ][o.e.c.s.ClusterApplierService] [node-2] added {{node-1}{Ihs-2_jwTte3q7zd82z9cg}{2ooshKAZR4epjmfAJ0U2IQ}{192.168.123.11}{192.168.123.11:9300}{ml.machine_memory8975544320, ml.max_open_jobs20, ml.enabledtrue},}, reason: apply cluster state (from master [master {node-3}{kZxWJkP1Tjqo1DkDLcKg0w}{qPA_ePYYTW21FGt2xhMe8A}{192.168.123.13}{192.168.123.13:9300}{ml.machine_memory8370089984, ml.max_open_jobs20, ml.enabledtrue} committed version [80]])
[2023-12-12T23:05:20,748][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [node-2] http client did not trust this servers certificate, closing connection [id: 0x240d6693, L:0.0.0.0/0.0.0.0:19200 ! R:/192.168.123.1:59482]
[2023-12-12T23:05:20,748][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [node-2] http client did not trust this servers certificate, closing connection [id: 0xef2c0f9e, L:0.0.0.0/0.0.0.0:19200 ! R:/192.168.123.1:59483]
[2023-12-12T23:05:28,605][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [node-2] http client did not trust this servers certificate, closing connection [id: 0x8abd3207, L:0.0.0.0/0.0.0.0:19200 ! R:/192.168.123.1:59488]
[2023-12-12T23:05:43,343][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [node-2] http client did not trust this servers certificate, closing connection [id: 0xd9b903fb, L:0.0.0.0/0.0.0.0:19200 ! R:/192.168.123.1:59489]四
报错一览
[2023-12-12T22:07:44,555][ERROR][o.e.b.Bootstrap ] Exception
java.lang.IllegalStateException: failed to load plugin class [org.elasticsearch.xpack.core.XPackPlugin]at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:563) ~[elasticsearch-6.2.4.jar:6.2.4]at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:505) ~[elasticsearch-6.2.4.jar:6.2.4]at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:422) ~[elasticsearch-6.2.4.jar:6.2.4]at org.elasticsearch.plugins.PluginsService.init(PluginsService.java:146) ~[elasticsearch-6.2.4.jar:6.2.4]at org.elasticsearch.node.Node.init(Node.java:303) ~[elasticsearch-6.2.4.jar:6.2.4]at org.elasticsearch.node.Node.init(Node.java:246) ~[elasticsearch-6.2.4.jar:6.2.4]at org.elasticsearch.bootstrap.Bootstrap$5.init(Bootstrap.java:213) ~[elasticsearch-6.2.4.jar:6.2.4]at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:213) ~[elasticsearch-6.2.4.jar:6.2.4]at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:323) [elasticsearch-6.2.4.jar:6.2.4]at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:121) [elasticsearch-6.2.4.jar:6.2.4]at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:112) [elasticsearch-6.2.4.jar:6.2.4]at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) [elasticsearch-6.2.4.jar:6.2.4]at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) [elasticsearch-cli-6.2.4.jar:6.2.4]at org.elasticsearch.cli.Command.main(Command.java:90) [elasticsearch-cli-6.2.4.jar:6.2.4]at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) [elasticsearch-6.2.4.jar:6.2.4]at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:85) [elasticsearch-6.2.4.jar:6.2.4]
Caused by: java.lang.reflect.InvocationTargetExceptionat sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[?:1.8.0_392]at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:554) ~[elasticsearch-6.2.4.jar:6.2.4]... 15 more
Caused by: org.elasticsearch.ElasticsearchException: failed to initialize a TrustManagerFactoryat org.elasticsearch.xpack.core.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:72) ~[?:?]at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:419) ~[?:?]at java.util.HashMap.computeIfAbsent(HashMap.java:1128) ~[?:1.8.0_392]at org.elasticsearch.xpack.core.ssl.SSLService.lambda$loadSSLConfigurations$0(SSLService.java:465) ~[?:?]at java.util.ArrayList.forEach(ArrayList.java:1259) ~[?:1.8.0_392]at org.elasticsearch.xpack.core.ssl.SSLService.loadSSLConfigurations(SSLService.java:464) ~[?:?]at org.elasticsearch.xpack.core.ssl.SSLService.init(SSLService.java:91) ~[?:?]at org.elasticsearch.xpack.core.XPackPlugin.init(XPackPlugin.java:127) ~[?:?]at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[?:1.8.0_392]at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:554) ~[elasticsearch-6.2.4.jar:6.2.4]... 15 more
Caused by: java.io.IOException: keystore password was incorrectat sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2089) ~[?:?]at java.security.KeyStore.load(KeyStore.java:1445) ~[?:1.8.0_392]at org.elasticsearch.xpack.core.ssl.CertUtils.readKeyStore(CertUtils.java:276) ~[?:?]at org.elasticsearch.xpack.core.ssl.CertUtils.trustManager(CertUtils.java:267) ~[?:?]at org.elasticsearch.xpack.core.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:70) ~[?:?]at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:419) ~[?:?]at java.util.HashMap.computeIfAbsent(HashMap.java:1128) ~[?:1.8.0_392]at org.elasticsearch.xpack.core.ssl.SSLService.lambda$loadSSLConfigurations$0(SSLService.java:465) ~[?:?]at java.util.ArrayList.forEach(ArrayList.java:1259) ~[?:1.8.0_392]at org.elasticsearch.xpack.core.ssl.SSLService.loadSSLConfigurations(SSLService.java:464) ~[?:?]at org.elasticsearch.xpack.core.ssl.SSLService.init(SSLService.java:91) ~[?:?]at org.elasticsearch.xpack.core.XPackPlugin.init(XPackPlugin.java:127) ~[?:?]at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[?:1.8.0_392]at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:554) ~[elasticsearch-6.2.4.jar:6.2.4]
以上报错关键词是java.io.IOException: keystore password was incorrect和 sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
很明显是io读写错误根本原因是无权读写这里说的应该是前面添加的证书文件没有添加es属组才造成的因此chown -Rf /data/es 在重启服务发现没有报错了 五
简单的elasticsearch的api使用
1
查看所有节点
[rootnode1 x-pack]# curl -k -XGET https://192.168.123.11:19200/_cat/nodes -uelastic
Enter host password for user elastic:
192.168.123.14 45 93 0 0.28 0.26 0.32 mdi - node-4
192.168.123.13 26 63 2 0.36 0.18 0.20 mdi * node-3
192.168.123.12 23 81 1 0.54 0.34 0.29 mdi - node-2
192.168.123.11 36 61 1 0.06 0.15 0.20 mdi - node-1第一列ipes节点ip
第二列heap.percent堆内存占比
第三列ram.percent内存使用占比
第四列cpucpu使用率
第五列load_1m1分钟内平均load情况ms
第六列load_5m5分钟内平均load情况ms
第七列load_15m15分钟内平均load情况ms
第八列node.role节点权限
第九列master是否master节点*为master节点
第十列name节点名称2
查看所有索引信息
[rootnode1 x-pack]# curl -k -XGET https://192.168.123.11:19200/_cat/indices -uelastic
Enter host password for user elastic:
green open .watcher-history-7-2023.12.09 _WVuCnwrSlGtYaLbSAfbLg 1 1 549 0 1.5mb 808.3kb
green open .watcher-history-7-2023.12.10 zcAH_IgISayByx6-K4ueGQ 1 1 3989 0 11.3mb 5.6mb
green open .monitoring-alerts-6 Pm5Cw8UkQAamSkvOxccFow 1 1 7 0 84.1kb 42kb
green open .triggered_watches -XApiGASS1a_jDOQMmthaA 1 1 0 0 146.5kb 73.2kb
green open .monitoring-es-6-2023.12.09 4GLFZLlsRH6nj4ZKIUsxvw 1 1 7439 28 9mb 4.5mb
green open .monitoring-es-6-2023.12.10 h1y4V6UMQFGecE78sfBqIA 1 1 58643 31012 81.1mb 40.5mb
green open my_index ApVYPzGuQS60iOFF_ur6nA 5 1 2 0 17.9kb 8.9kb
green open .watcher-history-7-2023.12.12 XZkWSqt1Txm-vpSCYWMlNg 1 1 585 0 2mb 1mb
green open .security-6 VMkr4AP3TbOI1fVJCF9ZJQ 1 3 3 0 39.4kb 9.8kb
green open .watches S9Gd2ZUuTtazqQpN45sx9Q 1 1 6 0 469.1kb 58.7kb
green open .monitoring-es-6-2023.12.12 HkMeJ9DAQSue1nZJrRMtYg 1 1 10765 32 16.5mb 8.2mbhealth 索引的健康状态
status 索引的开启状态
index 索引名字
uuid 索引的uuid
pri 索引的主分片数量
rep 索引的复制分片数量
docs.count 索引下的文档总数
docs.deleted 索引下删除状态的文档数
store.size 主分片复制分片的大小
pri.store.size 主分片的大小3
查看节点的健康状态
[rootnode1 x-pack]# curl -k -XGET https://192.168.123.11:19200/_cat/health -uelastic
Enter host password for user elastic:
1702398729 00:32:09 myes green 4 4 32 15 0 0 0 0 - 100.0%epoch 自标准时间1970-01-01 00:00:00以来的秒数
timestamp 时间
cluster 集群名称
status 集群状态
node.total 节点总数
node.data 数据节点总数
shards 分片总数
pri 主分片总数
repo 复制节点的数量
init 初始化节点的数量
unassign 未分配分片的数量
pending_tasks 待定任务数
max_task_wait_time 等待最长任务的等待时间
active_shards_percent 活动分片百分比这里集群状态为绿色green表示健康黄色yellow表示集群有问题需要介入排查问题红色red表示集群不求行了需要深度介入要不就是摆烂一拍两散。
全部主分片为active状态则为绿色active的判断标准是分片为started或relocating状态
备注当source节点的分片处于relocating那么target节点的同个分片处于INITIALIZING。INITIALIZING状态可能是节点从其他节点恢复relocating、replica copy、snapshot恢复或者从本地恢复
简单的说
绿色索引的所有分片都正常分配。
黄色至少有一个副本没有得到正确的分配。
红色至少有一个主分片没有得到正确的分配。
3.
查看集群所有的索引的状态
[rootnode1 x-pack]# curl -k -XGET https://192.168.123.11:19200/_cluster/health?levelindices -uelastic
Enter host password for user elastic:
{cluster_name:myes,status:green,timed_out:false,number_of_nodes:4,number_of_data_nodes:4,active_primary_shards:15,active_shards:32,relocating_shards:0,initializing_shards:0,unassigned_shards:0,delayed_unassigned_shards:0,number_of_pending_tasks:0,number_of_in_flight_fetch:0,task_max_waiting_in_queue_millis:0,active_shards_percent_as_number:100.0,indices:{.monitoring-es-6-2023.12.10:{status:green,number_of_shards:1,number_of_replicas:1,active_primary_shards:1,active_shards:2,relocating_shards:0,initializing_shards:0,unassigned_shards:0},.watcher-history-7-2023.12.09:{status:green,number_of_shards:1,number_of_replicas:1,active_primary_shards:1,active_shards:2,relocating_shards:0,initializing_shards:0,unassigned_shards:0},.triggered_watches:{status:green,number_of_shards:1,number_of_replicas:1,active_primary_shards:1,active_shards:2,relocating_shards:0,initializing_shards:0,unassigned_shards:0},.monitoring-es-6-2023.12.12:{status:green,number_of_shards:1,number_of_replicas:1,active_primary_shards:1,active_shards:2,relocating_shards:0,initializing_shards:0,unassigned_shards:0},.monitoring-alerts-6:{status:green,number_of_shards:1,number_of_replicas:1,active_primary_shards:1,active_shards:2,relocating_shards:0,initializing_shards:0,unassigned_shards:0},my_index:{status:green,number_of_shards:5,number_of_replicas:1,active_primary_shards:5,active_shards:10,relocating_shards:0,initializing_shards:0,unassigned_shards:0},.watcher-history-7-2023.12.12:{status:green,number_of_shards:1,number_of_replicas:1,active_primary_shards:1,active_shards:2,relocating_shards:0,initializing_shards:0,unassigned_shards:0},.monitoring-es-6-2023.12.09:{status:green,number_of_shards:1,number_of_replicas:1,active_primary_shards:1,active_shards:2,relocating_shards:0,initializing_shards:0,unassigned_shards:0},.watcher-history-7-2023.12.10:{status:green,number_of_shards:1,number_of_replicas:1,active_primary_shards:1,active_shards:2,relocating_shards:0,initializing_shards:0,unassigned_shards:0},.watches:{status:green,number_of_shards:1,number_of_replicas:1,active_primary_shards:1,active_shards:2,relocating_shards:0,initializing_shards:0,unassigned_shards:0},.security-6:{status:green,number_of_shards:1,number_of_replicas:3,active_primary_shards:1,active_shards:4,relocating_shards:0,initializing_shards:0,unassigned_shards:0}}}
当然了我这个示例健康的很
4
在使用的插件信息
这个没什么好说的我现在就只用了x-pack插件
[rootnode1 x-pack]# curl -k -XGET https://192.168.123.11:19200/_cat/plugins -uelastic
Enter host password for user elastic:
node-4 x-pack-core 6.2.4
node-4 x-pack-deprecation 6.2.4
node-4 x-pack-graph 6.2.4
node-4 x-pack-logstash 6.2.4
node-4 x-pack-ml 6.2.4
node-4 x-pack-monitoring 6.2.4
node-4 x-pack-security 6.2.4
node-4 x-pack-upgrade 6.2.4
node-4 x-pack-watcher 6.2.4
node-3 x-pack-core 6.2.4
node-3 x-pack-deprecation 6.2.4
node-3 x-pack-graph 6.2.4
node-3 x-pack-logstash 6.2.4
node-3 x-pack-ml 6.2.4
node-3 x-pack-monitoring 6.2.4
node-3 x-pack-security 6.2.4
node-3 x-pack-upgrade 6.2.4
node-3 x-pack-watcher 6.2.4
node-2 x-pack-core 6.2.4
node-2 x-pack-deprecation 6.2.4
node-2 x-pack-graph 6.2.4
node-2 x-pack-logstash 6.2.4
node-2 x-pack-ml 6.2.4
node-2 x-pack-monitoring 6.2.4
node-2 x-pack-security 6.2.4
node-2 x-pack-upgrade 6.2.4
node-2 x-pack-watcher 6.2.4
node-1 x-pack-core 6.2.4
node-1 x-pack-deprecation 6.2.4
node-1 x-pack-graph 6.2.4
node-1 x-pack-logstash 6.2.4
node-1 x-pack-ml 6.2.4
node-1 x-pack-monitoring 6.2.4
node-1 x-pack-security 6.2.4
node-1 x-pack-upgrade 6.2.4
node-1 x-pack-watcher 6.2.45
通过api重置用户密码
这个比较有意思现在是启用了https那么https的时候怎么通过api重置呢
一开始报错如下 [rootnode1 ~]# curl -k -H Content-Type:application/json -XPOST -u elastic ‘https://192.168.123.11:19200/_xpack/security/user/elastic/_password‘ -d ‘{ password : 123456 }
Enter host password for user elastic:
curl: (1) Protocol ‘https not supported or disabled in libcurl
curl: (6) Could not resolve host: password; Unknown error
curl: (6) Could not resolve host: ; Unknown error
curl: (7) Failed to connect to 0.1.226.64: Invalid argument
curl: (3) [globbing] unmatched close brace/bracket at pos 1关键报错是Protocol ‘https not supported or disabled in libcurl根据百度信息说是curl命令可能不支持httpsOKcurl -V 命令可以查询到是支持https的-k参数也添加了
不支持https的curl版本是curl 7.19.4而我的版本是7.29.0
[rootnode1 ~]# curl -V
curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.36 zlib/1.2.7 libidn/1.28 libssh2/1.4.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz unix-sockets OK暂时无果后继续找寻解决办法有一个博文说了https也就是URL要使用双引号包裹报错的命令里是单引号那就试一试命令更改为如下
[rootnode1 ~]# curl -k -H Content-Type:application/json -XPOST -u elastic https://192.168.123.11:19200/_xpack/security/user/elastic/_password -d { password : 123456 }
Enter host password for user elastic:
{}
完美重置密码
6
查看所有用户的信息
[rootnode1 ~]# curl -k -H Content-Type:application/json -XGET https://192.168.123.11:19200/_xpack/security/user -uelastic
Enter host password for user elastic:
{elastic:{username:elastic,roles:[superuser],full_name:null,email:null,metadata:{_reserved:true},enabled:true},kibana:{username:kibana,roles:[kibana_system],full_name:null,email:null,metadata:{_reserved:true},enabled:true},logstash_system:{username:logstash_system,roles:[logstash_system],full_name:null,email:null,metadata:{_reserved:true},enabled:true}}
