安装 首先根据es版本来选择search-guard,当前环境为5.4.1,因此选择对应版本。其他5.x参考 https://docs.search-guard.com/v5/search-guard-versions
https://docs.search-guard.com/v5/search-guard-installation
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 [joy@es_a2_1_19 elasticsearch]$ bin/elasticsearch-plugin install -b com.floragunn:search-guard-5:5.4.1-15 -> Downloading com.floragunn:search-guard-5:5.4.1-15 from maven central [=================================================] 100% @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: plugin requires additional permissions @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ * java.io.FilePermission /proc/sys/net/core/somaxconn read * java.lang.RuntimePermission accessClassInPackage.sun.misc * java.lang.RuntimePermission accessClassInPackage.sun.nio.ch * java.lang.RuntimePermission accessClassInPackage.sun.security.x509 * java.lang.RuntimePermission accessDeclaredMembers * java.lang.RuntimePermission getClassLoader * java.lang.RuntimePermission loadLibrary.* * java.lang.RuntimePermission setContextClassLoader * java.lang.RuntimePermission shutdownHooks * java.lang.reflect.ReflectPermission suppressAccessChecks * java.security.SecurityPermission getProperty.ssl.KeyManagerFactory.algorithm * java.security.SecurityPermission setProperty.ocsp.enable * java.util.PropertyPermission com.sun.security.enableCRLDP write * java.util.PropertyPermission es.set.netty.runtime.available.processors write * java.util.PropertyPermission java.security.debug write * java.util.PropertyPermission java.security.krb5.conf write * java.util.PropertyPermission javax.security.auth.useSubjectCredsOnly write * java.util.PropertyPermission sun.nio.ch.bugLevel write * java.util.PropertyPermission sun.security.krb5.debug write * java.util.PropertyPermission sun.security.spnego.debug write * javax.security.auth.AuthPermission doAs * javax.security.auth.AuthPermission modifyPrivateCredentials * javax.security.auth.kerberos.ServicePermission * accept See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html for descriptions of what these permissions allow and the associated risks. -> Installed search-guard-5
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 [joy@es_a2_1_19 tools]$ sh install_demo_configuration.sh ## Search Guard Demo Installer ## Warning: Do not use on production or public reachable systems Continue? [y/N] y Elasticsearch install type: .tar.gz Elasticsearch config dir: /home/joy/elasticsearch/config Detected Elasticsearch Version: 5.4.1 Detected Search Guard Version: 5.4.1-15 ### Success ### Execute this script now on all your nodes and then start all nodes ### After the whole cluster is up execute: /home/joy/elasticsearch/plugins/search-guard-5/tools/sgadmin.sh -cd /home/joy/elasticsearch/plugins/search-guard-5/sgconfig -cn searchguard_demo -ks /home/joy/elasticsearch/config/kirk.jks -ts /home/joy/elasticsearch/config/truststore.jks -nhnv ### or run ./sgadmin_demo.sh ### Then open https://localhost:9200 an login with admin/admin ### (Just ignore the ssl certificate warning because we installed a self signed demo certificate)
elasticsearch.yml将会自动增加下列内容
1 2 3 4 5 6 7 8 9 10 11 12 13 ######## Start Search Guard Demo Configuration ######## searchguard.ssl.transport.keystore_filepath: keystore.jks searchguard.ssl.transport.truststore_filepath: truststore.jks searchguard.ssl.transport.enforce_hostname_verification: false searchguard.ssl.http.enabled: true searchguard.ssl.http.keystore_filepath: keystore.jks searchguard.ssl.http.truststore_filepath: truststore.jks searchguard.authcz.admin_dn: - CN=kirk,OU=client,O=client,L=test, C=de cluster.name: searchguard_demo network.host: 0.0.0.0 ######## End Search Guard Demo Configuration ########
但是最终还是失败了,以后再看
https://my.oschina.net/huangweibin/blog/820858 https://www.cnblogs.com/marility/p/9392645.html http://xiaoqiangge.com/aritcle/1536058241842.html https://blog.csdn.net/sinat_39562444/article/details/88235809
参考资料 https://github.com/floragunncom/search-guard