【ElasticSearch】ES 7 用户名密码设置

一、开启密码验证

1、修改elasticsearch.yml文件，重启ES

#允许head插件等访问的相关设置
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
http.cors.allow-credentials: true
#是否启用es的安全设置，启用安全设置后es各节点、客户端的传输都会加密，并需要账号密码
xpack.security.enabled: true
#此项不可更改，当启用安全设置后，此项必须为true
xpack.security.transport.ssl.enabled: true

2、设置默认用户密码

./bin/elasticsearch-setup-passwords interactive
[elsearch@HN-82 bin]$ ./elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]: 
Enter password for [elastic]: 
Reenter password for [elastic]: 
Enter password for [apm_system]: 
Reenter password for [apm_system]: 
Enter password for [kibana]: 
Reenter password for [kibana]: 
Enter password for [logstash_system]: 
Reenter password for [logstash_system]: 
Enter password for [beats_system]: 
Reenter password for [beats_system]: 
Enter password for [remote_monitoring_user]: 
Reenter password for [remote_monitoring_user]: 
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

注意：postman请求时，选择【Authorization】->【Basic Auth】，添加ES的用户名密码后，就能访问设置用户名密码的ES了。

二、添加新用户以及修改密码

Request edit

POST /_security/user/<username>
PUT /_security/user/<username>

{
  "password" : "1234",
  "roles" : [ "superuser" ],
  "full_name" : "elastic-test",
  "Metadata" : {
    "intelligence":7
  }
}

Requestedit

POST /_security/user/_password
POST /_security/user/<username>/_password

POST /_security/user/elastic-test/_password
{
  "password" : "43221"
}

三、忘记密码如何重置

1、修改elasticsearch.yml文件，重启ES

#是否启用es的安全设置，启用安全设置后es各节点、客户端的传输都会加密，并需要账号密码
xpack.security.enabled: false

2、删除 ES中.security-*的索引

curl -XDELETE localhost:9001/.security-6
{"ackNowledged":true}

3、参考设置密码[一、开启密码验证]

版权声明：本文内容由互联网用户自发贡献，该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 [email protected] 举报，一经查实，本站将立刻删除。