Elasticsearch 8.0.0 单机安装,设置安全权限账号跟密码
已安装成功
在elasticsearch.yml 中设置
xpack.security.enabled: false
设置用户名和密码
修改 elasticsearch.yml 中设置
xpack.security.enabled: true
启动报错
ERROR: [1] bootstrap checks failed. You must address the points described in the following [1] lines before starting Elasticsearch.
bootstrap check failure [1] of [1]: Transport SSL must be enabled if security is enabled. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]
ERROR: Elasticsearch did not exit normally - check the logs at /usr/local/elasticsearch/logs/elasticsearch.log
修改 elasticsearch.yml 中设置
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
启动报错
org.elasticsearch.ElasticsearchSecurityException: invalid SSL configuration for xpack.security.transport.ssl - server ssl configuration requires a key and certificate, but these have not been configured; you must set either [xpack.security.transport.ssl.keystore.path], or both [xpack.security.transport.ssl.key] and [xpack.security.transport.ssl.certificate]
继续配置证书,在创建这两个文件的时候,提示需要输入密码(我输入的):123456
生成elastic-stack-ca.p12文件
./bin/elasticsearch-certutil ca
生成elastic-certificates.p12文件
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
修改 elasticsearch.yml 中设置
xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /usr/local/elasticsearch/config/elastic-certificates.p12
xpack.security.http.ssl.truststore.path: /usr/local/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/local/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/local/elasticsearch/config/elastic-certificates.p12
启动报错,提示我没有获取到密码或密码不正确
org.elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl] - cannot read configured [PKCS12] keystore (as a truststore) [/usr/local/elasticsearch/config/elastic-certificates.p12] - this is usually caused by an incorrect password; (no password was provided)
Likely root cause: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
在网上百度了,看了一些文章后,在 elasticsearch.yml 中添加了以下设置
xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.type: PKCS12
xpack.security.http.ssl.keystore.password: 123456
xpack.security.http.ssl.keystore.path: /usr/local/elasticsearch/config/elastic-certificates.p12
xpack.security.http.ssl.truststore.path: /usr/local/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.type: PKCS12
xpack.security.transport.ssl.keystore.password: 123456
xpack.security.transport.ssl.keystore.path: /usr/local/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.type: PKCS12
xpack.security.transport.ssl.truststore.password: 123456
xpack.security.transport.ssl.truststore.path: /usr/local/elasticsearch/config/elastic-certificates.p12
启动还是报错
org.elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.http.ssl] - cannot read configured [PKCS12] keystore (as a truststore) [/usr/local/elasticsearch/config/elastic-certificates.p12] - this is usually caused by an incorrect password; (no password was provided)
Likely root cause: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption
我想要达到的结果
elasticsearch 8.0.0 能安装成功,设置用户名和密码成功,并能访问
试试这个
8.0最大的改变就是零配,默认装载安全模块,你根本不需要而外去配置,给你个官方的参考
我用#CSDN#这个app发现了有技术含量的博客,小伙伴们求同去《Elastic:使用 Docker 安装 Elastic Stack 8.0 并开始使用》, 一起来围观吧 https://blog.csdn.net/UbuntuTouch/article/details/122936411?utm_source=app&app_version=5.0.1&code=app_1562916241&uLinkId=usr1mkqgl919blen
1、通过 ./bin/elasticsearch-setup-passwords interactive方式设置es密码;
2、Linux之Elasticsearch和kibana用户验证请参照博文:
https://blog.csdn.net/carefree2005/article/details/119869273
题主参考下https://blog.csdn.net/weixin_30896825/article/details/96490912
楼上的回答解决了问题了麽
由于es官方不建议root用户启动,需要创建esroot用户,在esroot用户下启动,可以看看我的博客http://t.csdn.cn/7GI59
那个证书,你可以不设置密码来试一下,你设置了密码,是需要再另外配置东西的。
弄SSL是要弄证书相关的,我以前参考的文章是这个:
https://blog.csdn.net/qq330983778/article/details/103537252
https://blog.csdn.net/wzh8108/article/details/105202077
https://blog.csdn.net/qq_27639777/article/details/98470844
我就是参考这3篇文章搞掂的,
我看你报错,说没提供可用的密码,所以,你尝试和我一样,证书哪里使用空密码来,你配置了密码要增加其他配置
检查生成密钥的属主属组权限是否是es账户
es配置文件中填写密钥绝对路径
定位在生成KEY的方法上,加解密都要改,例子:
替换kgen.init(128, new SecureRandom(password.getBytes()));
public static byte[] encrypt(String content, String password) {
try {
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
//替换开始
SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
secureRandom.setSeed(password.getBytes());
keyGenerator.init(128, secureRandom);
//替换结束
// kgen.init(128, new SecureRandom(password.getBytes()));
SecretKey secretKey = keyGenerator.generateKey();
byte[] enCodeFormat = secretKey.getEncoded();
SecretKeySpec key = new SecretKeySpec(enCodeFormat, "AES");
Cipher cipher = Cipher.getInstance("AES");// 创建密码器
byte[] byteContent = content.getBytes("utf-8");
cipher.init(Cipher.ENCRYPT_MODE, key);// 初始化
byte[] result = cipher.doFinal(byteContent);
return result;
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
我记得官网中有解决这个问题的办法。