elasticsearch - 如何在 ElasticSearch 5.3 中启用匿名访问

Question

我刚刚下载了 ElasticSearch、LogStash 和 Kibana 5.3 版(直到几个小时前我还在使用 5.2.something)。我在每个 ELK 中都安装了 XPack。之后我不能再使用logstash了。

日志存储错误:

./logstash -f/log_to_elastic53.conf

...
    [2017-04-06T19:25:55,704][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>#<URI::HTTP:0x3c6582db URL:http://127.0.0.1:9200/>, :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :error=>"Got response code '401' contacting Elasticsearch at URL 'http://127.0.0.1:9200/'"}

我的 log_to_elastic53.conf

input { stdin { } }
output {
  elasticsearch { hosts => ["127.0.0.1:9200"] }
  stdout { codec => rubydebug }
}

我设置 ElasticSearch 以这种方式接受匿名调用:

来源思路:https://www.elastic.co/guide/en/x-pack/current/anonymous-access.html

Elasticsearch .yml

xpack.security.authc:
  anonymous:
    username: anonymous_user 
    roles: role1, role2 
    authz_exception: false

附言我在 authz_exception 中尝试了 false/true

有趣的是 Kibana 也提示一些权限，但我想知道它是否与 Debian 相关而不是 ELK:无法提取 phantom.js 文件

./kibana

undefined accessed the autoload lists which are no longer available via the Plugin API.Use the `ui/autoload/*` modules instead.
undefined accessed the autoload lists which are no longer available via the Plugin API.Use the `ui/autoload/*` modules instead.
  log   [22:24:55.244] [warning] Plugin "Sense" was disabled because it expected Kibana version "2.0.0-snapshot", and found "5.3.0".
  log   [22:24:55.499] [info][status][plugin:kibana@5.3.0] Status changed from uninitialized to green - Ready
  log   [22:24:55.568] [info][status][plugin:elasticsearch@5.3.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch
  log   [22:24:55.575] [info][status][plugin:xpack_main@5.3.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch
  log   [22:24:55.739] [info][status][plugin:graph@5.3.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch
  log   [22:24:55.747] [info][status][plugin:monitoring@5.3.0] Status changed from uninitialized to green - Ready
  log   [22:24:55.751] [warning][reporting] Generating a random key for xpack.reporting.encryptionKey. To prevent pending reports from failing on restart, please set xpack.reporting.encryptionKey in kibana.yml
  log   [22:24:55.756] [info][status][plugin:reporting@5.3.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch
  log   [22:24:55.958] [error][reporting] ExtractError: Failed to extract the phantom.js archive
    at Extract.<anonymous> (/home/demetrio/Servers/DBs/kibana-5.3.0-amd64/usr/share/kibana/plugins/x-pack/plugins/reporting/server/lib/extract/bunzip2.js:18:16)
    at emitOne (events.js:101:20)
    at Extract.emit (events.js:188:7)
    at Extract.destroy (/home/demetrio/Servers/DBs/kibana-5.3.0-amd64/usr/share/kibana/plugins/x-pack/node_modules/tar-stream/extract.js:191:17)
    at onunlock (/home/demetrio/Servers/DBs/kibana-5.3.0-amd64/usr/share/kibana/plugins/x-pack/node_modules/tar-stream/extract.js:69:26)
    at stat (/home/demetrio/Servers/DBs/kibana-5.3.0-amd64/usr/share/kibana/plugins/x-pack/node_modules/tar-fs/index.js:232:23)
    at /home/demetrio/Servers/DBs/kibana-5.3.0-amd64/usr/share/kibana/plugins/x-pack/node_modules/mkdirp/index.js:46:53
    at FSReqWrap.oncomplete (fs.js:123:15)
  log   [22:24:55.959] [error][reporting] Error: EACCES: permission denied, mkdir '/var/lib/kibana/phantomjs-2.1.1-linux-x86_64'
    at Error (native)
  log   [22:24:55.960] [error][status][plugin:reporting@5.3.0] Status changed from yellow to red - Insufficient permissions for extracting the phantom.js archive. Make sure the Kibana data directory (path.data) is owned by the same user that is running Kibana.
  log   [22:24:55.968] [info][status][plugin:security@5.3.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch
  log   [22:24:55.969] [warning][security] Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in kibana.yml
  log   [22:24:55.972] [warning][security] Session cookies will be transmitted over insecure connections. This is not recommended.
  log   [22:24:56.022] [info][status][plugin:searchprofiler@5.3.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch
  log   [22:24:56.033] [info][status][plugin:tilemap@5.3.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch
  log   [22:24:56.042] [info][status][plugin:console@5.3.0] Status changed from uninitialized to green - Ready
  log   [22:24:56.217] [info][status][plugin:elasticsearch@5.3.0] Status changed from yellow to green - Kibana index ready
  log   [22:24:56.219] [info][status][plugin:timelion@5.3.0] Status changed from uninitialized to green - Ready
  log   [22:24:56.223] [info][listening] Server running at http://localhost:5601
  log   [22:24:56.225] [info][status][ui settings] Status changed from uninitialized to green - Ready
  log   [22:24:56.355] [info][license][xpack] Imported license information from Elasticsearch: mode: trial | status: active | expiry date: 2017-05-06T18:53:19-03:00
  log   [22:24:56.365] [info][status][plugin:monitoring@5.3.0] Status changed from green to yellow - Waiting for Monitoring Health Check
  log   [22:24:56.368] [info][status][plugin:xpack_main@5.3.0] Status changed from yellow to green - Ready
  log   [22:24:56.369] [info][status][plugin:graph@5.3.0] Status changed from yellow to green - Ready
  log   [22:24:56.370] [info][status][plugin:reporting@5.3.0] Status changed from red to green - Ready
  log   [22:24:56.371] [info][status][plugin:security@5.3.0] Status changed from yellow to green - Ready
  log   [22:24:56.371] [info][status][plugin:searchprofiler@5.3.0] Status changed from yellow to green - Ready
  log   [22:24:56.372] [info][status][plugin:tilemap@5.3.0] Status changed from yellow to green - Ready
  log   [22:24:58.357] [info][status][plugin:monitoring@5.3.0] Status changed from yellow to green - Ready

Answer 1

您可以关注 the official documentation，而不是允许具有高安全风险的匿名访问为 Logstash 配置角色和用户以连接 Elasticsearch。

Logstash needs to be able to manage index templates, create indices, and write and delete documents in the indices it creates.

To set up authentication credentials for Logstash:

1. Create a logstash_writer role that has the manage_index_templates cluster privilege, and the write, delete, and create_index privileges for the Logstash indices. You can create roles from the Management > Roles UI in Kibana or through the role API:

   POST _xpack/security/role/logstash_writer
   {
     "cluster": ["manage_index_templates", "monitor"],
     "indices": [
       {
         "names": [ "logstash-*" ], 
         "privileges": ["write","delete","create_index"]
       }
     ]
   }
   

2. Create a logstash_internal user and assign it the logstash_writer role. You can create users from the Management > Users UI in Kibana or through the user API:

   POST _xpack/security/user/logstash_internal
   {
     "password" : "changeme",
     "roles" : [ "logstash_writer"],
     "full_name" : "Internal Logstash User"
   }
   

3. Configure Logstash to authenticate as the logstash_internal user you just created. You configure credentials separately for each of the Elasticsearch plugins in your Logstash .conf file. For example:

   input {
       ...
       user => logstash_internal
       password => changeme
     }
   filter {
       ...
       user => logstash_internal
       password => changeme
     }
   output {
     elasticsearch {
       ...
       user => logstash_internal
       password => changeme
     }