ElasticSearch常用配置（内置账号密码修改、自定义角色自定义账号，日志定期删除等)...-优快云博客

本文详细介绍了ElasticSearch的内置账号管理，包括自定义账号、角色创建、密码修改，以及如何配置LDAP和AD域认证。此外，还讨论了ES数据的定期删除策略和常见错误解决方法。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

自定义内置账号

账户elastic为elasticsearch超级管理员，拥有所有权限
账户kibana用于kibana组件获取相关信息用于web展示
账户logstash_system用于logstash服务获取elasticsearch的监控数据
注意：此步骤需先启动elasticsearch服务

[elasticsearch@elasticsearch elasticsearch-6.0.0]$ ./bin/x-pack/setup-passwords interactive
Initiating the setup of reserved user elastic,kibana,logstash_system passwords.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y

Enter password for [elastic]: 
Reenter password for [elastic]: 
Enter password for [kibana]: 
Reenter password for [kibana]: 
Enter password for [logstash_system]: 
Reenter password for [logstash_system]: 
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [elastic]
[elasticsearch@elasticsearch elasticsearch-6.0.0]$

验证内置账户访问

若不提供用户名密码则返回401

[elasticsearch@elasticsearch elasticsearch-6.0.0]$ curl 'http://10.59.30.96:9200/_cat/indices?pretty'
{
  "error" : {
    "root_cause" : [
      {
        "type" : "security_exception",
        "reason" : "missing authentication token for REST request [/_cat/indices?pretty]",
        "header" : {
          "WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
        }
      }
    ],
    "type" : "security_exception",
    "reason" : "missing authentication token for REST request [/_cat/indices?pretty]",
    "header" : {
      "WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
    }
  },
  "status" : 401
}

提供相应用户信息后可访问，若用户权限不足则返回403

使用logstash_system用户访问

[elasticsearch@elasticsearch elasticsearch-6.0.0]$ curl 'http://10.59.30.96:9200/_cat/indices?pretty' -u logstash_system:logstash_system
{
  "error" : {
    "root_cause" : [
      {
        "type" : "security_exception",
        "reason" : "action [indices:monitor/stats] is unauthorized for user [logstash_system]"
      }
    ],
    "type" : "security_exception",
    "reason" : "action [indices:monitor/stats] is unauthorized for user [logstash_system]"
  },
  "status" : 403
}
[elasticsearch@elasticsearch elasticsearch-6.0.0]$

使用kibana用户访问

[elasticsearch@elasticsearch elasticsearch-6.0.0]$ curl 'http://10.59.30.96:9200/_cat/indices?pretty' -u kibana:kibana
yellow open .monitoring-es-6-2018.01.10   nND6-i_rR5iLEYVccBGj8w 1 1    
yellow open .triggered_watches            BtygGZisSDqiL3Y2TaQGqQ 1 1    
green  open .security-6                   QVRL1mcFSAilryHGEhen7Q 1 0    
yellow open .watcher-history-6-2018.01.10 SBGiHDAnTPiXFoHU65VY_g 1 1    
yellow open .watches                      kMzN4j5cQySZQQSDVPww8w 1 1    
yellow open .monitoring-alerts-6          VygY6VN9R3S0PR_jrGy50Q 1 1    
[elasticsearch@elasticsearch elasticsearch-6.0.0]$