본문 바로가기
ELK Stack

[Elasticsearch] Elasticsearch x-pack 설정 security Authentication 인증 및 로그인 설정 (Ubuntu Linux 18.04 Elasticsearch 7.9.1)

by 임채훈 2020. 10. 13.

Elasticsearch x-pack security 인증(Authentication) 및 로그인 기능 설정하기 (무료)

Kibana Elasticsearch 인증 설정도 포함

 

Step

  1. 설정파일 수정 (elasticsearch.yml)
  2. 기본계정 비밀번호 재설정
  3. 확인
  4. Kibana↔Elasticsearch 간의 연동에 인증정보 추가
  5. Kibana 재시작 후 확인

 

1. 설정파일 수정 (elasticsearch.yml

  • /usr/local/elasticsearch/config/elasticsearch.yml
xpack.security:
  enabled: true
  transport:
    ssl:
      enabled: true
  • Elasticsearch 재기동
systemctl restart elasticsearch

xpack.security 옵션을 활성화 해주면서 xpack.security.transport.ssl 옵션도 활성화 필요

 

2. 기본계정 비밀번호 재설정

  • 홈 디렉토리 이동
cd /usr/local/elasticsearch
  • 실행파일 목록 중 기본 제공되는 파일인 elasticsearch-setup-passwords 실행 (interactive)
./bin/elasticsearch-setup-passwords interactive
future versions of Elasticsearch will require Java 11; your Java version from [/usr/local/java/jdk/jre] does not meet this requirement
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N] y

Enter password for [elastic]: 
Reenter password for [elastic]: 
Enter password for [apm_system]: 
Reenter password for [apm_system]: 
Enter password for [kibana_system]: 
Reenter password for [kibana_system]: 
Enter password for [logstash_system]: 
Reenter password for [logstash_system]: 
Enter password for [beats_system]: 
Reenter password for [beats_system]: 
Enter password for [remote_monitoring_user]: 
Reenter password for [remote_monitoring_user]: 
Changed password for user [apm_system]
Changed password for user [kibana_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

Elasticsearch Documentation에 [ elastic ] 계정의 초기 비밀번호가 changeme라고 안내되어있는데 난 해당 정보로 인증이 실패했었음 ..

 

3. 확인

  • 인증정보 없이 Elasticsearch 요청
curl 192.168.0.10:9200?pretty

{
  "error" : {
    "root_cause" : [
      {
        "type" : "security_exception",
        "reason" : "missing authentication credentials for REST request [/?pretty]",
        "header" : {
          "WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
        }
      }
    ],
    "type" : "security_exception",
    "reason" : "missing authentication credentials for REST request [/?pretty]",
    "header" : {
      "WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
    }
  },
  "status" : 401
}

위와 같이 missing authentication credentials for REST request 메세지와 함께 security_exception이 발생한다.

 

  • 인증정보 포함하여 Elasticsearch 요청
curl --user elastic 192.168.0.10:9200

Enter host password for user 'elastic':
{
  "name" : "node_master",
  "cluster_name" : "Cluster1",
  "cluster_uuid" : "afHTbFj6RtOiKitScsaXXg",
  "version" : {
    "number" : "7.9.1",
    "build_flavor" : "default",
    "build_type" : "tar",
    "build_hash" : "083627f112ba94dffc1232e8b42b73492789ef91",
    "build_date" : "2020-09-01T21:22:21.964974Z",
    "build_snapshot" : false,
    "lucene_version" : "8.6.2",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

성공적으로 Elasticsearch Root 요청이 이루어진다.

 

4. Kibana↔Elasticsearch 간의 연동에 인증정보 추가

  • /usr/local/kibana/config/kibana.yml
elasticsearch:
  hosts: [ "http://192.168.0.10:9200" ]
  username: "elastic"
  password: "elastic"

Kibana 설정파일에 Elasticsearch 인증정보를 설정해주면 된다.

 

5. Kibana 재기동 후 확인

systemctl restart kibana
  • Kibana 접속

Kibana를 접속했을때 위와 같이 로그인 창이 나타난다.

댓글6