修改Open Distro for Elasticsearc

Open Distro for Elasticsearch是AWS開源版本的ELK架構(gòu)，原來Elasticsearch中部分需要付費(fèi)的功能可以免費(fèi)使用（如Alert），對于我等追求開（mian）源（fei）的大（diao）眾（si）用戶來說，確實(shí)是一個不錯的選擇。

按照其安裝步驟安裝好后可以使用默認(rèn)密碼admin:admin登錄，但修改這個默認(rèn)密碼卻不容易，翻遍全網(wǎng)，匯總?cè)缦拢┯行枰耐瑢W(xué)參考：

第一步：生成新的Admin密碼Hash

#Create Hashes for Your admin

sudo chmod +x /usr/share/elasticsearch/plugins/opendistro_security/tools/hash.sh

/bin/bash -c /usr/share/elasticsearch/plugins/opendistro_security/tools/hash.sh

7-mDj5=

$2y$12$tOoM6Wz.elENbw23EZfqL.CSrd7giB/5yKQQ0YWq8ZSwfXJPBEq8m

第二步：將上一步生成的密碼Hash記錄下來，編輯internal_users.yml（編輯前請備份）

#Create a Local, Modified Copy of internal_users.yml, then replace with the new admin hash

cd /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/

sudo cp internal_users.yml internal_users.yml.backup

sudo vim internal_users.yml

第三步：執(zhí)行命令讓elasticsearch更新密碼

#to reflect the changes, run below commands,

#https://opendistro.github.io/for-elasticsearch-docs/docs/security-configuration/security-admin/

cd /usr/share/elasticsearch/plugins/opendistro_security/tools/

sudo bash ./securityadmin.sh -cd ../securityconfig/ -icl -nhnv -cacert /etc/elasticsearch/root-ca.pem -cert /etc/elasticsearch/kirk.pem -key /etc/elasticsearch/kirk-key.pem

以前三步完成就可以使用新的密碼登錄Kibana了，API調(diào)用也可以使用新密碼進(jìn)行認(rèn)證了，用原密碼再認(rèn)證會提示Unauthorized.

最后一步執(zhí)行成功后會輸出如下內(nèi)容

WARNING: JAVA_HOME not set, will use /usr/bin/java

Open Distro Security Admin v7

Will connect to localhost:9300 ... done

Connected as CN=kirk,OU=client,O=client,L=test,C=de

Elasticsearch Version: 7.3.2

Open Distro Security Version: 1.3.0.0

Contacting elasticsearch cluster 'elasticsearch' and wait for YELLOW clusterstate ...

Clustername: 8zcl5szk

Clusterstate: YELLOW

Number of nodes: 1

Number of data nodes: 1

.opendistro_security index already exists, so we do not need to create one.

Populate config from /usr/share/elasticsearch/plugins/opendistro_security/securityconfig

Will update '_doc/config' with ../securityconfig/config.yml

? ?SUCC: Configuration for 'config' created or updated

Will update '_doc/roles' with ../securityconfig/roles.yml

? ?SUCC: Configuration for 'roles' created or updated

Will update '_doc/rolesmapping' with ../securityconfig/roles_mapping.yml

? ?SUCC: Configuration for 'rolesmapping' created or updated

Will update '_doc/internalusers' with ../securityconfig/internal_users.yml

? ?SUCC: Configuration for 'internalusers' created or updated

Will update '_doc/actiongroups' with ../securityconfig/action_groups.yml

? ?SUCC: Configuration for 'actiongroups' created or updated

Will update '_doc/tenants' with ../securityconfig/tenants.yml

? ?SUCC: Configuration for 'tenants' created or updated

Done with success