[英]Elasticsearch Shield Plugin - Users can not be authenticated, even users with Admin Privileges
I'm having an issue with the Shield plugin for Elasticsearch.我在使用 Elasticsearch 的 Shield 插件时遇到问题。 I have installed elasticsearch so that it runs as a service, and I can see that it is running on port 9200.
我已经安装了 elasticsearch 以便它作为服务运行,我可以看到它在端口 9200 上运行。
If I enter curl http://localhost:9200
in my Mac terminal I get the correct elasticsearch output...如果我在 Mac 终端中输入
curl http://localhost:9200
,我会得到正确的 elasticsearch 输出...
Recently I have been trying to upgrade from basic authentication to shield authentication.最近我一直在尝试从基本认证升级到屏蔽认证。 I installed shield and license using the following commands:
我使用以下命令安装了 shield 和 license:
/usr/share/elasticsearch/bin/plugin install license/latest
/usr/share/elasticsearch/bin/plugin install shield/latest
This successfull installs shield and license plugins.这成功安装了屏蔽和许可证插件。 They are contained within my /usr/share/elasticsearch/plugins directory on my Vagrant box.
它们包含在我的 Vagrant 盒子上的 /usr/share/elasticsearch/plugins 目录中。
So, now if I try to use curl -XGET http://localhost:9200
again, I get the following response:所以,现在如果我再次尝试使用
curl -XGET http://localhost:9200
,我会得到以下响应:
{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication token for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\\"shield\\""}}],"type":"security_exception","reason":"missing authentication token for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\\"shield\\""}},"status":401}
{"error":{"root_cause":[{"type":"security_exception","reason":"缺少 REST 请求的身份验证令牌 [/]","header":{"WWW-Authenticate":"基本领域=\\"shield\\""}}],"type":"security_exception","reason":"缺少 REST 请求的身份验证令牌 [/]","header":{"WWW-Authenticate":"Basic realm= \\"屏蔽\\""}},"状态":401}
This is good.这很好。 I can not reach elasticsearch without proper authentication.
如果没有适当的身份验证,我将无法访问 elasticsearch。 So now I want to create a user to authenticate to elasticsearch.
所以现在我想创建一个用户来对elasticsearch进行身份验证。 I use the command:
我使用命令:
sudo ./esusers useradd testuser -p password -r admin
This creates a user 'testuser' with password 'password' with admin privileges.这将创建一个用户 'testuser',密码为 'password' 并具有管理员权限。
I can verify that this user has been created using the following command:我可以使用以下命令验证此用户是否已创建:
sudo ./esusers list
This returns:这将返回:
testuser : admin
测试用户:管理员
So I now try to run the curl command again with this user:所以我现在尝试与这个用户再次运行 curl 命令:
curl -u testuser:password -XGET http://localhost:9200
But I get the same error message as before when I tried without the admin user.但是当我在没有管理员用户的情况下尝试时,我收到了与以前相同的错误消息。
What is the issue here?这里有什么问题? Why is my admin user not authenticating?
为什么我的管理员用户没有通过身份验证?
You said that your verified the user is created using sudo ./esusers list
but still the curl command fails.您说您已验证用户是使用
sudo ./esusers list
创建的,但 curl 命令仍然失败。 Chances are that you are using custom directory for elasticsearch even though the home dir is /usr/share/elasticsearch
.即使主目录是
/usr/share/elasticsearch
,您也可能正在使用自定义目录进行/usr/share/elasticsearch
。 And due to this, the esusers
creates the users in /etc/elasticsearch/shield/
directory but they need to be copied to the custom dir, in case you are using one.因此,
esusers
在/etc/elasticsearch/shield/
esusers
/etc/elasticsearch/shield/
目录中创建用户,但如果您正在使用,则需要将它们复制到自定义目录中。
I know you've solved this differently but I'm answering this in the hope that it helps someone else in future.我知道您已经以不同的方式解决了这个问题,但我正在回答这个问题,希望它将来可以帮助其他人。 Can you confirm regarding the custom dir?
你能确认一下自定义目录吗? For eg in my case, the custom dir was
/data/elasticsearch
and the home dir was /usr/share/elasticsearch
例如,在我的情况下,自定义目录是
/data/elasticsearch
而主目录是/usr/share/elasticsearch
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.