elasticsearch|大数据|elasticsearch的api部分实战操作以及用户和密码的管理

这篇具有很好参考价值的文章主要介绍了elasticsearch|大数据|elasticsearch的api部分实战操作以及用户和密码的管理。希望对大家有所帮助。如果存在错误或未考虑完全的地方,请大家不吝赐教,您也可以点击"举报违法"按钮提交疑问。

一,

前言

本文主要内容是通过elasticsearch的api来进行一些集群的管理和信息查询工作,以及elasticsearch用户的增删改查和密码的重设以及重置如何操作

接上文:elasticsearch|大数据|elasticsearch低版本集群的部署安装和安全增强---密码设置问题-CSDN博客

上文主要介绍了elasticsearch低版本集群的部署和密码的设定,这些是大大的提高了集群的安全性,但关于security(安全性)只是稍微提及,本文将要更加的深入的介绍这些安全措施,其次是部署完集群仅仅是第一步,如何正确的使用,高效的使用集群才是最终的目的,本文也将从这些方面做一个简单的论述。

二,

elasticsearch的安全插件----xpack

该插件主要是两个功能,第一个是通过config文件夹下的elasticsearch-keystone文件加密api,使得在使用api的时候必须要先检验预设的用户和密码

其次是ssl加密,通过certgen这个工具生成自签的ca证书(高版本的es这个工具可能改名),以提高elasticsearch的网络安全

在主配置文件中,有以下三个选项,这三个选项是这两个功能的开关:

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: false
xpack.security.http.ssl.ssl.enabled: false

上文讲了密码校验的开启,ssl如何开启没有说,本文就把这个补充上吧

xpack.security.transport.ssl.enabled: false 这个选项应该是集群间ssl自签证书验证,防止恶意的增添节点

xpack.security.http.ssl.ssl.enabled: false 这个选项应该是使用自签证书,外部访问集群的时候需要证书验证,通俗的说就是https

那么,先开启xpack.security.transport.ssl.enabled,具体步骤如下:

1,在master节点生成ca证书(这个证书带密码,也可以不带密码,我这里用了密码,随意设置一个记得住的就可以了)# 生成elastic-stack-ca.p12文件

[root@node1 es]# ./bin/x-pack/certutil ca
This tool assists you in the generation of X.509 certificates and certificate
signing requests for use with SSL/TLS in the Elastic stack.

The 'ca' mode generates a new 'certificate authority'
This will create a new X.509 certificate and private key that can be used
to sign certificate when running in 'cert' mode.

Use the 'ca-dn' option if you wish to configure the 'distinguished name'
of the certificate authority

By default the 'ca' mode produces a single PKCS#12 output file which holds:
    * The CA certificate
    * The CA's private key

If you elect to generate PEM format certificates (the -pem option), then the output will
be a zip file containing individual files for the CA certificate and private key

Please enter the desired output file [elastic-stack-ca.p12]: 
Enter password for elastic-stack-ca.p12 : 

2,生成elastic-certificates.p12这个文件,在其它节点生成同样的文件,命令稍微修改一下#### 生成elastic-certificates.p12文件,供elasticsearch使用(只在master节点生成,然后拷贝到其它节点即可,scp命令或者什么其它的方式都可以,不得在其它节点自己生成):

[root@node1 es]# ./bin/x-pack/certutil cert --ca elastic-stack-ca.p12
This tool assists you in the generation of X.509 certificates and certificate
signing requests for use with SSL/TLS in the Elastic stack.

The 'cert' mode generates X.509 certificate and private keys.
    * By default, this generates a single certificate and key for use
       on a single instance.
    * The '-multiple' option will prompt you to enter details for multiple
       instances and will generate a certificate and key for each one
    * The '-in' option allows for the certificate generation to be automated by describing
       the details of each instance in a YAML file

    * An instance is any piece of the Elastic Stack that requires a SSL certificate.
      Depending on your configuration, Elasticsearch, Logstash, Kibana, and Beats
      may all require a certificate and private key.
    * The minimum required value for each instance is a name. This can simply be the
      hostname, which will be used as the Common Name of the certificate. A full
      distinguished name may also be used.
    * A filename value may be required for each instance. This is necessary when the
      name would result in an invalid file or directory name. The name provided here
      is used as the directory name (within the zip) and the prefix for the key and
      certificate files. The filename is required if you are prompted and the name
      is not displayed in the prompt.
    * IP addresses and DNS names are optional. Multiple values can be specified as a
      comma separated string. If no IP addresses or DNS names are provided, you may
      disable hostname verification in your SSL configuration.

    * All certificates generated by this tool will be signed by a certificate authority (CA).
    * The tool can automatically generate a new CA for you, or you can provide your own with the
         -ca or -ca-cert command line options.

By default the 'cert' mode produces a single PKCS#12 output file which holds:
    * The instance certificate
    * The private key for the instance certificate
    * The CA certificate

If you elect to generate PEM format certificates (the -pem option), then the output will
be a zip file containing individual files for the instance certificate, the key and the CA certificate

If you elect to generate multiple instances certificates, the output will be a zip file
containing all the generated certificates

Enter password for CA (elastic-stack-ca.p12) : 
Please enter the desired output file [elastic-certificates.p12]: 
Enter password for elastic-certificates.p12 : 

Certificates written to /data/es/elastic-certificates.p12

This file should be properly secured as it contains the private key for 
your instance.

This file is a self contained file and can be copied and used 'as is'
For each Elastic product that you wish to configure, you should copy
this '.p12' file to the relevant configuration directory
and then follow the SSL configuration instructions in the product guide.

For client applications, you may only need to copy the CA certificate and
configure the client to trust this certificate.

3,如果该证书设置了证书,那么需要节点认证通过,否则会报没有权限读取(每个节点都执行):

./bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
./bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password

4,为了防止elasticsearch因为权限问题启动失败,再次递归赋属组:

chown -Rf es. /data/es

5,elasticsearch主配置文件的修改

在主配置文件末尾添加如下内容:

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-methods : OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers : X-Requested-With,X-Auth-Token,Content-Type,Content-Length
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /data/es/config/cert/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /data/es/config/cert/elastic-certificates.p12

6,在补充说明一下:

因为elasticsearch集群是使用的发现机制,因此,master在扫描到同网段其它的服务器的9300-9305端口的时候,就会将其自动加入集群,而如果没有任何验证的加入节点是非常危险的,因此,证书的密码建议是最好设置,恶意节点将会因为没有证书文件并通过节点认证而无法随意加入集群,这样,我们的集群将会比较的安全。

verification_mode 控制服务器证书的验证。有效值为:

  • # full 验证提供的证书是否由可信机构 (CA) 签名,并验证服务器的主机名(或 IP 地址)是否与证书中标识的名称相匹配。
  • # strict 验证提供的证书是否由可信机构 (CA) 签名,并验证服务器的主机名(或 IP 地址)是否与证书中标识的名称相匹配。如果 Subject Alternative Name 为空,则返回错误。
  • # certificate 验证提供的证书是否由可信机构 (CA) 签名,但不执行任何主机名验证。
  • # none 不执行服务器证书的验证。此模式会禁用 SSL/TLS 的许多安全优势,应仅在谨慎考虑后使用。它主要用作尝试解决 TLS 错误时的临时诊断机制;强烈建议不要在生产环境中使用它。

keystore:存放公钥,私钥,数字签名等信息
truststore:存放信任的证书
keystore和truststore都存放key,不同的地方是truststore只存放公钥的数字证书,代表了可以信任的证书,keystore存放私钥相关.

三,

elasticsearch利用x-pack开启https

得先说明,https是可以使用自签证书的,虽然实际意义不大,那在elasticsearch里自然也是可以使用自签证书的了,在elasticsearch里主要是通过certutil这个工具生成的,该工具主要是自动化,使用简单。

集群主机名信息:

[root@node4 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

# kubekey hosts BEGIN
192.168.123.14  node4.cluster.local node4 node-4
192.168.123.11  node1.cluster.local node1 node-1
192.168.123.12  node2.cluster.local node2 node-2
192.168.123.13  node3.cluster.local node3 node-3
127.0.0.1 lb.kubesphere.local
# kubekey hosts END

根据以上信息,编写证书信息文件(主机名和IP地址一一对应哦):

[root@node4 ~]# cat instances.yml 
instances:
  - name: "node-1"
    dns: ['192.168.123.11']
  - name: "node-2"
    dns: ['192.168.123.12']
  - name: "node-3"
    dns: ['192.168.123.13']    
  - name: 'node-4'
    dns: ['192.168.123.14']

执行以下命令生成证书包:

###注:生成的证书格式是pem的,可以直接使用,无需任何转换(哪个服务器都可以,随便找个服务器就可以了)

/data/es/bin/x-pack/certutil cert ca --pem --in instances.yml --out /root/certs.zip

解压上面在root根目录下生成的证书包:

replace ca/ca.crt? [y]es, [n]o, [A]ll, [N]one, [r]ename: A
  inflating: ca/ca.crt               
  inflating: node-1/node-1.crt       
  inflating: node-1/node-1.key       
  inflating: node-2/node-2.crt       
  inflating: node-2/node-2.key       
  inflating: node-3/node-3.crt       
  inflating: node-3/node-3.key       
  inflating: node-4/node-4.crt       
  inflating: node-4/node-4.key   

可以看到有5个文件夹,在elasticsearch的主配置文件末尾添加如下内容:

node-1服务器:

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /data/es/config/cert/node-1.key
xpack.security.http.ssl.certificate: /data/es/config/cert/node-1.crt
xpack.security.http.ssl.certificate_authorities: /data/es/config/cert/ca.crt

node-2服务器:

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /data/es/config/cert/node-2.key
xpack.security.http.ssl.certificate: /data/es/config/cert/node-2.crt
xpack.security.http.ssl.certificate_authorities: /data/es/config/cert/ca.crt

node-3服务器:

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /data/es/config/cert/node-3.key
xpack.security.http.ssl.certificate: /data/es/config/cert/node-3.crt
xpack.security.http.ssl.certificate_authorities: /data/es/config/cert/ca.crt

node-4服务器:

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /data/es/config/cert/node-4.key
xpack.security.http.ssl.certificate: /data/es/config/cert/node-4.crt
xpack.security.http.ssl.certificate_authorities: /data/es/config/cert/ca.crt

以上配置都是用的绝对路径,因此,将前面的cert.zip 文件内的对应文件放置到对应的服务器的指定路径下即可了,注意,注意,需要给证书赋予es用户权限,这一步不能漏,也就是chown -Rf  /data/es 这个命令

然后重启所有节点的elasticsearch服务

如果没有报错的话,打开浏览器输入以下网址将可以看到https开启了:

elasticsearch|大数据|elasticsearch的api部分实战操作以及用户和密码的管理,大数据,大数据,elasticsearch,搜索引擎,全文检索,linux

elasticsearch|大数据|elasticsearch的api部分实战操作以及用户和密码的管理,大数据,大数据,elasticsearch,搜索引擎,全文检索,linux

elasticsearch|大数据|elasticsearch的api部分实战操作以及用户和密码的管理,大数据,大数据,elasticsearch,搜索引擎,全文检索,linux

 可以看到13服务器有日志警告,不过无所吊谓:

[2023-12-12T23:04:38,187][INFO ][o.e.c.s.ClusterApplierService] [node-2] added {{node-1}{Ihs-2_jwTte3q7zd82z9cg}{2ooshKAZR4epjmfAJ0U2IQ}{192.168.123.11}{192.168.123.11:9300}{ml.machine_memory=8975544320, ml.max_open_jobs=20, ml.enabled=true},}, reason: apply cluster state (from master [master {node-3}{kZxWJkP1Tjqo1DkDLcKg0w}{qPA_ePYYTW21FGt2xhMe8A}{192.168.123.13}{192.168.123.13:9300}{ml.machine_memory=8370089984, ml.max_open_jobs=20, ml.enabled=true} committed version [80]])
[2023-12-12T23:05:20,748][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [node-2] http client did not trust this server's certificate, closing connection [id: 0x240d6693, L:0.0.0.0/0.0.0.0:19200 ! R:/192.168.123.1:59482]
[2023-12-12T23:05:20,748][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [node-2] http client did not trust this server's certificate, closing connection [id: 0xef2c0f9e, L:0.0.0.0/0.0.0.0:19200 ! R:/192.168.123.1:59483]
[2023-12-12T23:05:28,605][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [node-2] http client did not trust this server's certificate, closing connection [id: 0x8abd3207, L:0.0.0.0/0.0.0.0:19200 ! R:/192.168.123.1:59488]
[2023-12-12T23:05:43,343][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [node-2] http client did not trust this server's certificate, closing connection [id: 0xd9b903fb, L:0.0.0.0/0.0.0.0:19200 ! R:/192.168.123.1:59489]

四,

报错一览:

1,

[2023-12-12T22:07:44,555][ERROR][o.e.b.Bootstrap          ] Exception
java.lang.IllegalStateException: failed to load plugin class [org.elasticsearch.xpack.core.XPackPlugin]
        at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:563) ~[elasticsearch-6.2.4.jar:6.2.4]
        at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:505) ~[elasticsearch-6.2.4.jar:6.2.4]
        at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:422) ~[elasticsearch-6.2.4.jar:6.2.4]
        at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:146) ~[elasticsearch-6.2.4.jar:6.2.4]
        at org.elasticsearch.node.Node.<init>(Node.java:303) ~[elasticsearch-6.2.4.jar:6.2.4]
        at org.elasticsearch.node.Node.<init>(Node.java:246) ~[elasticsearch-6.2.4.jar:6.2.4]
        at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:213) ~[elasticsearch-6.2.4.jar:6.2.4]
        at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:213) ~[elasticsearch-6.2.4.jar:6.2.4]
        at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:323) [elasticsearch-6.2.4.jar:6.2.4]
        at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:121) [elasticsearch-6.2.4.jar:6.2.4]
        at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:112) [elasticsearch-6.2.4.jar:6.2.4]
        at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) [elasticsearch-6.2.4.jar:6.2.4]
        at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) [elasticsearch-cli-6.2.4.jar:6.2.4]
        at org.elasticsearch.cli.Command.main(Command.java:90) [elasticsearch-cli-6.2.4.jar:6.2.4]
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) [elasticsearch-6.2.4.jar:6.2.4]
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:85) [elasticsearch-6.2.4.jar:6.2.4]
Caused by: java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
        at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[?:1.8.0_392]
        at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:554) ~[elasticsearch-6.2.4.jar:6.2.4]
        ... 15 more
Caused by: org.elasticsearch.ElasticsearchException: failed to initialize a TrustManagerFactory
        at org.elasticsearch.xpack.core.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:72) ~[?:?]
        at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:419) ~[?:?]
        at java.util.HashMap.computeIfAbsent(HashMap.java:1128) ~[?:1.8.0_392]
        at org.elasticsearch.xpack.core.ssl.SSLService.lambda$loadSSLConfigurations$0(SSLService.java:465) ~[?:?]
        at java.util.ArrayList.forEach(ArrayList.java:1259) ~[?:1.8.0_392]
        at org.elasticsearch.xpack.core.ssl.SSLService.loadSSLConfigurations(SSLService.java:464) ~[?:?]
        at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:91) ~[?:?]
        at org.elasticsearch.xpack.core.XPackPlugin.<init>(XPackPlugin.java:127) ~[?:?]
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
        at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[?:1.8.0_392]
        at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:554) ~[elasticsearch-6.2.4.jar:6.2.4]
        ... 15 more
Caused by: java.io.IOException: keystore password was incorrect
        at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2089) ~[?:?]
        at java.security.KeyStore.load(KeyStore.java:1445) ~[?:1.8.0_392]
        at org.elasticsearch.xpack.core.ssl.CertUtils.readKeyStore(CertUtils.java:276) ~[?:?]
        at org.elasticsearch.xpack.core.ssl.CertUtils.trustManager(CertUtils.java:267) ~[?:?]
        at org.elasticsearch.xpack.core.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:70) ~[?:?]
        at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:419) ~[?:?]
        at java.util.HashMap.computeIfAbsent(HashMap.java:1128) ~[?:1.8.0_392]
        at org.elasticsearch.xpack.core.ssl.SSLService.lambda$loadSSLConfigurations$0(SSLService.java:465) ~[?:?]
        at java.util.ArrayList.forEach(ArrayList.java:1259) ~[?:1.8.0_392]
        at org.elasticsearch.xpack.core.ssl.SSLService.loadSSLConfigurations(SSLService.java:464) ~[?:?]
        at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:91) ~[?:?]
        at org.elasticsearch.xpack.core.XPackPlugin.<init>(XPackPlugin.java:127) ~[?:?]
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
        at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[?:1.8.0_392]
        at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:554) ~[elasticsearch-6.2.4.jar:6.2.4]
                                                                                                                                     

以上报错关键词是java.io.IOException: keystore password was incorrect和 sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

很明显是io读写错误,根本原因是无权读写,这里说的应该是前面添加的证书文件没有添加es属组才造成的,因此,chown -Rf  /data/es ,在重启服务,发现没有报错了

2,

[node-2] failed to send join request to master [{node-1}{Ao_m-rPfTnmEB8CBPL-U5A}{vCkhIJX6T6mXYlAlty40CA}{192.168.123.11}{192.168.123.11:9300}{ml.machine_memory=4142223360, ml.max_open_jobs=20, xpack.installed=true, ml.enabled=true}], reason [RemoteTransportException[[node-1][192.168.123.11:9300][internal:discovery/zen/join]]; nested: IllegalArgumentException[can't add node {node-2}{Ao_m-rPfTnmEB8CBPL-U5A}{9koFdxABR-msIkioIDbjzA}{192.168.123.12}{192.168.123.12:9300}{ml.machine_memory=4142223360, ml.max_open_jobs=20, xpack.installed=true, ml.enabled=true}, found existing node {node-1}{Ao_m-rPfTnmEB8CBPL-U5A}{vCkhIJX6T6mXYlAlty40CA}{192.168.123.11}{192.168.123.11:9300}{ml.machine_memory=4142223360, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true} with the same id but is a different node instance]; 

由于es集群安装的时候是从一个节点直接拷贝到其它节点的,不是解压文件,在拷贝前,节点启动过一次,自动生成了data文件夹和其下的内容,里面包含了上一个节点的信息

因此,解决方案为删除/data/es/data目录下的所有内容:

[root@node2 ~]# rm -rf /data/es/data/*

再次启动就没有此报错了 

五,

简单的elasticsearch的api使用

1,

查看所有节点

[root@node1 x-pack]# curl -k -XGET https://192.168.123.11:19200/_cat/nodes -uelastic
Enter host password for user 'elastic':
192.168.123.14 45 93 0 0.28 0.26 0.32 mdi - node-4
192.168.123.13 26 63 2 0.36 0.18 0.20 mdi * node-3
192.168.123.12 23 81 1 0.54 0.34 0.29 mdi - node-2
192.168.123.11 36 61 1 0.06 0.15 0.20 mdi - node-1


第一列(ip):es节点ip
第二列(heap.percent):堆内存占比
第三列(ram.percent):内存使用占比
第四列(cpu):cpu使用率
第五列(load_1m):1分钟内平均load情况,ms
第六列(load_5m):5分钟内平均load情况,ms
第七列(load_15m):15分钟内平均load情况,ms
第八列(node.role):节点权限
第九列(master):是否master节点,*为master节点
第十列(name):节点名称

2,

查看所有索引信息:

[root@node1 x-pack]# curl -k -XGET https://192.168.123.11:19200/_cat/indices -uelastic
Enter host password for user 'elastic':
green open .watcher-history-7-2023.12.09 _WVuCnwrSlGtYaLbSAfbLg 1 1   549     0   1.5mb 808.3kb
green open .watcher-history-7-2023.12.10 zcAH_IgISayByx6-K4ueGQ 1 1  3989     0  11.3mb   5.6mb
green open .monitoring-alerts-6          Pm5Cw8UkQAamSkvOxccFow 1 1     7     0  84.1kb    42kb
green open .triggered_watches            -XApiGASS1a_jDOQMmthaA 1 1     0     0 146.5kb  73.2kb
green open .monitoring-es-6-2023.12.09   4GLFZLlsRH6nj4ZKIUsxvw 1 1  7439    28     9mb   4.5mb
green open .monitoring-es-6-2023.12.10   h1y4V6UMQFGecE78sfBqIA 1 1 58643 31012  81.1mb  40.5mb
green open my_index                      ApVYPzGuQS60iOFF_ur6nA 5 1     2     0  17.9kb   8.9kb
green open .watcher-history-7-2023.12.12 XZkWSqt1Txm-vpSCYWMlNg 1 1   585     0     2mb     1mb
green open .security-6                   VMkr4AP3TbOI1fVJCF9ZJQ 1 3     3     0  39.4kb   9.8kb
green open .watches                      S9Gd2ZUuTtazqQpN45sx9Q 1 1     6     0 469.1kb  58.7kb
green open .monitoring-es-6-2023.12.12   HkMeJ9DAQSue1nZJrRMtYg 1 1 10765    32  16.5mb   8.2mb


health:	索引的健康状态
status:	索引的开启状态
index:	索引名字
uuid:	索引的uuid
pri:	索引的主分片数量
rep:	索引的复制分片数量
docs.count:	索引下的文档总数
docs.deleted:	索引下删除状态的文档数
store.size:	主分片+复制分片的大小
pri.store.size:	主分片的大小

3,

查看节点的健康状态:

[root@node1 x-pack]# curl -k -XGET https://192.168.123.11:19200/_cat/health -uelastic
Enter host password for user 'elastic':
1702398729 00:32:09 myes green 4 4 32 15 0 0 0 0 - 100.0%

epoch:	自标准时间(1970-01-01 00:00:00)以来的秒数
timestamp:	时间
cluster:	集群名称
status:	集群状态
node.total:	节点总数
node.data:	数据节点总数
shards:	分片总数
pri:	主分片总数
repo:	复制节点的数量
init:	初始化节点的数量
unassign:	未分配分片的数量
pending_tasks:	待定任务数
max_task_wait_time:	等待最长任务的等待时间
active_shards_percent:	活动分片百分比

这里集群状态为绿色green表示健康,黄色yellow表示集群有问题,需要介入排查问题,红色red表示集群不求行了,需要深度介入,要不就是摆烂,一拍两散。

全部主分片为active状态则为绿色,active的判断标准是分片为started或relocating状态,

备注:当source节点的分片处于relocating,那么target节点的同个分片处于INITIALIZING。INITIALIZING状态可能是节点从其他节点恢复(relocating、replica copy)、snapshot恢复或者从本地恢复

简单的说

绿色:索引的所有分片都正常分配。

黄色:至少有一个副本没有得到正确的分配。

红色:至少有一个主分片没有得到正确的分配。

3.

查看集群所有的索引的状态:

[root@node1 x-pack]# curl -k -XGET https://192.168.123.11:19200/_cluster/health?level=indices  -uelastic
Enter host password for user 'elastic':
{"cluster_name":"myes","status":"green","timed_out":false,"number_of_nodes":4,"number_of_data_nodes":4,"active_primary_shards":15,"active_shards":32,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":100.0,"indices":{".monitoring-es-6-2023.12.10":{"status":"green","number_of_shards":1,"number_of_replicas":1,"active_primary_shards":1,"active_shards":2,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0},".watcher-history-7-2023.12.09":{"status":"green","number_of_shards":1,"number_of_replicas":1,"active_primary_shards":1,"active_shards":2,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0},".triggered_watches":{"status":"green","number_of_shards":1,"number_of_replicas":1,"active_primary_shards":1,"active_shards":2,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0},".monitoring-es-6-2023.12.12":{"status":"green","number_of_shards":1,"number_of_replicas":1,"active_primary_shards":1,"active_shards":2,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0},".monitoring-alerts-6":{"status":"green","number_of_shards":1,"number_of_replicas":1,"active_primary_shards":1,"active_shards":2,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0},"my_index":{"status":"green","number_of_shards":5,"number_of_replicas":1,"active_primary_shards":5,"active_shards":10,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0},".watcher-history-7-2023.12.12":{"status":"green","number_of_shards":1,"number_of_replicas":1,"active_primary_shards":1,"active_shards":2,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0},".monitoring-es-6-2023.12.09":{"status":"green","number_of_shards":1,"number_of_replicas":1,"active_primary_shards":1,"active_shards":2,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0},".watcher-history-7-2023.12.10":{"status":"green","number_of_shards":1,"number_of_replicas":1,"active_primary_shards":1,"active_shards":2,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0},".watches":{"status":"green","number_of_shards":1,"number_of_replicas":1,"active_primary_shards":1,"active_shards":2,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0},".security-6":{"status":"green","number_of_shards":1,"number_of_replicas":3,"active_primary_shards":1,"active_shards":4,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0}}}

当然了,我这个示例健康的很

4,

在使用的插件信息:

这个没什么好说的,我现在就只用了x-pack插件

[root@node1 x-pack]# curl -k -XGET https://192.168.123.11:19200/_cat/plugins  -uelastic
Enter host password for user 'elastic':
node-4 x-pack-core        6.2.4
node-4 x-pack-deprecation 6.2.4
node-4 x-pack-graph       6.2.4
node-4 x-pack-logstash    6.2.4
node-4 x-pack-ml          6.2.4
node-4 x-pack-monitoring  6.2.4
node-4 x-pack-security    6.2.4
node-4 x-pack-upgrade     6.2.4
node-4 x-pack-watcher     6.2.4
node-3 x-pack-core        6.2.4
node-3 x-pack-deprecation 6.2.4
node-3 x-pack-graph       6.2.4
node-3 x-pack-logstash    6.2.4
node-3 x-pack-ml          6.2.4
node-3 x-pack-monitoring  6.2.4
node-3 x-pack-security    6.2.4
node-3 x-pack-upgrade     6.2.4
node-3 x-pack-watcher     6.2.4
node-2 x-pack-core        6.2.4
node-2 x-pack-deprecation 6.2.4
node-2 x-pack-graph       6.2.4
node-2 x-pack-logstash    6.2.4
node-2 x-pack-ml          6.2.4
node-2 x-pack-monitoring  6.2.4
node-2 x-pack-security    6.2.4
node-2 x-pack-upgrade     6.2.4
node-2 x-pack-watcher     6.2.4
node-1 x-pack-core        6.2.4
node-1 x-pack-deprecation 6.2.4
node-1 x-pack-graph       6.2.4
node-1 x-pack-logstash    6.2.4
node-1 x-pack-ml          6.2.4
node-1 x-pack-monitoring  6.2.4
node-1 x-pack-security    6.2.4
node-1 x-pack-upgrade     6.2.4
node-1 x-pack-watcher     6.2.4

5,

通过api重置用户密码

这个比较有意思,现在是启用了https,那么,https的时候怎么通过api重置呢?

一开始报错如下:

[root@node1 ~]# curl -k -H "Content-Type:application/json" -XPOST -u elastic  ‘https://192.168.123.11:19200/_xpack/security/user/elastic/_password‘ -d ‘{ "password" : "123456" }
Enter host password for user 'elastic':
curl: (1) Protocol ‘https not supported or disabled in libcurl
curl: (6) Could not resolve host: password; Unknown error
curl: (6) Could not resolve host: ; Unknown error
curl: (7) Failed to connect to 0.1.226.64: Invalid argument
curl: (3) [globbing] unmatched close brace/bracket at pos 1

 关键报错是Protocol ‘https not supported or disabled in libcurl,根据百度信息,说是curl命令可能不支持https,OK,curl -V 命令可以查询到,是支持https的,-k参数也添加了:

(不支持https的curl版本是curl 7.19.4,而我的版本是7.29.0

[root@node1 ~]# curl -V
curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.36 zlib/1.2.7 libidn/1.28 libssh2/1.4.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp 
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz unix-sockets 

OK,暂时无果后,继续找寻解决办法,有一个博文说了https也就是URL要使用双引号包裹,报错的命令里是单引号,那就试一试,命令更改为如下:

[root@node1 ~]# curl -k  -H "Content-Type:application/json" -XPOST -u elastic  "https://192.168.123.11:19200/_xpack/security/user/elastic/_password" -d '{ "password" : "123456" }'
Enter host password for user 'elastic':
{}

完美重置密码!!!

6,

查看所有用户的信息文章来源地址https://www.toymoban.com/news/detail-758393.html

[root@node1 ~]# curl -k  -H "Content-Type:application/json" -XGET   "https://192.168.123.11:19200/_xpack/security/user" -uelastic
Enter host password for user 'elastic':
{"elastic":{"username":"elastic","roles":["superuser"],"full_name":null,"email":null,"metadata":{"_reserved":true},"enabled":true},"kibana":{"username":"kibana","roles":["kibana_system"],"full_name":null,"email":null,"metadata":{"_reserved":true},"enabled":true},"logstash_system":{"username":"logstash_system","roles":["logstash_system"],"full_name":null,"email":null,"metadata":{"_reserved":true},"enabled":true}}

到了这里,关于elasticsearch|大数据|elasticsearch的api部分实战操作以及用户和密码的管理的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处: 如若内容造成侵权/违法违规/事实不符,请点击违法举报进行投诉反馈,一经查实,立即删除!

领支付宝红包 赞助服务器费用

相关文章

  • 3、HBase的java API基本操作(创建、删除表以及对数据的添加、删除、查询以及多条件查询)

    1、hbase-2.1.0介绍及分布式集群部署、HA集群部署、验证、硬件配置推荐 2、hbase-2.1.0 shell基本操作详解 3、HBase的java API基本操作(创建、删除表以及对数据的添加、删除、查询以及多条件查询) 4、HBase使用(namespace、数据分区、rowkey设计、原生api访问hbase) 5、Apache Phoenix(5.0.0-5.

    2024年02月08日
    浏览(65)
  • 项目实战——参数配置化Spark将Hive表的数据写入需要用户名密码认证的ElasticSearch(Java版本)

    项目实战——将Hive表的数据直接导入ElasticSearch    此篇文章不用写代码,简单粗暴,但是相对没有那么灵活;底层采用MapReduce计算框架,导入速度相对较慢! 项目实战——Spark将Hive表的数据写入ElasticSearch(Java版本)    此篇文章需要Java代码,实现功能和篇幅类似,直接

    2023年04月08日
    浏览(62)
  • docker安装es8.x及elasticSearch8部分api使用

    docker中安装es8 1、es8的tar下载地址: tar包下载地址) 2、docker load -i es-name 3、docker run -d --name elasticsearch-8.6.2 -e ES_JAVA_OPTS=“-Xms256m -Xmx256m” -p 9200:9200 -p 9300:9300 -e “discovery.type=single-node” elasticsearch:8.6.2 4、8开始以后不支持直接使用http方式访问es: 4.1、cd /usr/share/elasticsearch/config 4

    2024年02月12日
    浏览(48)
  • [golang gin框架] 38.Gin操作Elasticsearch创建索引、修改映射、数据CURD以及数据分页

    常见的 Golang 操作 ElasticSearch 的插件主要有下面两个: 第三方插件: github.com/olivere/elastic 官网插件 github.com/elastic/go-elasticsearch 其中 elastic 比 go-elasticsearch 文档更全面一些,start 量也更多一些,本节讲解 elastic 使用第三方库 https://github.com/olivere/elastic 来连接 ES 并进行操作 注意

    2024年02月09日
    浏览(63)
  • Elasticsearch实战(十七)---ES搜索如何使用In操作查询及如何Distinct去除重复数据

    Elasticsearch实战-ES搜索如何使用In操作查询filter过滤及如何Distinct去除重复数据 场景: ES搜索, 获取手机号是 19000001111 或者 19000003333 后者 19000004444 的人, 并且 性别是男, 且 年龄是[20-30]的人,这种查询用mysql 如何实现 ? 在mysql中会用in查询, 但是在ES中 我们实现就是 term

    2023年04月09日
    浏览(46)
  • ELK-elasticsearch设置用户、添加新用户、以及对应密码修改

    a.使用docker容器: 对于使用docker的需要进入容器中(不进人容器,命令都要加 docker exec  容器名 + 对应命令) docker exec -it elasticsearch bash b.不适用容器部署es的: 需要进入elasticsearch的安装目录 下面对于用户设置 1. 内置用户 执行下面对应命令,重置密码(自动生成) bin/elas

    2024年02月09日
    浏览(48)
  • ElasticSearch基本api操作

    本文章下列所用es本意都为Elaticsearch Elaticsearch ,简称为es, es是一 个开源的高扩展的分布式全文检索引擎,它可以近乎实时的存储、检索数据;本身扩展性很好, 可以扩展到上百台服务器,处理PB级别(大数据时代)的数据。es也使用Java开发并使用Lucene作为其核心来实现所有索弓和搜

    2024年02月05日
    浏览(44)
  • elasticsearch查询操作(API方式)

    说明:elasticsearch查询操作除了使用DSL语句的方式(参考:elasticsearch查询操作(语句方式)),也可以使用API的方式。 使用前需先导入依赖 创建一个测试类,查询操作代码都写在测试类里面,首先先建立RestHighLevelClient的连接 (1)全部查询; 查询student索引库的所有文档;

    2024年02月14日
    浏览(39)
  • java Api操作Elasticsearch

    本次使用 elasticsearch 版本为7.17.0, 建议使用 7.X 版本 ,8.1.2版本会遇到一些 Springboot(本人使用版本2.6.6) 版本不兼容的问题。此文章会列举一个例子。 我们在测试类中先创建一个客户端,用来向 ES 发送请求 测试代码如下: 控制台输出信息如下: 此处会遇到坑: 运行之后

    2023年04月09日
    浏览(39)
  • 【SQL开发实战技巧】系列(二十):数据仓库中时间类型操作(进阶)获取季度开始结束时间以及如何统计非连续性时间的数据

    【SQL开发实战技巧】系列(一):关于SQL不得不说的那些事 【SQL开发实战技巧】系列(二):简单单表查询 【SQL开发实战技巧】系列(三):SQL排序的那些事 【SQL开发实战技巧】系列(四):从执行计划讨论UNION ALL与空字符串UNION与OR的使用注意事项 【SQL开发实战技巧】系列

    2024年02月02日
    浏览(72)

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

博客赞助

微信扫一扫打赏

请作者喝杯咖啡吧~博客赞助

支付宝扫一扫领取红包,优惠每天领

二维码1

领取红包

二维码2

领红包