elasticsearch|大数据|elasticsearch的api部分实战操作以及用户和密码的管理

本文涉及的产品
检索分析服务 Elasticsearch 版,2核4GB开发者规格 1个月
全局流量管理 GTM,标准版 1个月
公共DNS(含HTTPDNS解析),每月1000万次HTTP解析
简介: elasticsearch|大数据|elasticsearch的api部分实战操作以及用户和密码的管理

一,

前言

本文主要内容是通过elasticsearch的api来进行一些集群的管理和信息查询工作,以及elasticsearch用户的增删改查和密码的重设以及重置如何操作


上文主要介绍了elasticsearch低版本集群的部署和密码的设定,这些是大大的提高了集群的安全性,但关于security(安全性)只是稍微提及,本文将要更加的深入的介绍这些安全措施,其次是部署完集群仅仅是第一步,如何正确的使用,高效的使用集群才是最终的目的,本文也将从这些方面做一个简单的论述。

二,

elasticsearch的安全插件----xpack

该插件主要是两个功能,第一个是通过config文件夹下的elasticsearch-keystone文件加密api,使得在使用api的时候必须要先检验预设的用户和密码

其次是ssl加密,通过certgen这个工具生成自签的ca证书(高版本的es这个工具可能改名),以提高elasticsearch的网络安全

在主配置文件中,有以下三个选项,这三个选项是这两个功能的开关:

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: false
xpack.security.http.ssl.ssl.enabled: false

上文讲了密码校验的开启,ssl如何开启没有说,本文就把这个补充上吧

xpack.security.transport.ssl.enabled: false 这个选项应该是集群间ssl自签证书验证,防止恶意的增添节点

xpack.security.http.ssl.ssl.enabled: false 这个选项应该是使用自签证书,外部访问集群的时候需要证书验证,通俗的说就是https

那么,先开启xpack.security.transport.ssl.enabled,具体步骤如下:

1,在master节点生成ca证书(这个证书带密码,也可以不带密码,我这里用了密码,随意设置一个记得住的就可以了)# 生成elastic-stack-ca.p12文件

[root@node1 es]# ./bin/x-pack/certutil ca
This tool assists you in the generation of X.509 certificates and certificate
signing requests for use with SSL/TLS in the Elastic stack.
The 'ca' mode generates a new 'certificate authority'
This will create a new X.509 certificate and private key that can be used
to sign certificate when running in 'cert' mode.
Use the 'ca-dn' option if you wish to configure the 'distinguished name'
of the certificate authority
By default the 'ca' mode produces a single PKCS#12 output file which holds:
    * The CA certificate
    * The CA's private key
If you elect to generate PEM format certificates (the -pem option), then the output will
be a zip file containing individual files for the CA certificate and private key
Please enter the desired output file [elastic-stack-ca.p12]: 
Enter password for elastic-stack-ca.p12 : 

2,生成elastic-certificates.p12这个文件,在其它节点生成同样的文件,命令稍微修改一下#### 生成elastic-certificates.p12文件,供elasticsearch使用(只在master节点生成,然后拷贝到其它节点即可,scp命令或者什么其它的方式都可以,不得在其它节点自己生成

[root@node1 es]# ./bin/x-pack/certutil cert --ca elastic-stack-ca.p12
This tool assists you in the generation of X.509 certificates and certificate
signing requests for use with SSL/TLS in the Elastic stack.
The 'cert' mode generates X.509 certificate and private keys.
    * By default, this generates a single certificate and key for use
       on a single instance.
    * The '-multiple' option will prompt you to enter details for multiple
       instances and will generate a certificate and key for each one
    * The '-in' option allows for the certificate generation to be automated by describing
       the details of each instance in a YAML file
    * An instance is any piece of the Elastic Stack that requires a SSL certificate.
      Depending on your configuration, Elasticsearch, Logstash, Kibana, and Beats
      may all require a certificate and private key.
    * The minimum required value for each instance is a name. This can simply be the
      hostname, which will be used as the Common Name of the certificate. A full
      distinguished name may also be used.
    * A filename value may be required for each instance. This is necessary when the
      name would result in an invalid file or directory name. The name provided here
      is used as the directory name (within the zip) and the prefix for the key and
      certificate files. The filename is required if you are prompted and the name
      is not displayed in the prompt.
    * IP addresses and DNS names are optional. Multiple values can be specified as a
      comma separated string. If no IP addresses or DNS names are provided, you may
      disable hostname verification in your SSL configuration.
    * All certificates generated by this tool will be signed by a certificate authority (CA).
    * The tool can automatically generate a new CA for you, or you can provide your own with the
         -ca or -ca-cert command line options.
By default the 'cert' mode produces a single PKCS#12 output file which holds:
    * The instance certificate
    * The private key for the instance certificate
    * The CA certificate
If you elect to generate PEM format certificates (the -pem option), then the output will
be a zip file containing individual files for the instance certificate, the key and the CA certificate
If you elect to generate multiple instances certificates, the output will be a zip file
containing all the generated certificates
Enter password for CA (elastic-stack-ca.p12) : 
Please enter the desired output file [elastic-certificates.p12]: 
Enter password for elastic-certificates.p12 : 
Certificates written to /data/es/elastic-certificates.p12
This file should be properly secured as it contains the private key for 
your instance.
This file is a self contained file and can be copied and used 'as is'
For each Elastic product that you wish to configure, you should copy
this '.p12' file to the relevant configuration directory
and then follow the SSL configuration instructions in the product guide.
For client applications, you may only need to copy the CA certificate and
configure the client to trust this certificate.

3,如果该证书设置了证书,那么需要节点认证通过,否则会报没有权限读取(每个节点都执行):

./bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
./bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password

4,为了防止elasticsearch因为权限问题启动失败,再次递归赋属组:

chown -Rf es. /data/es

5,elasticsearch主配置文件的修改

在主配置文件末尾添加如下内容:

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-methods : OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers : X-Requested-With,X-Auth-Token,Content-Type,Content-Length
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /data/es/config/cert/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /data/es/config/cert/elastic-certificates.p12

6,在补充说明一下:

因为elasticsearch集群是使用的发现机制,因此,master在扫描到同网段其它的服务器的9300-9305端口的时候,就会将其自动加入集群,而如果没有任何验证的加入节点是非常危险的,因此,证书的密码建议是最好设置,恶意节点将会因为没有证书文件并通过节点认证而无法随意加入集群,这样,我们的集群将会比较的安全。

verification_mode 控制服务器证书的验证。有效值为:

  • # full 验证提供的证书是否由可信机构 (CA) 签名,并验证服务器的主机名(或 IP 地址)是否与证书中标识的名称相匹配。
  • # strict 验证提供的证书是否由可信机构 (CA) 签名,并验证服务器的主机名(或 IP 地址)是否与证书中标识的名称相匹配。如果 Subject Alternative Name 为空,则返回错误。
  • # certificate 验证提供的证书是否由可信机构 (CA) 签名,但不执行任何主机名验证。
  • # none 不执行服务器证书的验证。此模式会禁用 SSL/TLS 的许多安全优势,应仅在谨慎考虑后使用。它主要用作尝试解决 TLS 错误时的临时诊断机制;强烈建议不要在生产环境中使用它。

keystore:存放公钥,私钥,数字签名等信息
truststore:存放信任的证书
keystore和truststore都存放key,不同的地方是truststore只存放公钥的数字证书,代表了可以信任的证书,keystore存放私钥相关.

三,

elasticsearch利用x-pack开启https

得先说明,https是可以使用自签证书的,虽然实际意义不大,那在elasticsearch里自然也是可以使用自签证书的了,在elasticsearch里主要是通过certutil这个工具生成的,该工具主要是自动化,使用简单。

集群主机名信息:

[root@node4 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
# kubekey hosts BEGIN
192.168.123.14  node4.cluster.local node4 node-4
192.168.123.11  node1.cluster.local node1 node-1
192.168.123.12  node2.cluster.local node2 node-2
192.168.123.13  node3.cluster.local node3 node-3
127.0.0.1 lb.kubesphere.local
# kubekey hosts END

根据以上信息,编写证书信息文件(主机名和IP地址一一对应哦):

[root@node4 ~]# cat instances.yml 
instances:
  - name: "node-1"
    dns: ['192.168.123.11']
  - name: "node-2"
    dns: ['192.168.123.12']
  - name: "node-3"
    dns: ['192.168.123.13']    
  - name: 'node-4'
    dns: ['192.168.123.14']

执行以下命令生成证书包:

###注:生成的证书格式是pem的,可以直接使用,无需任何转换(哪个服务器都可以,随便找个服务器就可以了)

/data/es/bin/x-pack/certutil cert ca --pem --in instances.yml --out /root/certs.zip

解压上面在root根目录下生成的证书包:

replace ca/ca.crt? [y]es, [n]o, [A]ll, [N]one, [r]ename: A
  inflating: ca/ca.crt               
  inflating: node-1/node-1.crt       
  inflating: node-1/node-1.key       
  inflating: node-2/node-2.crt       
  inflating: node-2/node-2.key       
  inflating: node-3/node-3.crt       
  inflating: node-3/node-3.key       
  inflating: node-4/node-4.crt       
  inflating: node-4/node-4.key   

可以看到有5个文件夹,在elasticsearch的主配置文件末尾添加如下内容:

node-1服务器:

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /data/es/config/cert/node-1.key
xpack.security.http.ssl.certificate: /data/es/config/cert/node-1.crt
xpack.security.http.ssl.certificate_authorities: /data/es/config/cert/ca.crt

node-2服务器:

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /data/es/config/cert/node-2.key
xpack.security.http.ssl.certificate: /data/es/config/cert/node-2.crt
xpack.security.http.ssl.certificate_authorities: /data/es/config/cert/ca.crt

node-3服务器:

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /data/es/config/cert/node-3.key
xpack.security.http.ssl.certificate: /data/es/config/cert/node-3.crt
xpack.security.http.ssl.certificate_authorities: /data/es/config/cert/ca.crt

node-4服务器:

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /data/es/config/cert/node-4.key
xpack.security.http.ssl.certificate: /data/es/config/cert/node-4.crt
xpack.security.http.ssl.certificate_authorities: /data/es/config/cert/ca.crt

以上配置都是用的绝对路径,因此,将前面的cert.zip 文件内的对应文件放置到对应的服务器的指定路径下即可了,注意,注意,需要给证书赋予es用户权限,这一步不能漏,也就是chown -Rf  /data/es 这个命令

然后重启所有节点的elasticsearch服务

如果没有报错的话,打开浏览器输入以下网址将可以看到https开启了:

可以看到13服务器有日志警告,不过无所吊谓:

[2023-12-12T23:04:38,187][INFO ][o.e.c.s.ClusterApplierService] [node-2] added {{node-1}{Ihs-2_jwTte3q7zd82z9cg}{2ooshKAZR4epjmfAJ0U2IQ}{192.168.123.11}{192.168.123.11:9300}{ml.machine_memory=8975544320, ml.max_open_jobs=20, ml.enabled=true},}, reason: apply cluster state (from master [master {node-3}{kZxWJkP1Tjqo1DkDLcKg0w}{qPA_ePYYTW21FGt2xhMe8A}{192.168.123.13}{192.168.123.13:9300}{ml.machine_memory=8370089984, ml.max_open_jobs=20, ml.enabled=true} committed version [80]])
[2023-12-12T23:05:20,748][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [node-2] http client did not trust this server's certificate, closing connection [id: 0x240d6693, L:0.0.0.0/0.0.0.0:19200 ! R:/192.168.123.1:59482]
[2023-12-12T23:05:20,748][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [node-2] http client did not trust this server's certificate, closing connection [id: 0xef2c0f9e, L:0.0.0.0/0.0.0.0:19200 ! R:/192.168.123.1:59483]
[2023-12-12T23:05:28,605][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [node-2] http client did not trust this server's certificate, closing connection [id: 0x8abd3207, L:0.0.0.0/0.0.0.0:19200 ! R:/192.168.123.1:59488]
[2023-12-12T23:05:43,343][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [node-2] http client did not trust this server's certificate, closing connection [id: 0xd9b903fb, L:0.0.0.0/0.0.0.0:19200 ! R:/192.168.123.1:59489]

四,

报错一览:

1,

[2023-12-12T22:07:44,555][ERROR][o.e.b.Bootstrap          ] Exception
java.lang.IllegalStateException: failed to load plugin class [org.elasticsearch.xpack.core.XPackPlugin]
        at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:563) ~[elasticsearch-6.2.4.jar:6.2.4]
        at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:505) ~[elasticsearch-6.2.4.jar:6.2.4]
        at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:422) ~[elasticsearch-6.2.4.jar:6.2.4]
        at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:146) ~[elasticsearch-6.2.4.jar:6.2.4]
        at org.elasticsearch.node.Node.<init>(Node.java:303) ~[elasticsearch-6.2.4.jar:6.2.4]
        at org.elasticsearch.node.Node.<init>(Node.java:246) ~[elasticsearch-6.2.4.jar:6.2.4]
        at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:213) ~[elasticsearch-6.2.4.jar:6.2.4]
        at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:213) ~[elasticsearch-6.2.4.jar:6.2.4]
        at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:323) [elasticsearch-6.2.4.jar:6.2.4]
        at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:121) [elasticsearch-6.2.4.jar:6.2.4]
        at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:112) [elasticsearch-6.2.4.jar:6.2.4]
        at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) [elasticsearch-6.2.4.jar:6.2.4]
        at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) [elasticsearch-cli-6.2.4.jar:6.2.4]
        at org.elasticsearch.cli.Command.main(Command.java:90) [elasticsearch-cli-6.2.4.jar:6.2.4]
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) [elasticsearch-6.2.4.jar:6.2.4]
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:85) [elasticsearch-6.2.4.jar:6.2.4]
Caused by: java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
        at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[?:1.8.0_392]
        at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:554) ~[elasticsearch-6.2.4.jar:6.2.4]
        ... 15 more
Caused by: org.elasticsearch.ElasticsearchException: failed to initialize a TrustManagerFactory
        at org.elasticsearch.xpack.core.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:72) ~[?:?]
        at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:419) ~[?:?]
        at java.util.HashMap.computeIfAbsent(HashMap.java:1128) ~[?:1.8.0_392]
        at org.elasticsearch.xpack.core.ssl.SSLService.lambda$loadSSLConfigurations$0(SSLService.java:465) ~[?:?]
        at java.util.ArrayList.forEach(ArrayList.java:1259) ~[?:1.8.0_392]
        at org.elasticsearch.xpack.core.ssl.SSLService.loadSSLConfigurations(SSLService.java:464) ~[?:?]
        at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:91) ~[?:?]
        at org.elasticsearch.xpack.core.XPackPlugin.<init>(XPackPlugin.java:127) ~[?:?]
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
        at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[?:1.8.0_392]
        at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:554) ~[elasticsearch-6.2.4.jar:6.2.4]
        ... 15 more
Caused by: java.io.IOException: keystore password was incorrect
        at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2089) ~[?:?]
        at java.security.KeyStore.load(KeyStore.java:1445) ~[?:1.8.0_392]
        at org.elasticsearch.xpack.core.ssl.CertUtils.readKeyStore(CertUtils.java:276) ~[?:?]
        at org.elasticsearch.xpack.core.ssl.CertUtils.trustManager(CertUtils.java:267) ~[?:?]
        at org.elasticsearch.xpack.core.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:70) ~[?:?]
        at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:419) ~[?:?]
        at java.util.HashMap.computeIfAbsent(HashMap.java:1128) ~[?:1.8.0_392]
        at org.elasticsearch.xpack.core.ssl.SSLService.lambda$loadSSLConfigurations$0(SSLService.java:465) ~[?:?]
        at java.util.ArrayList.forEach(ArrayList.java:1259) ~[?:1.8.0_392]
        at org.elasticsearch.xpack.core.ssl.SSLService.loadSSLConfigurations(SSLService.java:464) ~[?:?]
        at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:91) ~[?:?]
        at org.elasticsearch.xpack.core.XPackPlugin.<init>(XPackPlugin.java:127) ~[?:?]
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
        at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[?:1.8.0_392]
        at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:554) ~[elasticsearch-6.2.4.jar:6.2.4]

以上报错关键词是java.io.IOException: keystore password was incorrect和 sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

很明显是io读写错误,根本原因是无权读写,这里说的应该是前面添加的证书文件没有添加es属组才造成的,因此,chown -Rf  /data/es ,在重启服务,发现没有报错了

2,

[node-2] failed to send join request to master [{node-1}{Ao_m-rPfTnmEB8CBPL-U5A}{vCkhIJX6T6mXYlAlty40CA}{192.168.123.11}{192.168.123.11:9300}{ml.machine_memory=4142223360, ml.max_open_jobs=20, xpack.installed=true, ml.enabled=true}], reason [RemoteTransportException[[node-1][192.168.123.11:9300][internal:discovery/zen/join]]; nested: IllegalArgumentException[can't add node {node-2}{Ao_m-rPfTnmEB8CBPL-U5A}{9koFdxABR-msIkioIDbjzA}{192.168.123.12}{192.168.123.12:9300}{ml.machine_memory=4142223360, ml.max_open_jobs=20, xpack.installed=true, ml.enabled=true}, found existing node {node-1}{Ao_m-rPfTnmEB8CBPL-U5A}{vCkhIJX6T6mXYlAlty40CA}{192.168.123.11}{192.168.123.11:9300}{ml.machine_memory=4142223360, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true} with the same id but is a different node instance];

由于es集群安装的时候是从一个节点直接拷贝到其它节点的,不是解压文件,在拷贝前,节点启动过一次,自动生成了data文件夹和其下的内容,里面包含了上一个节点的信息

因此,解决方案为删除/data/es/data目录下的所有内容:

[root@node2 ~]# rm -rf /data/es/data/*

再次启动就没有此报错了

五,

简单的elasticsearch的api使用

1,

查看所有节点

[root@node1 x-pack]# curl -k -XGET https://192.168.123.11:19200/_cat/nodes -uelastic
Enter host password for user 'elastic':
192.168.123.14 45 93 0 0.28 0.26 0.32 mdi - node-4
192.168.123.13 26 63 2 0.36 0.18 0.20 mdi * node-3
192.168.123.12 23 81 1 0.54 0.34 0.29 mdi - node-2
192.168.123.11 36 61 1 0.06 0.15 0.20 mdi - node-1
第一列(ip):es节点ip
第二列(heap.percent):堆内存占比
第三列(ram.percent):内存使用占比
第四列(cpu):cpu使用率
第五列(load_1m):1分钟内平均load情况,ms
第六列(load_5m):5分钟内平均load情况,ms
第七列(load_15m):15分钟内平均load情况,ms
第八列(node.role):节点权限
第九列(master):是否master节点,*为master节点
第十列(name):节点名称

2,

查看所有索引信息:

[root@node1 x-pack]# curl -k -XGET https://192.168.123.11:19200/_cat/indices -uelastic
Enter host password for user 'elastic':
green open .watcher-history-7-2023.12.09 _WVuCnwrSlGtYaLbSAfbLg 1 1   549     0   1.5mb 808.3kb
green open .watcher-history-7-2023.12.10 zcAH_IgISayByx6-K4ueGQ 1 1  3989     0  11.3mb   5.6mb
green open .monitoring-alerts-6          Pm5Cw8UkQAamSkvOxccFow 1 1     7     0  84.1kb    42kb
green open .triggered_watches            -XApiGASS1a_jDOQMmthaA 1 1     0     0 146.5kb  73.2kb
green open .monitoring-es-6-2023.12.09   4GLFZLlsRH6nj4ZKIUsxvw 1 1  7439    28     9mb   4.5mb
green open .monitoring-es-6-2023.12.10   h1y4V6UMQFGecE78sfBqIA 1 1 58643 31012  81.1mb  40.5mb
green open my_index                      ApVYPzGuQS60iOFF_ur6nA 5 1     2     0  17.9kb   8.9kb
green open .watcher-history-7-2023.12.12 XZkWSqt1Txm-vpSCYWMlNg 1 1   585     0     2mb     1mb
green open .security-6                   VMkr4AP3TbOI1fVJCF9ZJQ 1 3     3     0  39.4kb   9.8kb
green open .watches                      S9Gd2ZUuTtazqQpN45sx9Q 1 1     6     0 469.1kb  58.7kb
green open .monitoring-es-6-2023.12.12   HkMeJ9DAQSue1nZJrRMtYg 1 1 10765    32  16.5mb   8.2mb
health: 索引的健康状态
status: 索引的开启状态
index:  索引名字
uuid: 索引的uuid
pri:  索引的主分片数量
rep:  索引的复制分片数量
docs.count: 索引下的文档总数
docs.deleted: 索引下删除状态的文档数
store.size: 主分片+复制分片的大小
pri.store.size: 主分片的大小

3,

查看节点的健康状态:

[root@node1 x-pack]# curl -k -XGET https://192.168.123.11:19200/_cat/health -uelastic
Enter host password for user 'elastic':
1702398729 00:32:09 myes green 4 4 32 15 0 0 0 0 - 100.0%
epoch:  自标准时间(1970-01-01 00:00:00)以来的秒数
timestamp:  时间
cluster:  集群名称
status: 集群状态
node.total: 节点总数
node.data:  数据节点总数
shards: 分片总数
pri:  主分片总数
repo: 复制节点的数量
init: 初始化节点的数量
unassign: 未分配分片的数量
pending_tasks:  待定任务数
max_task_wait_time: 等待最长任务的等待时间
active_shards_percent:  活动分片百分比

这里集群状态为绿色green表示健康,黄色yellow表示集群有问题,需要介入排查问题,红色red表示集群不求行了,需要深度介入,要不就是摆烂,一拍两散。

全部主分片为active状态则为绿色,active的判断标准是分片为started或relocating状态,

备注:当source节点的分片处于relocating,那么target节点的同个分片处于INITIALIZING。INITIALIZING状态可能是节点从其他节点恢复(relocating、replica copy)、snapshot恢复或者从本地恢复

简单的说

绿色:索引的所有分片都正常分配。

黄色:至少有一个副本没有得到正确的分配。

红色:至少有一个主分片没有得到正确的分配。

3.

查看集群所有的索引的状态:

[root@node1 x-pack]# curl -k -XGET https://192.168.123.11:19200/_cluster/health?level=indices  -uelastic
Enter host password for user 'elastic':
{"cluster_name":"myes","status":"green","timed_out":false,"number_of_nodes":4,"number_of_data_nodes":4,"active_primary_shards":15,"active_shards":32,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":100.0,"indices":{".monitoring-es-6-2023.12.10":{"status":"green","number_of_shards":1,"number_of_replicas":1,"active_primary_shards":1,"active_shards":2,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0},".watcher-history-7-2023.12.09":{"status":"green","number_of_shards":1,"number_of_replicas":1,"active_primary_shards":1,"active_shards":2,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0},".triggered_watches":{"status":"green","number_of_shards":1,"number_of_replicas":1,"active_primary_shards":1,"active_shards":2,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0},".monitoring-es-6-2023.12.12":{"status":"green","number_of_shards":1,"number_of_replicas":1,"active_primary_shards":1,"active_shards":2,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0},".monitoring-alerts-6":{"status":"green","number_of_shards":1,"number_of_replicas":1,"active_primary_shards":1,"active_shards":2,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0},"my_index":{"status":"green","number_of_shards":5,"number_of_replicas":1,"active_primary_shards":5,"active_shards":10,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0},".watcher-history-7-2023.12.12":{"status":"green","number_of_shards":1,"number_of_replicas":1,"active_primary_shards":1,"active_shards":2,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0},".monitoring-es-6-2023.12.09":{"status":"green","number_of_shards":1,"number_of_replicas":1,"active_primary_shards":1,"active_shards":2,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0},".watcher-history-7-2023.12.10":{"status":"green","number_of_shards":1,"number_of_replicas":1,"active_primary_shards":1,"active_shards":2,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0},".watches":{"status":"green","number_of_shards":1,"number_of_replicas":1,"active_primary_shards":1,"active_shards":2,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0},".security-6":{"status":"green","number_of_shards":1,"number_of_replicas":3,"active_primary_shards":1,"active_shards":4,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0}}}

当然了,我这个示例健康的很

4,

在使用的插件信息:

这个没什么好说的,我现在就只用了x-pack插件

[root@node1 x-pack]# curl -k -XGET https://192.168.123.11:19200/_cat/plugins  -uelastic
Enter host password for user 'elastic':
node-4 x-pack-core        6.2.4
node-4 x-pack-deprecation 6.2.4
node-4 x-pack-graph       6.2.4
node-4 x-pack-logstash    6.2.4
node-4 x-pack-ml          6.2.4
node-4 x-pack-monitoring  6.2.4
node-4 x-pack-security    6.2.4
node-4 x-pack-upgrade     6.2.4
node-4 x-pack-watcher     6.2.4
node-3 x-pack-core        6.2.4
node-3 x-pack-deprecation 6.2.4
node-3 x-pack-graph       6.2.4
node-3 x-pack-logstash    6.2.4
node-3 x-pack-ml          6.2.4
node-3 x-pack-monitoring  6.2.4
node-3 x-pack-security    6.2.4
node-3 x-pack-upgrade     6.2.4
node-3 x-pack-watcher     6.2.4
node-2 x-pack-core        6.2.4
node-2 x-pack-deprecation 6.2.4
node-2 x-pack-graph       6.2.4
node-2 x-pack-logstash    6.2.4
node-2 x-pack-ml          6.2.4
node-2 x-pack-monitoring  6.2.4
node-2 x-pack-security    6.2.4
node-2 x-pack-upgrade     6.2.4
node-2 x-pack-watcher     6.2.4
node-1 x-pack-core        6.2.4
node-1 x-pack-deprecation 6.2.4
node-1 x-pack-graph       6.2.4
node-1 x-pack-logstash    6.2.4
node-1 x-pack-ml          6.2.4
node-1 x-pack-monitoring  6.2.4
node-1 x-pack-security    6.2.4
node-1 x-pack-upgrade     6.2.4
node-1 x-pack-watcher     6.2.4

5,

通过api重置用户密码

这个比较有意思,现在是启用了https,那么,https的时候怎么通过api重置呢?

一开始报错如下:

[root@node1 ~]# curl -k -H "Content-Type:application/json" -XPOST -u elastic  ‘https://192.168.123.11:19200/_xpack/security/user/elastic/_password‘ -d ‘{ "password" : "123456" }
Enter host password for user 'elastic':
curl: (1) Protocol ‘https not supported or disabled in libcurl
curl: (6) Could not resolve host: password; Unknown error
curl: (6) Could not resolve host: ; Unknown error
curl: (7) Failed to connect to 0.1.226.64: Invalid argument
curl: (3) [globbing] unmatched close brace/bracket at pos 1

关键报错是Protocol ‘https not supported or disabled in libcurl,根据百度信息,说是curl命令可能不支持https,OK,curl -V 命令可以查询到,是支持https的,-k参数也添加了:

(不支持https的curl版本是curl 7.19.4,而我的版本是7.29.0

[root@node1 ~]# curl -V
curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.36 zlib/1.2.7 libidn/1.28 libssh2/1.4.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp 
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz unix-sockets 

OK,暂时无果后,继续找寻解决办法,有一个博文说了https也就是URL要使用双引号包裹,报错的命令里是单引号,那就试一试,命令更改为如下:

[root@node1 ~]# curl -k  -H "Content-Type:application/json" -XPOST -u elastic  "https://192.168.123.11:19200/_xpack/security/user/elastic/_password" -d '{ "password" : "123456" }'
Enter host password for user 'elastic':
{}

完美重置密码!!!

6,

查看所有用户的信息

[root@node1 ~]# curl -k  -H "Content-Type:application/json" -XGET   "https://192.168.123.11:19200/_xpack/security/user" -uelastic
Enter host password for user 'elastic':
{"elastic":{"username":"elastic","roles":["superuser"],"full_name":null,"email":null,"metadata":{"_reserved":true},"enabled":true},"kibana":{"username":"kibana","roles":["kibana_system"],"full_name":null,"email":null,"metadata":{"_reserved":true},"enabled":true},"logstash_system":{"username":"logstash_system","roles":["logstash_system"],"full_name":null,"email":null,"metadata":{"_reserved":true},"enabled":true}}
目录
相关文章
|
1月前
|
自然语言处理 大数据 应用服务中间件
大数据-172 Elasticsearch 索引操作 与 IK 分词器 自定义停用词 Nginx 服务
大数据-172 Elasticsearch 索引操作 与 IK 分词器 自定义停用词 Nginx 服务
60 5
|
1月前
|
存储 分布式计算 大数据
大数据-169 Elasticsearch 索引使用 与 架构概念 增删改查
大数据-169 Elasticsearch 索引使用 与 架构概念 增删改查
57 3
|
3月前
|
SQL JSON 大数据
ElasticSearch的简单介绍与使用【进阶检索】 实时搜索 | 分布式搜索 | 全文搜索 | 大数据处理 | 搜索过滤 | 搜索排序
这篇文章是Elasticsearch的进阶使用指南,涵盖了Search API的两种检索方式、Query DSL的基本语法和多种查询示例,包括全文检索、短语匹配、多字段匹配、复合查询、结果过滤、聚合操作以及Mapping的概念和操作,还讨论了Elasticsearch 7.x和8.x版本中type概念的变更和数据迁移的方法。
ElasticSearch的简单介绍与使用【进阶检索】 实时搜索 | 分布式搜索 | 全文搜索 | 大数据处理 | 搜索过滤 | 搜索排序
|
22天前
|
存储 人工智能 自然语言处理
Elasticsearch Inference API增加对阿里云AI的支持
本文将介绍如何在 Elasticsearch 中设置和使用阿里云的文本生成、重排序、稀疏向量和稠密向量服务,提升搜索相关性。
65 14
Elasticsearch Inference API增加对阿里云AI的支持
|
1月前
|
SQL 分布式计算 NoSQL
大数据-170 Elasticsearch 云服务器三节点集群搭建 测试运行
大数据-170 Elasticsearch 云服务器三节点集群搭建 测试运行
41 4
|
1月前
|
存储 JSON 监控
大数据-167 ELK Elasticsearch 详细介绍 特点 分片 查询
大数据-167 ELK Elasticsearch 详细介绍 特点 分片 查询
51 4
|
1月前
|
消息中间件 NoSQL Kafka
大数据-52 Kafka 基础概念和基本架构 核心API介绍 应用场景等
大数据-52 Kafka 基础概念和基本架构 核心API介绍 应用场景等
61 5
|
1月前
|
SQL 分布式计算 大数据
大数据-168 Elasticsearch 单机云服务器部署运行 详细流程
大数据-168 Elasticsearch 单机云服务器部署运行 详细流程
53 2
|
1月前
|
运维 监控 数据可视化
大数据-171 Elasticsearch ES-Head 与 Kibana 配置 使用 测试
大数据-171 Elasticsearch ES-Head 与 Kibana 配置 使用 测试
62 1
|
1月前
|
分布式计算 Java 大数据
大数据-147 Apache Kudu 常用 Java API 增删改查
大数据-147 Apache Kudu 常用 Java API 增删改查
28 1