[vulsee.com] elasticsearch 8.6.2 +Search Guard 部署

由于很多插件不支持ES8.7.1,重新换回ES8.6.2 下载

1、启动ES，记录密码，启动完毕后修改密码：

超级用户密码修改：

2、关闭ssl：

\config\elasticsearch.yml  启动后，将自动在该文件生成配置，修改其中的

xpack.security.http.ssl:
  enabled: false
  keystore.path: certs/http.p12

为

xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

3、安装插件Search Guard  下载：

Search Guard：这是 Elasticsearch 的安全和合规性插件，也可以用于管理和监控 Elasticsearch 集群。它支持 Elastic 8，并提供了一个丰富的用户界面。

elasticsearch-plugin.bat install -b file:l:\search-guard-flx-elasticsearch-plugin-1.1.1-es-8.6.2.zip

（

PS:

卸载插件：

elasticsearch-plugin.bat remove search-guard-flx

）

4、配置ssl

安装插件后运行报错：

查看elasticsearch.log：

java.lang.IllegalStateException: failed to load plugin class [com.floragunn.searchguard.SearchGuardPlugin]
	at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:618) ~[elasticsearch-8.6.2.jar:?]
	at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:493) ~[elasticsearch-8.6.2.jar:?]
	at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:290) ~[elasticsearch-8.6.2.jar:?]
	at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:159) ~[elasticsearch-8.6.2.jar:?]
	at org.elasticsearch.plugins.PluginsService.lambda$getPluginsServiceCtor$14(PluginsService.java:645) ~[elasticsearch-8.6.2.jar:?]
	at org.elasticsearch.node.Node.<init>(Node.java:415) ~[elasticsearch-8.6.2.jar:?]
	at org.elasticsearch.node.Node.<init>(Node.java:322) ~[elasticsearch-8.6.2.jar:?]
	at org.elasticsearch.bootstrap.Elasticsearch$2.<init>(Elasticsearch.java:214) ~[elasticsearch-8.6.2.jar:?]
	at org.elasticsearch.bootstrap.Elasticsearch.initPhase3(Elasticsearch.java:214) ~[elasticsearch-8.6.2.jar:?]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:67) ~[elasticsearch-8.6.2.jar:?]
Caused by: java.lang.reflect.InvocationTargetException
	at jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(DirectConstructorHandleAccessor.java:79) ~[?:?]
	at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]
	at java.lang.reflect.Constructor.newInstance(Constructor.java:484) ~[?:?]
	at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:609) ~[elasticsearch-8.6.2.jar:?]
	... 9 more
Caused by: org.elasticsearch.ElasticsearchException: searchguard.ssl.transport.keystore_filepath or searchguard.ssl.transport.pemkey_filepath must be set if transport ssl is reqested.
	at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.initTransportSSLConfig(DefaultSearchGuardKeyStore.java:371) ~[?:?]
	at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.initSSLConfig(DefaultSearchGuardKeyStore.java:222) ~[?:?]
	at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.<init>(DefaultSearchGuardKeyStore.java:143) ~[?:?]
	at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.<init>(SearchGuardSSLPlugin.java:219) ~[?:?]
	at com.floragunn.searchguard.SearchGuardPlugin.<init>(SearchGuardPlugin.java:256) ~[?:?]
	at jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(DirectConstructorHandleAccessor.java:67) ~[?:?]
	at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]
	at java.lang.reflect.Constructor.newInstance(Constructor.java:484) ~[?:?]
	at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:609) ~[elasticsearch-8.6.2.jar:?]
	... 9 more

提示 ：

searchguard.ssl.transport.keystore_filepath or searchguard.ssl.transport.pemkey_filepath must be set if transport ssl is reqested.

（1）下载工具  下载 配置TSL/SSL：

sgtlstool.bat -c ..\config\example.yml  -ca -crt

生成证书在/out/目录：

（2）根据官网：https://docs.search-guard.com/latest/tls-certificates-installer

直接运行plugins\search-guard-flx\tools\install_demo_configuration.sh：

\config\elasticsearch.yml 内容 如下 ：

######## Start Search Guard Demo Configuration ########
# WARNING: revise all the lines below before you go into production
searchguard.ssl.transport.pemcert_filepath: esnode.pem
searchguard.ssl.transport.pemkey_filepath: esnode-key.pem
searchguard.ssl.transport.pemtrustedcas_filepath: root-ca.pem
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.pemcert_filepath: esnode.pem
searchguard.ssl.http.pemkey_filepath: esnode-key.pem
searchguard.ssl.http.pemtrustedcas_filepath: root-ca.pem
searchguard.allow_unsafe_democertificates: true
searchguard.allow_default_init_sgindex: true
searchguard.authcz.admin_dn:
  - CN=kirk,OU=client,O=client,L=test, C=de

searchguard.audit.type: internal_elasticsearch
searchguard.check_snapshot_restore_write_privileges: true
searchguard.restapi.roles_enabled: ["SGS_ALL_ACCESS"]
cluster.routing.allocation.disk.threshold_enabled: false
cluster.name: searchguard_demo
xpack.security.enabled: false
xpack.security.autoconfiguration.enabled: false
######## End Search Guard Demo Configuration ########

但同时需要保证以下配置存在，

xpack.security.http.ssl:
  enabled: false
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes

xpack.security.transport.ssl:
  enabled: false
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12

否则会报错，（我这里是这样的情况….）

java.lang.IllegalArgumentException: Cannot have additional setting [transport.type] in plugin [x-pack-security], already added in plugin [search-guard-flx]
	at org.elasticsearch.node.Node.mergePluginSettings(Node.java:1697) ~[elasticsearch-8.6.2.jar:?]
	at org.elasticsearch.node.Node.<init>(Node.java:416) ~[elasticsearch-8.6.2.jar:?]
	at org.elasticsearch.node.Node.<init>(Node.java:322) ~[elasticsearch-8.6.2.jar:?]
	at org.elasticsearch.bootstrap.Elasticsearch$2.<init>(Elasticsearch.java:214) ~[elasticsearch-8.6.2.jar:?]
	at org.elasticsearch.bootstrap.Elasticsearch.initPhase3(Elasticsearch.java:214) ~[elasticsearch-8.6.2.jar:?]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:67) ~[elasticsearch-8.6.2.jar:?]

安装完毕search guard插件之后，再次访问127.0.0.1:9200，使用ES密码无法登录，可使用admin/admin登录：

对应文件\plugins\search-guard-flx\sgconfig\sg_internal_users.yml：

以上操作完毕，es正常启动，在chrome中使用了插件elasticvue、Multi Elasticsearch Head

最后，ES确认耗内存：