elasticsearch 如何在ElasticSearch 5.3中启用匿名访问

我刚刚下载了ElasticSearch、LogStash和Kibana版本5.3（直到几个小时前我还在使用5.2.something）。我在每只麋鹿身上都安装了XPack。从那以后，我再也不能使用logstash了

日志存储错误：

./logstash-f/log_to_elastic53.conf

...
    [2017-04-06T19:25:55,704][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>#<URI::HTTP:0x3c6582db URL:http://127.0.0.1:9200/>, :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :error=>"Got response code '401' contacting Elasticsearch at URL 'http://127.0.0.1:9200/'"}

input { stdin { } }
output {
  elasticsearch { hosts => ["127.0.0.1:9200"] }
  stdout { codec => rubydebug }
}

我将ElasticSearch设置为以这种方式接受匿名呼叫：

来源想法：

elasticsearch.yml

xpack.security.authc:
  anonymous:
    username: anonymous_user 
    roles: role1, role2 
    authz_exception: false

另外，我在authz_例外中尝试了false/true

有趣的是，Kibana也在抱怨一些许可，但我想知道这是否与Debian而非ELK有关：未能提取phantom.js存档

/基巴纳

undefined accessed the autoload lists which are no longer available via the Plugin API.Use the `ui/autoload/*` modules instead.
undefined accessed the autoload lists which are no longer available via the Plugin API.Use the `ui/autoload/*` modules instead.
  log   [22:24:55.244] [warning] Plugin "Sense" was disabled because it expected Kibana version "2.0.0-snapshot", and found "5.3.0".
  log   [22:24:55.499] [info][status][plugin:kibana@5.3.0] Status changed from uninitialized to green - Ready
  log   [22:24:55.568] [info][status][plugin:elasticsearch@5.3.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch
  log   [22:24:55.575] [info][status][plugin:xpack_main@5.3.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch
  log   [22:24:55.739] [info][status][plugin:graph@5.3.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch
  log   [22:24:55.747] [info][status][plugin:monitoring@5.3.0] Status changed from uninitialized to green - Ready
  log   [22:24:55.751] [warning][reporting] Generating a random key for xpack.reporting.encryptionKey. To prevent pending reports from failing on restart, please set xpack.reporting.encryptionKey in kibana.yml
  log   [22:24:55.756] [info][status][plugin:reporting@5.3.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch
  log   [22:24:55.958] [error][reporting] ExtractError: Failed to extract the phantom.js archive
    at Extract.<anonymous> (/home/demetrio/Servers/DBs/kibana-5.3.0-amd64/usr/share/kibana/plugins/x-pack/plugins/reporting/server/lib/extract/bunzip2.js:18:16)
    at emitOne (events.js:101:20)
    at Extract.emit (events.js:188:7)
    at Extract.destroy (/home/demetrio/Servers/DBs/kibana-5.3.0-amd64/usr/share/kibana/plugins/x-pack/node_modules/tar-stream/extract.js:191:17)
    at onunlock (/home/demetrio/Servers/DBs/kibana-5.3.0-amd64/usr/share/kibana/plugins/x-pack/node_modules/tar-stream/extract.js:69:26)
    at stat (/home/demetrio/Servers/DBs/kibana-5.3.0-amd64/usr/share/kibana/plugins/x-pack/node_modules/tar-fs/index.js:232:23)
    at /home/demetrio/Servers/DBs/kibana-5.3.0-amd64/usr/share/kibana/plugins/x-pack/node_modules/mkdirp/index.js:46:53
    at FSReqWrap.oncomplete (fs.js:123:15)
  log   [22:24:55.959] [error][reporting] Error: EACCES: permission denied, mkdir '/var/lib/kibana/phantomjs-2.1.1-linux-x86_64'
    at Error (native)
  log   [22:24:55.960] [error][status][plugin:reporting@5.3.0] Status changed from yellow to red - Insufficient permissions for extracting the phantom.js archive. Make sure the Kibana data directory (path.data) is owned by the same user that is running Kibana.
  log   [22:24:55.968] [info][status][plugin:security@5.3.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch
  log   [22:24:55.969] [warning][security] Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in kibana.yml
  log   [22:24:55.972] [warning][security] Session cookies will be transmitted over insecure connections. This is not recommended.
  log   [22:24:56.022] [info][status][plugin:searchprofiler@5.3.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch
  log   [22:24:56.033] [info][status][plugin:tilemap@5.3.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch
  log   [22:24:56.042] [info][status][plugin:console@5.3.0] Status changed from uninitialized to green - Ready
  log   [22:24:56.217] [info][status][plugin:elasticsearch@5.3.0] Status changed from yellow to green - Kibana index ready
  log   [22:24:56.219] [info][status][plugin:timelion@5.3.0] Status changed from uninitialized to green - Ready
  log   [22:24:56.223] [info][listening] Server running at http://localhost:5601
  log   [22:24:56.225] [info][status][ui settings] Status changed from uninitialized to green - Ready
  log   [22:24:56.355] [info][license][xpack] Imported license information from Elasticsearch: mode: trial | status: active | expiry date: 2017-05-06T18:53:19-03:00
  log   [22:24:56.365] [info][status][plugin:monitoring@5.3.0] Status changed from green to yellow - Waiting for Monitoring Health Check
  log   [22:24:56.368] [info][status][plugin:xpack_main@5.3.0] Status changed from yellow to green - Ready
  log   [22:24:56.369] [info][status][plugin:graph@5.3.0] Status changed from yellow to green - Ready
  log   [22:24:56.370] [info][status][plugin:reporting@5.3.0] Status changed from red to green - Ready
  log   [22:24:56.371] [info][status][plugin:security@5.3.0] Status changed from yellow to green - Ready
  log   [22:24:56.371] [info][status][plugin:searchprofiler@5.3.0] Status changed from yellow to green - Ready
  log   [22:24:56.372] [info][status][plugin:tilemap@5.3.0] Status changed from yellow to green - Ready
  log   [22:24:58.357] [info][status][plugin:monitoring@5.3.0] Status changed from yellow to green - Ready

undefined访问了自动加载列表，这些列表不再通过插件API可用。请改用`ui/autoload/*`模块。
undefined访问的自动加载列表不再通过插件API可用。请改用'ui/autoload/*`模块。
日志[22:24:55.244][警告]插件“Sense”已禁用，因为它期望Kibana版本为“2.0.0-snapshot”，并找到“5.3.0”。
日志[22:24:55.499][info][status][plugin:kibana@5.3.0]状态从未初始化更改为绿色-就绪
日志[22:24:55.568][info][status][plugin:elasticsearch@5.3.0]状态从未初始化更改为黄色-等待Elasticsearch
日志[22:24:55.575][info][status][plugin:xpack_main@5.3.0]状态从未初始化更改为黄色-等待Elasticsearch
日志[22:24:55.739][info][status][plugin:graph@5.3.0]状态从未初始化更改为黄色-等待Elasticsearch
日志[22:24:55.747][info][status][plugin:monitoring@5.3.0]状态从未初始化更改为绿色-就绪
日志[22:24:55.751][warning][reporting]为xpack.reporting.encryptionKey生成随机密钥。要防止挂起的报告在重新启动时失败，请在kibana.yml中设置xpack.reporting.encryptionKey
日志[22:24:55.756][info][status][plugin:reporting@5.3.0]状态从未初始化更改为黄色-等待Elasticsearch
日志[22:24:55.958][错误][报告]提取错误：未能提取phantom.js存档
提取。（/home/demetrio/Servers/DBs/kibana-5.3.0-amd64/usr/share/kibana/plugins/x-pack/plugins/reporting/server/lib/extract/bunzip2.js:18:16）
在emitOne（events.js:101:20）
在Extract.emit（events.js:188:7）
在Extract.destroy（/home/demetrio/Servers/DBs/kibana-5.3.0-amd64/usr/share/kibana/plugins/x-pack/node_modules/tar stream/Extract.js:191:17）
在onunlock（/home/demetrio/Servers/DBs/kibana-5.3.0-amd64/usr/share/kibana/plugins/x-pack/node_modules/tar stream/extract.js:69:26）
在stat（/home/demetrio/Servers/DBs/kibana-5.3.0-amd64/usr/share/kibana/plugins/x-pack/node_modules/tar fs/index.js:232:23）
at/home/demetrio/Servers/DBs/kibana-5.3.0-amd64/usr/share/kibana/plugins/x-pack/node_modules/mkdirp/index.js:46:53
在FSReqWrap.oncomplete（fs.js:123:15）
日志[22:24:55.959][error][reporting]错误：EACCES:permission denied，mkdir'/var/lib/kibana/phantomjs-2.1.1-linux-x86_64'
错误（本机）
日志[22:24:55.960][error][status][plugin:reporting@5.3.0]状态从黄色更改为红色-提取phantom.js存档的权限不足。确保Kibana数据目录（path.data）由运行Kibana的同一用户拥有。
日志[22:24:55.968][info][status][plugin:security@5.3.0]状态从未初始化更改为黄色-等待Elasticsearch
日志[22:24:55.969][warning][security]为xpack.security.encryptionKey生成随机密钥。要防止会话在重新启动时失效，请在kibana.yml中设置xpack.security.encryptionKey
日志[22:24:55.972][warning][security]会话cookie将通过不安全的连接传输。不建议这样做。
日志[22:24:56.022][info][status][plugin:searchprofiler@5.3.0]状态从未初始化更改为黄色-等待Elasticsearch
日志[22:24:56.033][info][status][plugin:tilemap@5.3.0]状态从未初始化更改为黄色-等待Elasticsearch
日志[22:24:56.042][info][status][plugin:console@5.3.0]状态从未初始化更改为绿色-就绪
日志[22:24:56.217][info][status][plugin:elasticsearch@5.3.0]状态从黄色变为绿色-Kibana索引就绪
日志[22:24:56.219][info][status][plugin:timelion@5.3.0]状态从未初始化更改为绿色-就绪
正在运行的日志[22:24:56.223][info][listing]服务器http://localhost:5601
日志[22:24:56.225][info][status][ui settings]状态从未初始化更改为绿色-就绪
日志[22:24:56.355][info][license][xpack]从Elasticsearch导入的许可证信息：模式：试用|状态：活动|到期日期：2017-05-06T18:53:19-03:00
日志[22:24:56.365][info][status][plugin:monitoring@5.3.0]状态从绿色变为黄色-等待监控运行状况检查
日志[22:24:56.368][info][status][plugin:xpack_main@5.3.0]状态从黄色更改为绿色-就绪
日志[22:24:56.369][info][status][plugin:graph@5.3.0]状态从黄色更改为绿色-就绪
日志[22:24:56.370][info][status][plugin:reporting@5.3.0]状态从红色更改为绿色-就绪
日志[22:24:56.371][info][status][plugin:security@5.3.0]状态从黄色更改为绿色-就绪
日志[22:24:56.371][info][status][plugin:searchprofiler@5.3.0]状态从黄色更改为绿色-就绪
日志[22:24:56.372][info][status][plugin:tilemap@5.3.0]状态从黄色更改为绿色-就绪
日志[22:24:58.357][info][status][plugin:monitoring@5.3.0]状态从黄色更改为绿色-就绪

您可以按照以下步骤为Logstash配置角色和用户，以连接Elasticsearch，而不允许具有高安全风险的匿名访问

Logstash需要能够管理索引模板、创建索引以及在其创建的索引中写入和删除文档

设置身份验证凭据

POST _xpack/security/role/logstash_writer
{
  "cluster": ["manage_index_templates", "monitor"],
  "indices": [
    {
      "names": [ "logstash-*" ], 
      "privileges": ["write","delete","create_index"]
    }
  ]
}

POST _xpack/security/user/logstash_internal
{
  "password" : "changeme",
  "roles" : [ "logstash_writer"],
  "full_name" : "Internal Logstash User"
}

input {
    ...
    user => logstash_internal
    password => changeme
  }
filter {
    ...
    user => logstash_internal
    password => changeme
  }
output {
  elasticsearch {
    ...
    user => logstash_internal
    password => changeme
  }