OpenSearch/shield/docs/public/getting-started.asciidoc

57 lines
2.6 KiB
Plaintext
Raw Normal View History

[[getting-started]]
== Getting Started with Shield
This getting started guide walks you through installing Shield, setting up basic authentication, and getting started with role-based
access control. You can install Shield on nodes running Elasticsearch {version}.
IMPORTANT: The Shield plugin must be installed on every node in the cluster. If you are installing
to a live cluster, you must stop all of the nodes, install Shield, and restart the nodes. You cannot
perform a rolling restart to install Shield.
To install and run Shield:
. Run `bin/plugin install` from `ES_HOME` to install the license plugin.
+
[source,shell]
----------------------------------------------------------
bin/plugin install license
----------------------------------------------------------
. Run `bin/plugin install` to install the Shield plugin.
+
[source,shell]
----------------------------------------------------------
bin/plugin install shield
----------------------------------------------------------
+
NOTE: If you are using a <<deb-rpm-install, DEB/RPM distribution>> of Elasticsearch, you need to run the installation with superuser permissions. To perform an offline installation, <<offline-install,download the Shield binaries>>.
. Start Elasticsearch.
+
[source,shell]
----------------------------------------------------------
bin/elasticsearch
----------------------------------------------------------
. To verify that Shield is up and running, check the startup log entries. When Shield is operating
normally, the log indicates that the network transports are using Shield:
+
[source,shell]
----------------
[2014-10-09 13:47:38,841][INFO ][transport ] [Ezekiel Stane] Using [org.elasticsearch.shield.transport.ShieldServerTransportService] as transport service, overridden by [shield]
[2014-10-09 13:47:38,841][INFO ][transport ] [Ezekiel Stane] Using [org.elasticsearch.shield.transport.netty.ShieldNettyTransport] as transport, overridden by [shield]
[2014-10-09 13:47:38,842][INFO ][http ] [Ezekiel Stane] Using [org.elasticsearch.shield.transport.netty.ShieldNettyHttpServerTransport] as http transport, overridden by [shield]
----------------
Now you're ready to secure your cluster! Here are a few things
you might want to do to start with:
* <<enable-basic-auth, Control Access with Basic Authentication>>
* <<enable-message-authentication, Enable Message Authentication>>
* <<enable-auditing, Enable Auditing>>
include::getting-started/enable-basic-auth.asciidoc[]
include::getting-started/enable-message-authentication.asciidoc[]
include::getting-started/enable-auditing.asciidoc[]
include::getting-started/moving-on.asciidoc[]