64 lines
2.9 KiB
Plaintext
64 lines
2.9 KiB
Plaintext
[[getting-started]]
|
|
== Getting Started with Shield
|
|
|
|
This getting started guide walks you through installing Shield, setting up basic authentication, and getting started with role-based
|
|
access control. You can install Shield on nodes running Elasticsearch {version}.
|
|
|
|
IMPORTANT: The Shield plugin must be installed on every node in the cluster. If you are installing
|
|
to a live cluster, you must stop all of the nodes, install Shield, and restart the nodes. You cannot
|
|
perform a rolling restart to install Shield.
|
|
|
|
To install and run Shield:
|
|
|
|
. Run `bin/plugin install` from `ES_HOME` to install the license plugin.
|
|
+
|
|
[source,shell]
|
|
----------------------------------------------------------
|
|
bin/plugin install license
|
|
----------------------------------------------------------
|
|
|
|
. Run `bin/plugin install` to install the Shield plugin.
|
|
+
|
|
[source,shell]
|
|
----------------------------------------------------------
|
|
bin/plugin install shield
|
|
----------------------------------------------------------
|
|
+
|
|
NOTE: If you are using a <<deb-rpm-install, DEB/RPM distribution>> of Elasticsearch, you need to specify the configuration directory and run the installation with superuser permissions. To perform an offline installation, <<offline-install,download the Shield binaries>>.
|
|
|
|
. Start Elasticsearch.
|
|
+
|
|
[source,shell]
|
|
----------------------------------------------------------
|
|
bin/elasticsearch
|
|
----------------------------------------------------------
|
|
|
|
. To verify that Shield is up and running, use the `_shield` API to get the Shield version:
|
|
+
|
|
[source,shell]
|
|
----------------------------------------------------------
|
|
curl -u es_admin -XGET 'http://localhost:9200/_shield'
|
|
----------------------------------------------------------
|
|
+
|
|
You can also check the startup log entries. When Shield is operating normally, the log indicates that the network transports are using Shield:
|
|
+
|
|
[source,shell]
|
|
----------------
|
|
[2014-10-09 13:47:38,841][INFO ][transport ] [Ezekiel Stane] Using [org.elasticsearch.shield.transport.ShieldServerTransportService] as transport service, overridden by [shield]
|
|
[2014-10-09 13:47:38,841][INFO ][transport ] [Ezekiel Stane] Using [org.elasticsearch.shield.transport.netty.ShieldNettyTransport] as transport, overridden by [shield]
|
|
[2014-10-09 13:47:38,842][INFO ][http ] [Ezekiel Stane] Using [org.elasticsearch.shield.transport.netty.ShieldNettyHttpServerTransport] as http transport, overridden by [shield]
|
|
----------------
|
|
|
|
|
|
Now you're ready to secure your cluster! Here are a few things
|
|
you might want to do to start with:
|
|
|
|
* <<enable-basic-auth, Control Access with Basic Authentication>>
|
|
* <<enable-message-authentication, Enable Message Authentication>>
|
|
* <<enable-auditing, Enable Auditing>>
|
|
|
|
include::getting-started/enable-basic-auth.asciidoc[]
|
|
include::getting-started/enable-message-authentication.asciidoc[]
|
|
include::getting-started/enable-auditing.asciidoc[]
|
|
include::getting-started/moving-on.asciidoc[]
|