55 lines
2.6 KiB
Plaintext
55 lines
2.6 KiB
Plaintext
[[getting-started-with-shield]]
|
|
== Getting Started with Shield
|
|
|
|
This getting started guide walks you through installing Shield, setting up basic authentication, and getting started with role-based
|
|
access control. You can install Shield on nodes running Elasticsearch 1.5 or later.
|
|
|
|
IMPORTANT: The Shield plugin must be installed on every node in the cluster and every
|
|
node must be restarted after installation. Plan for a complete cluster restart before beginning the installation process.
|
|
|
|
To install and run Shield:
|
|
|
|
. Run `bin/plugin` -i from `ES_HOME` to install the license plugin.
|
|
+
|
|
[source,shell]
|
|
----------------------------------------------------------
|
|
bin/plugin -i elasticsearch/license/latest
|
|
----------------------------------------------------------
|
|
|
|
. Run `bin/plugin -i` to install the Shield plugin.
|
|
+
|
|
[source,shell]
|
|
----------------------------------------------------------
|
|
bin/plugin -i elasticsearch/shield/latest
|
|
----------------------------------------------------------
|
|
+
|
|
NOTE: If you are using a <<deb-rpm-install, DEB/RPM distribution>> of Elasticsearch, you need to specify the configuration directory and run the installation with superuser permissions. To perform an offline installation, <<offline-install,download the Shield binaries>>.
|
|
|
|
. Start Elasticsearch.
|
|
+
|
|
[source,shell]
|
|
----------------------------------------------------------
|
|
bin/elasticsearch
|
|
----------------------------------------------------------
|
|
|
|
. To verify that Shield is up and running, check the startup log entries. When Shield is operating normally, the log indicates that the network transports are using Shield:
|
|
+
|
|
[source,shell]
|
|
----------------
|
|
[2014-10-09 13:47:38,841][INFO ][transport ] [Ezekiel Stane] Using [org.elasticsearch.shield.transport.ShieldServerTransportService] as transport service, overridden by [shield]
|
|
[2014-10-09 13:47:38,841][INFO ][transport ] [Ezekiel Stane] Using [org.elasticsearch.shield.transport.netty.ShieldNettyTransport] as transport, overridden by [shield]
|
|
[2014-10-09 13:47:38,842][INFO ][http ] [Ezekiel Stane] Using [org.elasticsearch.shield.transport.netty.ShieldNettyHttpServerTransport] as http transport, overridden by [shield]
|
|
----------------
|
|
|
|
Now you're ready to secure your cluster! Here are a few things
|
|
you might want to do to start with:
|
|
|
|
* <<enable-basic-auth, Control Access with Basic Authentication>>
|
|
* <<enable-message-authentication, Enable Message Authentication>>
|
|
* <<enable-auditing, Enable Auditing>>
|
|
|
|
include::getting-started/enable-basic-auth.asciidoc[]
|
|
include::getting-started/enable-message-authentication.asciidoc[]
|
|
include::getting-started/enable-auditing.asciidoc[]
|
|
include::getting-started/moving-on.asciidoc[]
|