- Shield Reference for 2.x and 1.x:
- Introduction
- Getting Started with Shield
- How Shield Works
- Installing Shield
- Setting Up User Authentication
- Managing Users in an esusers Realm
- Configuring Role-based Access Control
- Configuring Auditing
- Securing Communications with Encryption and IP Filtering
- Configuring Clients and Integrations
- Managing Shield Licenses
- Example Shield Deployments
- Reference
- Limitations
- Troubleshooting
- Setting Up a Certificate Authority
- Release Notes
Getting Started with Shield
editGetting Started with Shield
editThis getting started guide walks you through installing Shield, setting up basic authentication, and getting started with role-based access control. You can install Shield on nodes running Elasticsearch 1.5 or later.
The Shield plugin must be installed on every node in the cluster and every node must be restarted after installation. Plan for a complete cluster restart before beginning the installation process.
To install and run Shield:
-
Run
bin/plugin-i fromES_HOMEto install the license plugin.bin/plugin -i elasticsearch/license/latest
-
Run
bin/plugin -ito install the Shield plugin.bin/plugin -i elasticsearch/shield/latest
If you are using a DEB/RPM distribution of Elasticsearch, you need to specify the configuration directory and run the installation with superuser permissions. To perform an offline installation, download the Shield binaries.
-
Start Elasticsearch.
bin/elasticsearch
-
To verify that Shield is up and running, check the startup log entries. When Shield is operating normally, the log indicates that the network transports are using Shield:
[2014-10-09 13:47:38,841][INFO ][transport ] [Ezekiel Stane] Using [org.elasticsearch.shield.transport.ShieldServerTransportService] as transport service, overridden by [shield] [2014-10-09 13:47:38,841][INFO ][transport ] [Ezekiel Stane] Using [org.elasticsearch.shield.transport.netty.ShieldNettyTransport] as transport, overridden by [shield] [2014-10-09 13:47:38,842][INFO ][http ] [Ezekiel Stane] Using [org.elasticsearch.shield.transport.netty.ShieldNettyHttpServerTransport] as http transport, overridden by [shield]
Now you’re ready to secure your cluster! Here are a few things you might want to do to start with: