- Shield Reference for 2.x and 1.x:
- Introduction
- Getting Started with Shield
- Installing Shield
- How Shield Works
- User Authentication
- How Authentication Works
- Enabling Anonymous Access [1.1.0] Added in 1.1.0.
- Native User Authentication
- LDAP User Authentication
- Active Directory User Authentication
- PKI User Authentication [1.3.0] Added in 1.3.0.
- File-based User Authentication
- Integrating with Other Authentication Systems
- Controlling the User Cache
- Migration tool for users and roles
- Role-based Access Control
- Auditing Security Events
- Securing Communications with Encryption and IP Filtering
- Configuring Clients and Integrations
- Managing Your License
- Example Shield Deployments
- Reference
- Limitations
- Troubleshooting
- Setting Up a Certificate Authority
- Release Notes
Getting Started with Shield
editGetting Started with Shield
editThis getting started guide walks you through installing Shield, setting up basic authentication, and getting started with role-based access control. You can install Shield on nodes running Elasticsearch 2.4.6.
The Shield plugin must be installed on every node in the cluster. If you are installing to a live cluster, you must stop all of the nodes, install Shield, and restart the nodes. You cannot perform a rolling restart to install Shield.
To install and run Shield:
-
Run
bin/plugin install
fromES_HOME
to install the license plugin.bin/plugin install license
-
Run
bin/plugin install
to install the Shield plugin into Elasticsearch.bin/plugin install shield
If you are using a DEB/RPM distribution of Elasticsearch, you need to run the installation with superuser permissions. To perform an offline installation, download the Shield binaries.
-
If you have disabled automatic index creation in Elasticsearch, configure
action.auto_create_index
inelasticsearch.yml
to allow Shield to create the.security
index:action.auto_create_index: .security
Marvel and Watcher also store data in automatically created indices. If you are using Marvel, you must allow creation of the
.marvel-*
indices. If you are using Watcher, you must allow creation of the.watch-history-*
indices. -
Start Elasticsearch.
bin/elasticsearch
-
Check the startup log entries to verify that Shield is up and running. When Shield is operating normally, the log indicates that the network transports are using Shield:
[2014-10-09 13:47:38,841][INFO ][transport ] [Ezekiel Stane] Using [org.elasticsearch.shield.transport.ShieldServerTransportService] as transport service, overridden by [shield] [2014-10-09 13:47:38,841][INFO ][transport ] [Ezekiel Stane] Using [org.elasticsearch.shield.transport.netty.ShieldNettyTransport] as transport, overridden by [shield] [2014-10-09 13:47:38,842][INFO ][http ] [Ezekiel Stane] Using [org.elasticsearch.shield.transport.netty.ShieldNettyHttpServerTransport] as http transport, overridden by [shield]
Now you’re ready to secure your cluster! Here are a few things you might want to do to start with:
ElasticON events are back!
Learn about the Elastic Search AI Platform from the experts at our live events.
Register now