--- title: Elasticsearch Back up a cluster’s security configuration tags: Elasticsearch description: View the slide with "Slide Mode". --- # Elasticsearch Back up a cluster’s security configuration [官方文件](https://www.elastic.co/guide/en/elasticsearch/reference/7.3/security-backup.html) - X-pack的功能 - 安全設定分別存在檔案及index中 ## Back up file-based security configuration :::warning File backups must run on every cluster node. ::: - `elasticsearch.yml` - `elasticsearch.keystore` - `TLS keys and certificates ` - `ES_PATH_CONF/roles.yml` * `ES_PATH_CONF/elasticsearch-users` the users and their hashed passwords * `ES_PATH_CONF/elasticsearch-users_roles` the user roles assignment * `ES_PATH_CONF/role_mapping.yml` defines the role assignments for a <font color=blue>Distinguished Name (DN) to a role.</font> This allows for LDAP and Active Directory groups and users and PKI users to be mapped to roles. See Mapping users and groups to roles. * `ES_PATH_CONF/log4j2.properties` contains audit information. See <font color=blue>Logfile audit output.</font> open distro的存放位置 `/usr/share/elasticsearch/plugins/opendistro_security/securityconfig` ## Back up index-based security configuration - `.security-7` in the 7.x releases - This data describes: * the definition of users in the native realm (including hashed passwords) * role definitions (defined via the create roles API) * role mappings (defined via the create role mappings API) * application privileges * API keys - 透過snapshot API 存放在特定的repository裡面，並且只授權給特定使用者 >[name=昱齊]這邊的role跟前面的檔案有什麼差別 #### the definition of users ```json= # GET /.security-7/_search { "_index" : ".security-7", "_type" : "_doc", "_id" : "user-user2", "_score" : 1.0, "_source" : { "username" : "user2", "password" : "$2a$10$cAcvBY4u7CX70u7iZSDN5O5HpbReAwUexTPcR2euBPepL7nylg/6e", "roles" : [ "my_test_role" ], "full_name" : "Jack Nicholson_v222222", "email" : "user2@example.com", "metadata" : { "intelligence" : 7 }, "enabled" : true, "type" : "user" } ``` #### role definition ```json= { "_index" : ".security-7", "_type" : "_doc", "_id" : "role-my_test_role2", "_score" : 1.0, "_source" : { "cluster" : [ "all" ], "indices" : [ { "names" : [ "test" ], "privileges" : [ "all" ], "allow_restricted_indices" : false } ], "applications" : [ ], "run_as" : [ ], "metadata" : { "version" : 2 }, "type" : "role" } } ```