Getting Started with Shield

edit

Getting Started with Shield

edit

This getting started guide walks you through installing Shield, setting up basic authentication, and getting started with role-based access control. You can install Shield on nodes running Elasticsearch 2.0.0.

The Shield plugin must be installed on every node in the cluster. If you are installing to a live cluster, you must stop all of the nodes, install Shield, and restart the nodes. You cannot perform a rolling restart to install Shield.

To install and run Shield:

  1. Run bin/plugin install from ES_HOME to install the license plugin.

    bin/plugin install license
  2. Run bin/plugin install to install the Shield plugin.

    bin/plugin install shield

    If you are using a DEB/RPM distribution of Elasticsearch, you need to run the installation with superuser permissions. To perform an offline installation, download the Shield binaries.

  3. Start Elasticsearch.

    bin/elasticsearch
  4. To verify that Shield is up and running, check the startup log entries. When Shield is operating normally, the log indicates that the network transports are using Shield:

    [2014-10-09 13:47:38,841][INFO ][transport ] [Ezekiel Stane] Using [org.elasticsearch.shield.transport.ShieldServerTransportService] as transport service, overridden by [shield]
    [2014-10-09 13:47:38,841][INFO ][transport ] [Ezekiel Stane] Using [org.elasticsearch.shield.transport.netty.ShieldNettyTransport] as transport, overridden by [shield]
    [2014-10-09 13:47:38,842][INFO ][http      ] [Ezekiel Stane] Using [org.elasticsearch.shield.transport.netty.ShieldNettyHttpServerTransport] as http transport, overridden by [shield]

Now you’re ready to secure your cluster! Here are a few things you might want to do to start with: