forked from laiweijian4/doc-exports
Wuwan, Qi
050b395397
Reviewed-by: Kacur, Michal <michal.kacur@t-systems.com> Co-authored-by: Wuwan, Qi <wuwanqi1@noreply.gitea.eco.tsi-dev.otc-service.com> Co-committed-by: Wuwan, Qi <wuwanqi1@noreply.gitea.eco.tsi-dev.otc-service.com>
83 lines
18 KiB
HTML
83 lines
18 KiB
HTML
<a name="css_01_0158"></a><a name="css_01_0158"></a>
|
|
|
|
<h1 class="topictitle1">Changing the Security Mode</h1>
|
|
<div id="body0000001410060261"><div class="p" id="css_01_0158__en-us_topic_0000001410060261_p19544632102712">After a cluster is created, its security mode can be changed using the following methods:<ul id="css_01_0158__en-us_topic_0000001410060261_ul6461397294"><li id="css_01_0158__en-us_topic_0000001410060261_li11461491299"><a href="#css_01_0158__en-us_topic_0000001410060261_section17593143823914">Switching from the Non-Security Mode to Security Mode</a></li><li id="css_01_0158__en-us_topic_0000001410060261_li15957191012292"><a href="#css_01_0158__en-us_topic_0000001410060261_section93951219134016">Switching from the Security to Non-Security Mode</a></li><li id="css_01_0158__en-us_topic_0000001410060261_li511618179292"><a href="#css_01_0158__en-us_topic_0000001410060261_section672993904118">Switching the Protocol of Security Clusters</a></li></ul>
|
|
</div>
|
|
<div class="section" id="css_01_0158__en-us_topic_0000001410060261_section9571330173113"><h4 class="sectiontitle">Context</h4><div class="p" id="css_01_0158__en-us_topic_0000001410060261_p158091614123613">You can create clusters in multiple security modes. For details about the differences between security modes, see <a href="#css_01_0158__en-us_topic_0000001410060261_table198661437165914">Table 1</a>.
|
|
<div class="tablenoborder"><a name="css_01_0158__en-us_topic_0000001410060261_table198661437165914"></a><a name="en-us_topic_0000001410060261_table198661437165914"></a><table cellpadding="4" cellspacing="0" summary="" id="css_01_0158__en-us_topic_0000001410060261_table198661437165914" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Cluster security modes</caption><thead align="left"><tr id="css_01_0158__en-us_topic_0000001410060261_row7867123765912"><th align="left" class="cellrowborder" valign="top" width="15.57%" id="mcps1.3.2.2.2.2.5.1.1"><p id="css_01_0158__en-us_topic_0000001410060261_p15867183785917">Security Mode</p>
|
|
</th>
|
|
<th align="left" class="cellrowborder" valign="top" width="34.43%" id="mcps1.3.2.2.2.2.5.1.2"><p id="css_01_0158__en-us_topic_0000001410060261_p1386720375591">Scenario</p>
|
|
</th>
|
|
<th align="left" class="cellrowborder" valign="top" width="25%" id="mcps1.3.2.2.2.2.5.1.3"><p id="css_01_0158__en-us_topic_0000001410060261_p12867123718593">Advantage</p>
|
|
</th>
|
|
<th align="left" class="cellrowborder" valign="top" width="25%" id="mcps1.3.2.2.2.2.5.1.4"><p id="css_01_0158__en-us_topic_0000001410060261_p1186723705918">Disadvantage</p>
|
|
</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody><tr id="css_01_0158__en-us_topic_0000001410060261_row986733765917"><td class="cellrowborder" valign="top" width="15.57%" headers="mcps1.3.2.2.2.2.5.1.1 "><p id="css_01_0158__en-us_topic_0000001410060261_p2867143711592">Non-Security Mode</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="34.43%" headers="mcps1.3.2.2.2.2.5.1.2 "><p id="css_01_0158__en-us_topic_0000001410060261_p7867123745914">Intranet services and test scenarios</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.2.2.2.5.1.3 "><p id="css_01_0158__en-us_topic_0000001410060261_p15867137195915">Simple. Easy to access.</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.2.2.2.5.1.4 "><p id="css_01_0158__en-us_topic_0000001410060261_p1386718371595">Poor security. Anyone can access such clusters.</p>
|
|
</td>
|
|
</tr>
|
|
<tr id="css_01_0158__en-us_topic_0000001410060261_row686743705917"><td class="cellrowborder" valign="top" width="15.57%" headers="mcps1.3.2.2.2.2.5.1.1 "><p id="css_01_0158__en-us_topic_0000001410060261_p48671437125910">Security Mode + HTTP Protocol</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="34.43%" headers="mcps1.3.2.2.2.2.5.1.2 "><p id="css_01_0158__en-us_topic_0000001410060261_p7867337165912">User permissions can be isolated, which is applicable to scenarios sensitive to cluster performance.</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.2.2.2.5.1.3 "><p id="css_01_0158__en-us_topic_0000001410060261_p198671737105912">Security authentication is required for accessing such clusters, which improves cluster security. Accessing a cluster through HTTP protocol can retain the high performance of the cluster.</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.2.2.2.5.1.4 "><p id="css_01_0158__en-us_topic_0000001410060261_p38671237155920">Cannot be accessed from the public network.</p>
|
|
</td>
|
|
</tr>
|
|
<tr id="css_01_0158__en-us_topic_0000001410060261_row386713755917"><td class="cellrowborder" valign="top" width="15.57%" headers="mcps1.3.2.2.2.2.5.1.1 "><p id="css_01_0158__en-us_topic_0000001410060261_p2086723715917">Security Mode + HTTPS Protocol</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="34.43%" headers="mcps1.3.2.2.2.2.5.1.2 "><p id="css_01_0158__en-us_topic_0000001410060261_p5867153717599">Scenarios that require high security and public network access.</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.2.2.2.5.1.3 "><p id="css_01_0158__en-us_topic_0000001410060261_p128672370595">Security authentication is required for accessing such clusters, which improves cluster security. HTTPS protocol allows public network to access such clusters.</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.2.2.2.2.5.1.4 "><p id="css_01_0158__en-us_topic_0000001410060261_p18674376597">The performance of clusters using HTTPS is 20% lower than that of using HTTP.</p>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="section" id="css_01_0158__en-us_topic_0000001410060261_section11686944145218"><h4 class="sectiontitle">Prerequisites</h4><ul id="css_01_0158__en-us_topic_0000001410060261_ul1591084613458"><li id="css_01_0158__en-us_topic_0000001410060261_li110618485457">You are advised to back up data before changing the cluster security mode.</li><li id="css_01_0158__en-us_topic_0000001410060261_li13362154154518">The target cluster is available and has no tasks in progress.</li></ul>
|
|
</div>
|
|
<div class="section" id="css_01_0158__en-us_topic_0000001410060261_section1328991532319"><h4 class="sectiontitle">Constraints</h4><ul id="css_01_0158__en-us_topic_0000001410060261_ul16442162515506"><li id="css_01_0158__en-us_topic_0000001410060261_li8140123023317">Only clusters (whose version is 6.5.4 or later) created after November 2022 support security mode switching.</li><li id="css_01_0158__en-us_topic_0000001410060261_li1442425195012">A cluster automatically restarts when its security mode is being changed. Services are interrupted during the restart. The authentication mode for invoking the cluster will change after the restart, and client configurations need to be adjusted accordingly.</li><li id="css_01_0158__en-us_topic_0000001410060261_li14261172715014">If a cluster has already opened the Kibana session box, a session error message will be displayed after you change the cluster security mode. In this case, clear the cache and open Kibana again.</li></ul>
|
|
</div>
|
|
<div class="section" id="css_01_0158__en-us_topic_0000001410060261_section17593143823914"><a name="css_01_0158__en-us_topic_0000001410060261_section17593143823914"></a><a name="en-us_topic_0000001410060261_section17593143823914"></a><h4 class="sectiontitle">Switching from the Non-Security Mode to Security Mode</h4><p id="css_01_0158__en-us_topic_0000001410060261_p1177341319142">You can change a non-security cluster to a security cluster that uses HTTP or HTTPS. After a cluster's security mode is enabled, security authentication is required for accessing the cluster.</p>
|
|
<ol id="css_01_0158__en-us_topic_0000001410060261_ol17819172318217"><li id="css_01_0158__en-us_topic_0000001410060261_li16819523122116">Log in to the <span id="css_01_0158__en-us_topic_0000001410060261_text1381922316216">CSS</span> management console.</li><li id="css_01_0158__li108716541501">In the navigation pane, choose a cluster type. The cluster management page is displayed.</li><li id="css_01_0158__en-us_topic_0000001285669680_li17735636141417">Choose <strong id="css_01_0158__b13569956192213">More</strong> > <strong id="css_01_0158__b1056995616220">Modify Configuration</strong> in the <strong id="css_01_0158__b14570456162215">Operation</strong> column of the target cluster. The <strong id="css_01_0158__b1057045652216">Modify Configuration</strong> page is displayed.</li><li id="css_01_0158__en-us_topic_0000001410060261_li38201323122119">Choose the <strong id="css_01_0158__en-us_topic_0000001410060261_b19925203184618">Configure Security Mode</strong> tab.</li><li id="css_01_0158__en-us_topic_0000001410060261_li17820423172118">Enable the security mode. Enter and confirm the administrator password of the cluster.<div class="fignone" id="css_01_0158__en-us_topic_0000001410060261_fig19444818202516"><span class="figcap"><b>Figure 1 </b>Enabling the security mode</span><br><span><img id="css_01_0158__en-us_topic_0000001410060261_image2444171816253" src="en-us_image_0000001714921945.png"></span></div>
|
|
</li><li id="css_01_0158__en-us_topic_0000001410060261_li28901330102310">Enable or disable <strong id="css_01_0158__en-us_topic_0000001410060261_b11879175354816">HTTPS Access</strong>.<ul id="css_01_0158__en-us_topic_0000001410060261_ul279622852614"><li id="css_01_0158__en-us_topic_0000001410060261_li37961728102613">If you enable <strong id="css_01_0158__en-us_topic_0000001410060261_b197602414212">HTTPS Access</strong>: The HTTPS protocol is used to encrypt cluster communication and you can configure public networks to access the cluster.</li><li id="css_01_0158__en-us_topic_0000001410060261_li157967286260">If you disable <strong id="css_01_0158__en-us_topic_0000001410060261_b06221513211">HTTPS Access</strong>: The HTTP protocol is used and you cannot configure public networks to access the cluster.</li></ul>
|
|
</li><li id="css_01_0158__en-us_topic_0000001410060261_li1049844911124">Click <strong id="css_01_0158__en-us_topic_0000001410060261_b1089016512220">Submit</strong>. Confirm the information and the cluster list page is displayed.<p id="css_01_0158__en-us_topic_0000001410060261_p10384125013121">The <strong id="css_01_0158__en-us_topic_0000001410060261_b20975949153215">Task Status</strong> of the cluster is <strong id="css_01_0158__en-us_topic_0000001410060261_b1487195193314">The security mode is changing</strong>. When the cluster status changes to <strong id="css_01_0158__en-us_topic_0000001410060261_b1968615201335">Available</strong>, the security mode has been successfully changed.</p>
|
|
</li></ol>
|
|
</div>
|
|
<div class="section" id="css_01_0158__en-us_topic_0000001410060261_section93951219134016"><a name="css_01_0158__en-us_topic_0000001410060261_section93951219134016"></a><a name="en-us_topic_0000001410060261_section93951219134016"></a><h4 class="sectiontitle">Switching from the Security to Non-Security Mode</h4><p id="css_01_0158__en-us_topic_0000001410060261_p1244611277217">You can change a security cluster that uses HTTP or HTTPS to a non-security cluster. After a cluster's security mode is disabled, security authentication is no longer required for accessing the cluster.</p>
|
|
<div class="notice" id="css_01_0158__en-us_topic_0000001410060261_note1352401151217"><span class="noticetitle"><img src="public_sys-resources/notice_3.0-en-us.png"> </span><div class="noticebody"><ul id="css_01_0158__en-us_topic_0000001410060261_ul1093191512125"><li id="css_01_0158__en-us_topic_0000001410060261_li15854114381519">Clusters in non-security mode can be accessed without security authentication, and HTTP protocol is used to transmit data. Ensure the security of the cluster access environment and do not expose the access interface to the public network.</li><li id="css_01_0158__en-us_topic_0000001410060261_li65711117191219">During the switchover from the security mode to the non-security mode, the indexes of the original security cluster will be deleted. Back up data before disabling the security mode.</li><li id="css_01_0158__en-us_topic_0000001410060261_li1555864144318">If a security cluster has been bound to a public IP address, unbind it before changing the security mode.</li><li id="css_01_0158__en-us_topic_0000001410060261_li139235391391">If a security cluster has enabled Kibana public network access, disable it before changing the security mode.</li></ul>
|
|
</div></div>
|
|
<ol id="css_01_0158__en-us_topic_0000001410060261_ol676642155415"><li id="css_01_0158__en-us_topic_0000001410060261_li2766221105411">Log in to the <span id="css_01_0158__en-us_topic_0000001410060261_text167661221105418">CSS</span> management console.</li><li id="css_01_0158__en-us_topic_0000001410060261_li0766142135415">In the navigation pane on the left, choose <strong id="css_01_0158__en-us_topic_0000001410060261_b1825320168343">Clusters</strong>. On the displayed <strong id="css_01_0158__en-us_topic_0000001410060261_b52591016173410">Clusters</strong> page, locate the target cluster and choose <strong id="css_01_0158__en-us_topic_0000001410060261_b11260216153412">More</strong> > <strong id="css_01_0158__en-us_topic_0000001410060261_b92608161344">Modify Configuration</strong> in the <strong id="css_01_0158__en-us_topic_0000001410060261_b12260101618345">Operation</strong> column.</li><li id="css_01_0158__en-us_topic_0000001410060261_li27661021165417">Choose the <strong id="css_01_0158__en-us_topic_0000001410060261_b14121219193417">Configure Security Mode</strong> tab.</li><li id="css_01_0158__en-us_topic_0000001410060261_li2766121175411">Disable the security mode.<div class="fignone" id="css_01_0158__en-us_topic_0000001410060261_fig207661521145417"><span class="figcap"><b>Figure 2 </b>Disabling the security mode</span><br><span><img id="css_01_0158__en-us_topic_0000001410060261_image15767122115546" src="en-us_image_0000001714802109.png"></span></div>
|
|
</li><li id="css_01_0158__en-us_topic_0000001410060261_li108851643182214">Click <strong id="css_01_0158__en-us_topic_0000001410060261_b18847022498">Submit</strong>. Confirm the information and the cluster list page is displayed.<p id="css_01_0158__en-us_topic_0000001410060261_p118851443172217">The <strong id="css_01_0158__en-us_topic_0000001410060261_b10853102653411">Task Status</strong> of the cluster is <strong id="css_01_0158__en-us_topic_0000001410060261_b138601226183414">The security mode is changing</strong>. When the cluster status changes to <strong id="css_01_0158__en-us_topic_0000001410060261_b1986062653417">Available</strong>, the security mode has been successfully changed.</p>
|
|
</li></ol>
|
|
</div>
|
|
<div class="section" id="css_01_0158__en-us_topic_0000001410060261_section672993904118"><a name="css_01_0158__en-us_topic_0000001410060261_section672993904118"></a><a name="en-us_topic_0000001410060261_section672993904118"></a><h4 class="sectiontitle">Switching the Protocol of Security Clusters</h4><p id="css_01_0158__en-us_topic_0000001410060261_p11519334184514">You can change the protocol of a security cluster.</p>
|
|
<div class="notice" id="css_01_0158__en-us_topic_0000001410060261_note16388188112418"><span class="noticetitle"><img src="public_sys-resources/notice_3.0-en-us.png"> </span><div class="noticebody"><p id="css_01_0158__en-us_topic_0000001410060261_p55071813162419">If a security cluster has been bound to a public IP address, you need to unbind it before changing HTTPS protocol to HTTP.</p>
|
|
</div></div>
|
|
<ol id="css_01_0158__en-us_topic_0000001410060261_ol386122354519"><li id="css_01_0158__en-us_topic_0000001410060261_li168611623144513">Log in to the <span id="css_01_0158__en-us_topic_0000001410060261_text28615236457">CSS</span> management console.</li><li id="css_01_0158__en-us_topic_0000001410060261_li786119236450">In the navigation pane on the left, choose <strong id="css_01_0158__en-us_topic_0000001410060261_b222101354">Clusters</strong>. On the displayed <strong id="css_01_0158__en-us_topic_0000001410060261_b202820043517">Clusters</strong> page, locate the target cluster and choose <strong id="css_01_0158__en-us_topic_0000001410060261_b10288011356">More</strong> > <strong id="css_01_0158__en-us_topic_0000001410060261_b102990173510">Modify Configuration</strong> in the <strong id="css_01_0158__en-us_topic_0000001410060261_b19291008355">Operation</strong> column.</li><li id="css_01_0158__en-us_topic_0000001410060261_li7861122374512">Choose the <strong id="css_01_0158__en-us_topic_0000001410060261_b1890424113352">Configure Security Mode</strong> tab.</li><li id="css_01_0158__en-us_topic_0000001410060261_li14861172354515">Enable or disable <strong id="css_01_0158__en-us_topic_0000001410060261_b46038511460">HTTPS Access</strong>.<div class="fignone" id="css_01_0158__en-us_topic_0000001410060261_fig1816320165512"><span class="figcap"><b>Figure 3 </b>Configuring the protocol</span><br><span><img id="css_01_0158__en-us_topic_0000001410060261_image19163151135518" src="en-us_image_0000001714802105.png"></span></div>
|
|
<ul id="css_01_0158__en-us_topic_0000001410060261_ul10601539145613"><li id="css_01_0158__en-us_topic_0000001410060261_li1360143919568">If you enable <strong id="css_01_0158__en-us_topic_0000001410060261_b6600123694614">HTTPS Access</strong>:<p id="css_01_0158__en-us_topic_0000001410060261_p184401359201216">HTTPS protocol is used to encrypt cluster communication and you can configure public network access.</p>
|
|
</li><li id="css_01_0158__en-us_topic_0000001410060261_li1981112610592">If you disable <strong id="css_01_0158__en-us_topic_0000001410060261_b844645516467">HTTPS Access</strong>: An alarm message is displayed. Click <strong id="css_01_0158__en-us_topic_0000001410060261_b981723194911">OK</strong> to disable the function.<p id="css_01_0158__en-us_topic_0000001410060261_p143701279595">Cluster communication is no longer encrypted and the public network access function cannot be enabled.</p>
|
|
</li></ul>
|
|
</li><li id="css_01_0158__en-us_topic_0000001410060261_li193794820231">Click <strong id="css_01_0158__en-us_topic_0000001410060261_b153991851134920">Submit</strong>. Confirm the information and the cluster list page is displayed.<p id="css_01_0158__en-us_topic_0000001410060261_p13791811235">The <strong id="css_01_0158__en-us_topic_0000001410060261_b1826525113813">Task Status</strong> of the cluster is <strong id="css_01_0158__en-us_topic_0000001410060261_b122721951188">The security mode is changing</strong>. When the cluster status changes to <strong id="css_01_0158__en-us_topic_0000001410060261_b72721251283">Available</strong>, the security mode has been successfully changed.</p>
|
|
</li></ol>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="css_01_0149.html">Changing the Elasticsearch Cluster Form</a></div>
|
|
</div>
|
|
</div>
|
|
|