Step1: use example given role named readall password: readall login to my cluster
Step2: change the password of readall to 123456 by using hash.sh and use sgadmin.sh update configuration. It seems every things update successfully.
sg_internal_users.yml
readall:
hash: $2a$12$Y7D1zuzJ/tEHT6ings7DFOjsHReA.7GPam6JKRmpaWbbvKTnRKGeK
command
bash plugins/search-guard-2/tools/sgadmin.sh \
-cn np_es \
-h app01.add.bjyt**.qihoo.net** \
-cd plugins/search-guard-2/sgconfig/ \
-ks plugins/search-guard-2/sgconfig/kirk-keystore.jks \
-ts plugins/search-guard-2/sgconfig/truststore.jks \
-nhnv
result of Terminal
Index does already exists
Populate config from /usr/local/elasticsearch-2.3.3/plugins/search-guard-2/sgconfig
Will update ‘config’ with plugins/search-guard-2/sgconfig/sg_config.yml
SUCC Configuration for ‘config’ created or updated
Will update ‘roles’ with plugins/search-guard-2/sgconfig/sg_roles.yml
SUCC Configuration for ‘roles’ created or updated
Will update ‘rolesmapping’ with plugins/search-guard-2/sgconfig/sg_roles_mapping.yml
SUCC Configuration for ‘rolesmapping’ created or updated
Will update ‘internalusers’ with plugins/search-guard-2/sgconfig/sg_internal_users.yml
SUCC Configuration for ‘internalusers’ created or updated
Will update ‘actiongroups’ with plugins/search-guard-2/sgconfig/sg_action_groups.yml
SUCC Configuration for ‘actiongroups’ created or updated
Wait a short time …
Done with success
Step3: use account: readall and password: 123456 login, failed, and try to use readall: readall success !!!
Step 4: Delete readall from sg_internal_users.yml and update using sgadmin.sh. I can still use readall:readall to login.
Should I restart my ES cluster ? OR Do anything else ?