ElasticSearch on AWS - 외부 접속 포트 허용 (open inbound traffic) / 패스워드 변경 (change password)

AWS EC2에 띄워진 ElasticSearch에 대해 외부 접속 포트 허용과 패스워드 변경하는 방법을 알아보겠습니다.

elasticsearch.yml 수정

아래 파일에서 두가지 속성을 변경해줍니다.

/etc/elasticsearch/elasticsearch.yml

1. network.host 속성 주석을 해제하고 0.0.0.0 으로 변경
2. cluster.initial_master_nodes 속성 주석 해제

# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
network.host: 0.0.0.0
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
#http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes: ["node-1", "node-2"]
#
# For more information, consult the discovery and cluster formation module documentation.

---

설정을 마치고 나와 elasticsearch 를 기동해줍니다.

# systemctl start elasticsearch.service
Job for elasticsearch.service failed because the control process exited with error code.
See "systemctl status elasticsearch.service" and "journalctl -xe" for details.

기동시에 에러가 나서 기동에 실패했네요.

journalctl -xe 로 로그를 보면 에러로그가 하나 떨어져있는데, MacOS 터미널 자체 환경문제인건지 로그가 짤려보이네요.

journalctl -f를 실행하고 기동을 다시 시도해보면 보면 아래와 같은 로그가 떨어집니다.

Sep 10 23:52:12 ip-xxx.ap-northeast-2.compute.internal systemd[1]: Starting Elasticsearch...
Sep 10 23:52:13 ip-xxx.ap-northeast-2.compute.internal systemd-entrypoint[2347]: Exception in thread "main" org.elasticsearch.common.settings.SettingsException: Failed to load settings from [elasticsearch.yml]
Sep 10 23:52:13 ip-xxx.ap-northeast-2.compute.internal systemd-entrypoint[2347]:         at org.elasticsearch.common.settings.Settings$Builder.loadFromStream(Settings.java:1194)
Sep 10 23:52:13 ip-xxx.ap-northeast-2.compute.internal systemd-entrypoint[2347]:         at org.elasticsearch.node.InternalSettingsPreparer.loadConfigWithSubstitutions(InternalSettingsPreparer.java:126)
Sep 10 23:52:13 ip-xxx.ap-northeast-2.compute.internal systemd-entrypoint[2347]:         at org.elasticsearch.node.InternalSettingsPreparer.prepareEnvironment(InternalSettingsPreparer.java:52)
Sep 10 23:52:13 ip-xxx.ap-northeast-2.compute.internal systemd-entrypoint[2347]:         at org.elasticsearch.common.cli.EnvironmentAwareCommand.createEnv(EnvironmentAwareCommand.java:110)
Sep 10 23:52:13 ip-xxx.ap-northeast-2.compute.internal systemd-entrypoint[2347]:         at org.elasticsearch.common.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:54)
Sep 10 23:52:13 ip-xxx.ap-northeast-2.compute.internal systemd-entrypoint[2347]:         at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:85)
Sep 10 23:52:13 ip-xxx.ap-northeast-2.compute.internal systemd-entrypoint[2347]:         at org.elasticsearch.cli.Command.main(Command.java:50)
Sep 10 23:52:13 ip-xxx.ap-northeast-2.compute.internal systemd-entrypoint[2347]:         at org.elasticsearch.launcher.CliToolLauncher.main(CliToolLauncher.java:64)
Sep 10 23:52:13 ip-xxx.ap-northeast-2.compute.internal systemd-entrypoint[2347]: Caused by: org.elasticsearch.xcontent.XContentParseException: [115:29] Duplicate field 'cluster.initial_master_nodes'
Sep 10 23:52:13 ip-xxx.ap-northeast-2.compute.internal systemd-entrypoint[2347]:  at [Source: (ByteArrayInputStream); line: 115, column: 29]
Sep 10 23:52:13 ip-xxx.ap-northeast-2.compute.internal systemd-entrypoint[2347]:         at org.elasticsearch.xcontent.provider.json.JsonXContentParser.newXContentParseException(JsonXContentParser.java:52)
Sep 10 23:52:13 ip-xxx.ap-northeast-2.compute.internal systemd-entrypoint[2347]:         at org.elasticsearch.xcontent.provider.json.JsonXContentParser.nextFieldName(JsonXContentParser.java:71)
Sep 10 23:52:13 ip-xxx.ap-northeast-2.compute.internal systemd-entrypoint[2347]:         at org.elasticsearch.common.settings.Settings.fromXContent(Settings.java:719)
Sep 10 23:52:13 ip-xxx.ap-northeast-2.compute.internal systemd-entrypoint[2347]:         at org.elasticsearch.common.settings.Settings.fromXContent(Settings.java:687)
Sep 10 23:52:13 ip-xxx.ap-northeast-2.compute.internal systemd-entrypoint[2347]:         at org.elasticsearch.common.settings.Settings$Builder.loadFromStream(Settings.java:1190)
Sep 10 23:52:13 ip-xxx.ap-northeast-2.compute.internal systemd-entrypoint[2347]:         ... 7 more
Sep 10 23:52:13 ip-xxx.ap-northeast-2.compute.internal systemd-entrypoint[2347]: Caused by: com.fasterxml.jackson.core.JsonParseException: Duplicate field 'cluster.initial_master_nodes'
Sep 10 23:52:13 ip-xxx.ap-northeast-2.compute.internal systemd-entrypoint[2347]:  at [Source: (ByteArrayInputStream); line: 115, column: 29]
Sep 10 23:52:13 ip-xxx.ap-northeast-2.compute.internal systemd-entrypoint[2347]:         at com.fasterxml.jackson.core.json.JsonReadContext._checkDup(JsonReadContext.java:225)
Sep 10 23:52:13 ip-xxx.ap-northeast-2.compute.internal systemd-entrypoint[2347]:         at com.fasterxml.jackson.core.json.JsonReadContext.setCurrentName(JsonReadContext.java:219)
Sep 10 23:52:13 ip-xxx.ap-northeast-2.compute.internal systemd-entrypoint[2347]:         at com.fasterxml.jackson.dataformat.yaml.YAMLParser.nextToken(YAMLParser.java:456)
Sep 10 23:52:13 ip-xxx.ap-northeast-2.compute.internal systemd-entrypoint[2347]:         at com.fasterxml.jackson.core.JsonParser.nextFieldName(JsonParser.java:1038)
Sep 10 23:52:13 ip-xxx.ap-northeast-2.compute.internal systemd-entrypoint[2347]:         at org.elasticsearch.xcontent.provider.json.JsonXContentParser.nextFieldName(JsonXContentParser.java:69)
Sep 10 23:52:13 ip-xxx.ap-northeast-2.compute.internal systemd-entrypoint[2347]:         ... 10 more
Sep 10 23:52:13 ip-xxx.ap-northeast-2.compute.internal systemd[1]: elasticsearch.service: Main process exited, code=exited, status=1/FAILURE
Sep 10 23:52:13 ip-xxx.ap-northeast-2.compute.internal systemd[1]: elasticsearch.service: Failed with result 'exit-code'.
Sep 10 23:52:13 ip-xxx.ap-northeast-2.compute.internal systemd[1]: Failed to start Elasticsearch.

Caused by: org.elasticsearch.xcontent.XContentParseException: [115:29] Duplicate field 'cluster.initial_master_nodes' 에러가 보입니다.

elasticsearch.yml 파일을 다시 확인해보니
이미 아래쪽에 cluster.initial_master_nodes 값이 설정되어 있네요.

cluster.initial_master_nodes 속성값에 대해 수동으로 주석을 해제한 부분을 다시 원복시키고 재기동 해주면 기동이 정상적으로 되는것을 확인할 수 있습니다.

---

포트에 대해 방화벽 해제

일반 개인서버의 경우 방화벽 해제 명령어를 사용하여 포트를 열어줘야 하고, 저는 AWS EC2 클라우드를 사용하고 있으므로 AWS 에서 설정가능한 보안그룹 인바운드 규칙을 편집하여 포트 방화벽을 해제하도록 하겠습니다.

---

개인 PC에서 https://[퍼블릭 IP]:9200 으로 접속하면
사용자명과 패스워드를 입력하라는 팝업창이 나옵니다.

입력하면 정상적으로 json 정보가 response 됩니다.

{
  "name" : "ip-xxxx.ap-northeast-2.compute.internal",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "aDkGBR3WRbKPcv2dwbDMbg",
  "version" : {
    "number" : "8.4.1",
    "build_flavor" : "default",
    "build_type" : "rpm",
    "build_hash" : "2bd229c8e56650b42e40992322a76e7914258f0c",
    "build_date" : "2022-08-26T12:11:43.232597118Z",
    "build_snapshot" : false,
    "lucene_version" : "9.3.0",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
}

---

Change Password

password를 잊어버렸다면

# 랜덤 초기화
/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic
# 패스워드 지정하여 초기화 (interactive)
/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic -i

명령을 수행하여 password를 reset하면 됩니다.

다만 이 명령을 수행할 경우 그 후 부터는 elasticsearch-setup-passwords 명령이 제대로 수행되지 않는 것처럼 보이는데

$ ./elasticsearch-setup-passwords interactive

Failed to authenticate user 'elastic' against https://xx.xxx.x.xx:9200/_security/_authenticate?pretty
Possible causes include:
 * The password for the 'elastic' user has already been changed on this cluster
 * Your elasticsearch node is running against a different keystore
   This tool used the keystore at /etc/elasticsearch/elasticsearch.keystore

You can use the `elasticsearch-reset-password` CLI tool to reset the password of the 'elastic' user

아래 Unable to change elastic user password 참고 사이트에서 말하는 것처럼 elasticsearch-setup-password 명령이 bootstrap password 를 이용하기 때문에, 위와 같은 에러가 나는 것으로 보입니다.

elasticsearch-reset-password 만으로 패스워드 지정 초기화, 랜덤 초기화, 특정 사용자에 대한 패스워드 초기화 모두 가능하므로 이것을 써도 문제 없어보이네요.

참고
Unable to change elastic user password
elasticsearch-setup-passwords
elasticsearch-reset-password
Elasticsearch 설치 및 외부 허용 설정하기