环境:

ElasticSearch版本:7.13.2

介绍:

kibana只是一个视图页面,真正工作的是Elasticsearch。

注意:

下边有关es的操作需要所有节点执行。

创建es节点之间SSL证书

1、在es主节点生成 elastic-stack-ca.p12文件

# ./bin/elasticsearch-certutil ca
Please enter the desired output file [elastic-stack-ca.p12]: #回车
Enter password for elastic-stack-ca.p12 : #CA证书的密码,回车
# ls
bin config data elastic-stack-ca.p12 jdk lib LICENSE.txt logs modules nohup.out NOTICE.txt plugins README.asciidoc

2、在es主节点生成 elastic-certificates.p12文件

./elasticsearch-certutil cert --ca elastic-stack-ca.p12
Enter password for CA (elastic-stack-ca.p12) : # CA证书的密码,直接回车
Please enter the desired output file [elastic-certificates.p12]: # 默认
Enter password for elastic-certificates.p12 : # 证书密码,直接回车

3、复制elastic-stack-ca.p12、elastic-certificates.p12到各节点的config目录

cp elastic-stack-ca.p12 elastic-certificates.p12  config/

4、修改elastic-stack-ca.p12 、 elastic-certificates.p12属主

# chown elk. config/elastic-certificates.p12 
# chown elk. config/elastic-stack-ca.p12

5、其他节点省略......

配置es

1、修改es配置文件:elasticsearch.yml,添加如下配置,其他节点配置相同

# vim ../config/elasticsearch.yml
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

2、重启es

systemctl restart elasticsearch

3、es的bin目录下执行命令设置初始密码,会设置下边六个账户的密码

# ./elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana_system]:
Reenter password for [kibana_system]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

4、修改kibana的配置文件

# vim kibana.yml
elasticsearch.username: "kibana_system"
elasticsearch.password: "kibana_system" # 密码

5、重启kibana服务

# systemctl restart kibana

6、修改logstash配置文件

# vim /opt/logstash-7.13.2/config/new.conf
output {
elasticsearch {
hosts => ["xxxx:9200","xxxxxx:9200"]
index => "%{[type]}-%{+YYYY.MM.dd}"
user => "elastic" # 新增
password => "elastic" # 新增
}

7、重启logstash服务

# systemctl restart logstash

8、访问kibana验证

ELK开启账户密码认证详细操作_elasticsearch