接上编文章,链接:
8.添加安全认证模式
集群虽然能正常启动和工作,但是访问Kibana没有账号密码,系统不够安全,为了配置账号安全,需要修改配置和重新安装。
幸运的是Elasticsearch7.9版本集成了xpack的安全模块,需要通过一套配置就可以使用了。
安装的思路是这样的:
先安装一台机器(单节点集群)为账号密码的安全模式,然后再将配置同步到另外两台机器,然后修改配置为三个节点集群。注意:这种安装方式要求集群的数据都是空的,如果已经运行过的集群无法通过这种方式安装,同步密码账号会失败。
按照第4节的方式先安装一台机器的elasticsearch,机器IP:192.168.119.130
8.1修改单节点配置文件如下:
vi /etc/elasticsearch/elasticsearch.yml
#修改data存放的路径
path.data: /var/lib/elasticsearch
#修改logs日志的路径
path.logs: /var/log/elasticsearch/
#监听的网络地址
network.host: 0.0.0.0
#初始化主节点
cluster.initial_master_nodes: ["elk-1"]
#开启监听的端口
http.port: 9200
#找到配置文件中的cluster.name,打开该配置并设置集群名称
cluster.name: mycluster
#找到配置文件中的node.name,打开该配置并设置节点名称
node.name: elk-1
# 配置集群中,选举的节点
discovery.seed_hosts: ["192.168.119.130"]
#开启xpack认证模式
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/elastic-certificates.p12
注意:红色字部分不可以修改路径,否则服务启动后会报奇怪的错误。elastic-certificates.p12文件的存放位置也是固定的位置。
8.2 生成安全证书
执行以下命令生成证书:
/usr/share/elasticsearch/bin/elasticsearch-certutil ca
/usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
两条命令均一路回车即可,不需要给秘钥再添加密码。执行完了后,两个证书会生成在/usr/share/elasticsearch下,需要手工拷贝文件到/etc/elasticsearch目录下:
cd /usr/share/elasticsearch
cp elastic-* /etc/elasticsearch/
cd /etc/elasticsearch/
chmod 755 elastic-*
将如上命令生成的两个证书文件拷贝到另外两台机器作为通信依据。证书存放/etc/elasticsearch/此目录不能更换,否则启动会报错。
8.3启动单节点的服务
systemctl start elasticsearch.service
8.4初始化密码
执行命令,初始化用户名和密码:
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
按照命令提示输入所有用户的初始化密码,全部输入password就OK。
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
8.5 验证账号密码配置成功
curl http://elastic:password@192.168.119.130:9200/_cluster/health
8.6 停止服务
systemctl stop elasticsearch.service
8.7 修改配置文件为多节点:
假设另外两个节点机器IP为:192.168.119.139,192.168.119.140,按照第4节步骤安装好elasticsearch
vi /etc/elasticsearch/elasticsearch.yml
#修改data存放的路径
path.data: /var/lib/elasticsearch
#修改logs日志的路径
path.logs: /var/log/elasticsearch/
#监听的网络地址
network.host: 0.0.0.0
#初始化主节点
cluster.initial_master_nodes: ["elk-1","elk-2"]
#开启监听的端口
http.port: 9200
#找到配置文件中的cluster.name,打开该配置并设置集群名称
cluster.name: mycluster
#找到配置文件中的node.name,打开该配置并设置节点名称
node.name: elk-1
# 配置集群中,选举的节点
discovery.seed_hosts: ["192.168.119.130","192.168.119.139","192.168.119.140"]
#开启xpack认证模式
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/elastic-certificates.p12
注意:红色字部分不可以修改路径,否则服务启动后会报奇怪的错误。elastic-certificates.p12文件的存放位置也是固定的位置。
修改完毕后,将配置文件同步拷贝到192.168.119.139,192.168.119.140
修改节点名称node.name:分别为:elk-2,elk-3
同时需要拷贝 /etc/elasticsearch/目录下的两个证书文件到两个节点对应目录下。
8.8启动多节点的服务
在三个节点上分别启动服务
systemctl start elasticsearch.service
启动完成后,分别验证集群状态:
curl http://elastic:password@192.168.119.130:9200/_cluster/health
curl http://elastic:password@192.168.119.139:9200/_cluster/health
curl http://elastic:password@192.168.119.140:9200/_cluster/health
三台机器验证没有问题后,进行下一步安装。
8.9 安装Nginx
安装第5节安装Nginx,Nginx安装在192.168.119.141上。
8.10 安装Kibana
按照第6节步骤安装Kibana,Kibana安装在192.168.119.130
vi /etc/kibana/kibana.yml
#开启监听的端口
server.port: 5601
#监听的网络地址
server.host: "0.0.0.0"
#elasticsearch的网络地址
elasticsearch.hosts: ["http://192.168.119.141:9200"]
#kibana的索引值
kibana.index: ".kibana"
#配置elastic账号和密码
elasticsearch.username: "kibana_system"
elasticsearch.password: "password"
#开启中文
i18n.locale: "zh-CN"
8.11 安装logstash和tomcat
按照第7节步骤安装logstash和tomcat
编辑logstash配置文件如下:
# vi /opt/tomcat.conf
input {
file {
path => "/opt/tomcat8/logs/*.txt"
type => "tomcat"
}
}
output {
if [type] == "tomcat" {
elasticsearch {
hosts => ["192.168.119.141:9200"]
index => "tomcat130-%{+YYYY.MM.dd}"
user => "elastic"
password => "password"
}
}
}
8.12 验证
现在ELK服务器全部按照加密认证模式启动后,在浏览器输入地址:
出现账号密码提示界面,输入初始化的账号和密码,elastic/password:
点击安全性设置,可以修改账号密码:
可以看到密码修改界面,而且界面大多数菜单都中文化了。
