您好,登錄后才能下訂單哦!
elasticsearch、kibana、logstash版本:7.3.2
192.168.3.100 | elasticsearch |
192.168.3.101 | elasticsearch |
192.168.3.102 | elasticsearch、kibana |
#使用es自帶工具生成CA及證書 ES_HOME=/usr/local/elasticsearch $ES_HOME/bin/elasticsearch-certutil?ca $ES_HOME/bin/elasticsearch-certutil?cert?--ca?elastic-stack-ca.p12 mkdir?$ES_HOME/config/certs?&&?mv?$ES_HOME/elastic-*?$ES_HOME/config/certs
復(fù)制證書到其他es節(jié)點(diǎn)
#es配置文件(es1為例) elasticsearch.yml cluster.name:?my-es node.name:?es-1 node.master:?true? node.data:?true node.ingest:?false path.data:?/usr/local/elasticsearch/data/ path.logs:?/usr/local/elasticsearch/log/ network.host:?0.0.0.0 http.port:?9200 transport.port:?9300 transport.compress:?true discovery.seed_hosts:?["192.168.3.100:9300","192.168.3.101:9300","192.168.3.102:9300"] cluster.initial_master_nodes:?["192.168.3.100:9300","192.168.3.101:9300","192.168.3.102:9300"] #head插件 http.cors.enabled:?true http.cors.allow-origin:?"*" #開啟安全功能 xpack.security.enabled:?true #集群內(nèi)部通信加密 xpack.security.transport.ssl.enabled:?true xpack.security.transport.ssl.verification_mode:?certificate xpack.security.transport.ssl.keystore.path:?certs/elastic-certificates.p12 xpack.security.transport.ssl.truststore.path:?certs/elastic-certificates.p12
#使用systemd管理es /usr/lib/systemd/system/elasticsearch.service [Unit] Description=Elasticsearch Documentation=http://www.elastic.co Wants=network-online.target After=network-online.target [Service] User=es Group=es LimitNOFILE=100000 LimitNPROC=100000 ExecStart=/usr/local/elasticsearch/bin/elasticsearch [Install] WantedBy=multi-user.target
#啟動es集群;設(shè)置默認(rèn)賬戶密碼 #自動生成密碼 $ES_HOME/bin/elasticsearch-setup-passwords?auto
#手動設(shè)置密碼 $ES_HOME/bin/elasticsearch-setup-passwords?interactive
#Kibana相關(guān)證書 Kibana_HOME=/usr/local/kibana #kibana連接es加密需要使用pem證書 cd??$ES_HOME/config/certs #證書轉(zhuǎn)換 openssl?pkcs12?-in?elastic-certificates.p12?-out?elastic-certificates.pem?-nodes mkdir?$Kibana_HOME/config/certs?&&?mv?elastic-certificates.pem?$Kibana_HOME/config/certs #https證書 $ES_HOME/bin/elasticsearch-certutil?ca?--pem mv?$ES_HOME/elastic-stack-ca.zip?$Kibana_HOME/config/certs?&&?unzip?$Kibana_HOME/config/certs/elastic-stack-ca.zip
#kibana配置文件 kibana.yml server.host:?"192.168.3.102" elasticsearch.hosts:?["http://192.168.3.102:9200","http://192.168.3.101:9200","http://192.168.3.102:9200"] elasticsearch.username:?"kibana" elasticsearch.password:?"ukCAClFof70DU5mWnHC7" logging.dest:?/usr/local/kibana/log/kibana.log logging.quiet:?true #啟用https訪問kibana;使用私有證書會有訪問日志報錯的問題 #server.ssl.enabled:?true #server.ssl.certificate:?/usr/local/kibana/config/certs/ca/ca.crt #server.ssl.key:?/usr/local/kibana/config/certs/ca/ca.key #啟用elasticsearch連接加密 elasticsearch.ssl.certificateAuthorities:?[?"/usr/local/kibana/config/certs/elastic-certificates.pem"?] elasticsearch.ssl.verificationMode:?certificate
#systemd管理kibana /usr/lib/systemd/system/kibana.service [Unit] Description=Kinaba Documentation=http://www.elastic.co Wants=network-online.target After=network-online.target [Service] User=kibana Group=kibana ExecStart=/usr/local/kibana/bin/kibana [Install] WantedBy=multi-user.target
#logstash示例 input?{ ??stdin?{ ??} } output?{ ??elasticsearch?{ ????hosts?=>?["http://192.168.3.100:9200","http://192.168.3.101:9200","http://192.168.3.102:9200"] ????index?=>?"test-%{+YYYY.MM.dd}" ????user?=>?"elastic" ????password?=>?"HkqZIHZsuXSv6B5OwqJ7" ??} }
使用PKCS12配置logstash=>es安全加密未成功(有大佬成功的話私信或者評論下),可以參考下面鏈接使用PEM方式來完成各組件之間的安全通信
https://www.elastic.co/cn/blog/configuring-ssl-tls-and-https-to-secure-elasticsearch-kibana-beats-and-logstash#step-5-2
參考:
https://www.elastic.co/guide/en/elastic-stack-overview/7.3/ssl-tls.html
https://www.elastic.co/guide/en/elasticsearch/reference/7.3/configuring-security.html
https://www.elastic.co/guide/en/kibana/7.3/using-kibana-with-security.html
https://www.elastic.co/guide/en/kibana/7.3/configuring-tls.html
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場,如果涉及侵權(quán)請聯(lián)系站長郵箱:is@yisu.com進(jìn)行舉報,并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。