标签:ELK 插件 elastic xpack kibana elasticsearch docker password data
由于公司Policy要求,需要对ELK的kibana访问进行安全认证
ELK7.*已经支持xpack的集成安装,直接配置使用即可
本篇基于上篇博客基础上进行配置
1、生成证书
~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
430a218a4513 elasticsearch:7.7.0 "/tini -- /usr/loc..." 3 hours ago Up 3 hours elasticsearch
1a75637e85d6 kafka:2.12-2.5.0 "start-kafka.sh" 3 hours ago Up 3 hours kafka
03a9aa4a458c zookeeper:3.4.13 "/docker-entrypoin..." 3 hours ago Up 3 hours zookeeper
81ba9a81983c logstash:7.7.0 "/usr/local/bin/do..." 27 hours ago Up 8 minutes 5044/tcp, 0.0.0.0:4560->4560/tcp, 9600/tcp logstash
4bc2de14b119 kibana:7.7.0 "/usr/local/bin/du..." 2 days ago Up 7 minutes 0.0.0.0:5601->5601/tcp kibana
~]# docker stop kibana
~]# docker stop logstash #三台节点都需要关闭
~]# docker exec -it elasticsearch bash
elasticsearch]# elasticsearch-certutil ca # 生成CA证书
ENTER ENTER
elasticsearch]# elasticsearch-certutil cert --ca elastic-stack-ca.p12 # 生成节点证书
ENTER ENTER
#在当前目录生成相应的证书
#把证书传输到其他节点,集群间使用证书进行通信,由于之前挂载了/usr/share/elasticsearch/data目录,先把证书放在data目录下传输到宿主机
elasticsearch]# mv elastic* data/
elasticsearch]# exit
~]# cd /data/es/data
~]# mkdir /data/es/certs
~]# mv /data/es/data/elastic* /data/es/certs/
把证书文件传输给其他2台节点
~]# scp -rp /data/es/certs/elastic* user@10.10.27.126:/data/es/certs/
~]# scp -rp /data/es/certs/elastic* user@10.10.27.127:/data/es/certs/
3、修改内置用户密码
(1) 三台节点修改docker-compose配置
~]# vi /data/elk/docker-compose.yml #挂载证书对应文件
version: '2.1'
services:
elasticsearch:
image: elasticsearch:7.7.0
container_name: elasticsearch
depends_on:
- kafka
environment:
ES_JAVA_OPTS: -Xms1g -Xmx1g
network_mode: host
volumes:
- /data/es/conf/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- /data/es/data:/usr/share/elasticsearch/data
- /data/es/certs/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
- /data/es/certs/elastic-stack-ca.p12:/usr/share/elasticsearch/config/elastic-stack-ca.p12
......
(2) 三台台节点修改elasticsearch配置文件
~]# vi /data/es/conf/elasticsearch.yml #添加认证选项
cluster.name: es-cluster
network.host: 0.0.0.0
node.name: master1
http.cors.enabled: true
http.cors.allow-origin: "*"
node.master: true
node.data: true
network.publish_host: 10.10.27.125
discovery.zen.minimum_master_nodes: 1
discovery.zen.ping.unicast.hosts: ["10.10.27.125","10.10.27.126","10.10.27.127"]
cluster.initial_master_nodes: ["10.10.27.125","10.10.27.126","10.10.27.127"]
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
#默认的elastic-certificates.p12文件位置在容器实例的/usr/share/elasticsearch/config/路径下,也可以直接指定具体路径
(2) 启动三台节点的elasticsearch实例
master1 ~]# docker stop elasticsearch && docker rm elasticsearch
master1 ~]# cd /data/elk/ && docker-compose up -d elasticsearch
master2 ~]# docker stop elasticsearch && docker rm elasticsearch
master2 ~]# cd /data/elk/ && docker-compose up -d elasticsearch
master3 ~]# docker stop elasticsearch && docker rm elasticsearch
master3 ~]# cd /data/elk/ && docker-compose up -d elasticsearch
(3) 配置内置用户密码
master1 ~]# docker exec -it elasticsearch bash
elasticsearch]# elasticsearch-setup-passwords interactive
# 输出结果
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y # 输入y
# 直接输入密码,然后再重复一遍密码,中括号里是账号
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
# 为了方便后续使用,这里可以都设置成一样
# password: Password123
elasticsearch]# exit
# 验证集群设置的账号和密码
# 打开浏览器访问这个地址,出现需要输入账号密码的界面证明设置成功
#http://10.10.27.125:9200/_security/_authenticate?pretty
3、修改配置文件
(1) 三台节点修改logstash配置文件
~]# vi /data/logstash/conf/logstash.conf
......
output{
elasticsearch{
hosts => ["10.10.27.125:9200","10.10.27.126:9200","10.10.27.127:9200"]
index => "system-log-%{+YYYY.MM.dd}"
user => "elastic" # 注意:这里演示使用超级账号,安全起见最好是使用自定义的账号,并授予该用户创建索引的权限,具体看下方地址
password => "Password123"
}
stdout{
codec => rubydebug
}
}
# 使用自定义的账号官方地址:https://www.elastic.co/cn/blog/configuring-ssl-tls-and-https-to-secure-elasticsearch-kibana-beats-and-logstash
~]# vi /data/logstash/conf/logstash.yml
http.host: "0.0.0.0"
xpack.monitoring.elasticsearch.hosts: [ "http://10.10.27.125:9200","http://10.10.27.126:9200","http://10.10.27.127:9200" ]
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: elastic
xpack.monitoring.elasticsearch.password: "Password123"
(2) 修改kibana配置文件
~]# vi /data/kibana/conf/kibana.yml #添加kibana的用户密码
server.name: kibana
server.host: "0.0.0.0"
elasticsearch.hosts: [ "http://10.10.27.125:9200","http://10.10.27.126:9200","http://10.10.27.127:9200" ]
monitoring.ui.container.elasticsearch.enabled: true
elasticsearch.username: "kibana" # 注意:此处不用超级账号elastic,而是使用kibana跟es连接的账号kibana
elasticsearch.password: "Password123"
4、启动ELK
#重启logstash
master1 ~]# docker restart logstash
master2 ~]# docker restart logstash
master3 ~]# docker restart logstash
#重启kibana
master1 ~]# docker restart kibana
5、访问kibana
访问kibana:http://10.10.27.125:5601 使用用户elastic访问成功,在Management下面的Kibana最后出现一个Security,有User和Role,方便kibana多用户创建及角色权限控制
参考链接:https://www.cnblogs.com/sanduzxcvbnm/p/11427686.html
标签:ELK,插件,elastic,xpack,kibana,elasticsearch,docker,password,data 来源: https://www.cnblogs.com/robin788/p/16150914.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。