溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
elasticsearch、kibana、logstash版本:7.3.2
| 192.168.3.100 | elasticsearch |
| 192.168.3.101 | elasticsearch |
| 192.168.3.102 | elasticsearch、kibana |
#使用es自帶工具生成CA及證書 ES_HOME=/usr/local/elasticsearch $ES_HOME/bin/elasticsearch-certutil?ca $ES_HOME/bin/elasticsearch-certutil?cert?--ca?elastic-stack-ca.p12 mkdir?$ES_HOME/config/certs?&&?mv?$ES_HOME/elastic-*?$ES_HOME/config/certs
復制證書到其他es節點
#es配置文件(es1為例) elasticsearch.yml cluster.name:?my-es node.name:?es-1 node.master:?true? node.data:?true node.ingest:?false path.data:?/usr/local/elasticsearch/data/ path.logs:?/usr/local/elasticsearch/log/ network.host:?0.0.0.0 http.port:?9200 transport.port:?9300 transport.compress:?true discovery.seed_hosts:?["192.168.3.100:9300","192.168.3.101:9300","192.168.3.102:9300"] cluster.initial_master_nodes:?["192.168.3.100:9300","192.168.3.101:9300","192.168.3.102:9300"] #head插件 http.cors.enabled:?true http.cors.allow-origin:?"*" #開啟安全功能 xpack.security.enabled:?true #集群內部通信加密 xpack.security.transport.ssl.enabled:?true xpack.security.transport.ssl.verification_mode:?certificate xpack.security.transport.ssl.keystore.path:?certs/elastic-certificates.p12 xpack.security.transport.ssl.truststore.path:?certs/elastic-certificates.p12
#使用systemd管理es /usr/lib/systemd/system/elasticsearch.service [Unit] Description=Elasticsearch Documentation=http://www.elastic.co Wants=network-online.target After=network-online.target [Service] User=es Group=es LimitNOFILE=100000 LimitNPROC=100000 ExecStart=/usr/local/elasticsearch/bin/elasticsearch [Install] WantedBy=multi-user.target
#啟動es集群;設置默認賬戶密碼 #自動生成密碼 $ES_HOME/bin/elasticsearch-setup-passwords?auto
#手動設置密碼 $ES_HOME/bin/elasticsearch-setup-passwords?interactive
#Kibana相關證書 Kibana_HOME=/usr/local/kibana #kibana連接es加密需要使用pem證書 cd??$ES_HOME/config/certs #證書轉換 openssl?pkcs12?-in?elastic-certificates.p12?-out?elastic-certificates.pem?-nodes mkdir?$Kibana_HOME/config/certs?&&?mv?elastic-certificates.pem?$Kibana_HOME/config/certs #https證書 $ES_HOME/bin/elasticsearch-certutil?ca?--pem mv?$ES_HOME/elastic-stack-ca.zip?$Kibana_HOME/config/certs?&&?unzip?$Kibana_HOME/config/certs/elastic-stack-ca.zip
#kibana配置文件 kibana.yml server.host:?"192.168.3.102" elasticsearch.hosts:?["http://192.168.3.102:9200","http://192.168.3.101:9200","http://192.168.3.102:9200"] elasticsearch.username:?"kibana" elasticsearch.password:?"ukCAClFof70DU5mWnHC7" logging.dest:?/usr/local/kibana/log/kibana.log logging.quiet:?true #啟用https訪問kibana;使用私有證書會有訪問日志報錯的問題 #server.ssl.enabled:?true #server.ssl.certificate:?/usr/local/kibana/config/certs/ca/ca.crt #server.ssl.key:?/usr/local/kibana/config/certs/ca/ca.key #啟用elasticsearch連接加密 elasticsearch.ssl.certificateAuthorities:?[?"/usr/local/kibana/config/certs/elastic-certificates.pem"?] elasticsearch.ssl.verificationMode:?certificate
#systemd管理kibana /usr/lib/systemd/system/kibana.service [Unit] Description=Kinaba Documentation=http://www.elastic.co Wants=network-online.target After=network-online.target [Service] User=kibana Group=kibana ExecStart=/usr/local/kibana/bin/kibana [Install] WantedBy=multi-user.target
#logstash示例
input?{
??stdin?{
??}
}
output?{
??elasticsearch?{
????hosts?=>?["http://192.168.3.100:9200","http://192.168.3.101:9200","http://192.168.3.102:9200"]
????index?=>?"test-%{+YYYY.MM.dd}"
????user?=>?"elastic"
????password?=>?"HkqZIHZsuXSv6B5OwqJ7"
??}
}使用PKCS12配置logstash=>es安全加密未成功(有大佬成功的話私信或者評論下),可以參考下面鏈接使用PEM方式來完成各組件之間的安全通信
https://www.elastic.co/cn/blog/configuring-ssl-tls-and-https-to-secure-elasticsearch-kibana-beats-and-logstash#step-5-2
參考:
https://www.elastic.co/guide/en/elastic-stack-overview/7.3/ssl-tls.html
https://www.elastic.co/guide/en/elasticsearch/reference/7.3/configuring-security.html
https://www.elastic.co/guide/en/kibana/7.3/using-kibana-with-security.html
https://www.elastic.co/guide/en/kibana/7.3/configuring-tls.html
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
