Elk7.17.2集群带xpack
卫开济
Elk7.17.2集群安装说明
版本:7.17.2
测试环境: ip1、ip2、ip3
X-Pack是Elastic Stack扩展功能,提供安全性,警报,监视,报告,机器学习和许多其他功能。 ES7.0+之后,默认情况下,当安装Elasticsearch时,会安装X-Pack,无需单独再安装。
自7.1+版本之后,基础级安全永久免费。
基础级安全包含:
加密通信
基于角色 的控制访问
文件和原生身份验证
kibana spaces
kibana功能控制
api密钥管理
收费级安全包含审计日志、ip筛选、es令牌服务、单点登录、基于属性的访问控制等。
1、三台服务器分别安装elasticsearch
rpm -i elasticsearch-7.17.2-x86_64.rpm
2、配置集群
1.修改ip1配置文件elasticsearch.yml
vim /etc/elasticsearch/elasticsearch.yml
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
# Before you set out to tweak and tune the configuration, make sure you
# understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
#cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
network.host: ip
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
#http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
discovery.seed_hosts: ["ip1", "ip2","ip3"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes: ["node-1"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
#
# ---------------------------------- Security ----------------------------------
#
# *** WARNING ***
#
# Elasticsearch security features are not enabled by default.
# These features are free, but require configuration changes to enable them.
# This means that users don’t have to provide credentials and can get full access
# to the cluster. Network connections are also not encrypted.
#
# To protect your data, we strongly encourage you to enable the Elasticsearch security features.
# Refer to the following documentation for instructions.
#
# https://www.elastic.co/guide/en/elasticsearch/reference/7.16/configuring-stack-security.html
2.修改ip2配置文件elasticsearch.yml
只需修改
node.name: node-2
network.host: ip2
3.修改ip3配置文件elasticsearch.yml
只需修改
node.name: node-3
network.host: ip3
4.启动elasticsearch,浏览器访问验证
curl -u 'elastic:123456' http://ip:9200/_cat/health?v --查看es的集群信息
3、配置elasticsearch xpack
1.生成证书
cd /usr/share/elasticsearch/bin
./elasticsearch-certutil ca
./elasticsearch-certutil cert --ca /usr/share/elasticsearch/elastic-stack-ca.p12
2.生成的elastic-certificates.p12文件拷贝到每个节点的/etc/elasticsearch目录下
3.修改elasticsearch.yml
增加以下配置
# 默认为true,启用节点上ES的XPACK安全功能,相当于总开关
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
# certificate:它验证所提供的证书是否由受信任的机构(CA)签名,但不执行任何主机名验证。
xpack.security.transport.ssl.verification_mode: certificate
# 信任存储库文件的存放位置 elastic-certificates.p12
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
修改.p12用户权限
chown -R root:elasticsearch elastic-certificates.p12
chmod -R 777 elastic-certificates.p12
重启elasticsearch
systemctl restart elasticsearch
4.配置密码
cd /usr/share/elasticsearch/bin
./elasticsearch-setup-passwords interactive
4、ip1安装kibana
rpm -i kibana-7.17.2-x86_64.rpm
修改配置文件 /etc/kibana/kibana.yml
server.host: "192.168.29.54"
elasticsearch.hosts: ["http://ip1:9200","http://ip2:9200","http://ip3:9200"]
elasticsearch.username: "elastic"
elasticsearch.password: "123456"
重启kibana后浏览器访问,需要用户名密码登陆
5、安装logstash
rpm -i logstash-7.17.2-x86_64.rpm
修改output配置
output {
elasticsearch {
hosts => ["http://ip1:9200","http://ip2:9200","http://ip3:9200"]
user => "elastic"
password => "123456"
index => "xxx"
}
}
类似资料: