一、安裝環(huán)境
- Centos 7
- es 6.4.2 (全部rpm包安裝)
- logstash 6.4.2
- kibana 6.4.2
二舟茶、ES 安裝 search guard
- 直接使用 ES plugin 插件管理程序進(jìn)行安裝(插件具體對(duì)應(yīng)找對(duì)應(yīng)es版本的下載坐梯,插件地址在這)
cd /usr/share/elasticsearch/bin
bash elasticsearch-plugin install -b com.floragunn:search-guard-6:6.4.2-24.0
- 執(zhí)行腳本自動(dòng)啟用插件
cd /usr/share/elasticsearch/plugins/search-guard-6/tools
bash install_demo_configuration.sh # 連續(xù)輸入3個(gè) "y" 就行
- 重新啟動(dòng) es 使插件生效,在瀏覽器中打開(kāi)
https://IP:9200進(jìn)行驗(yàn)證(插件啟用后需要輸入用戶名密碼才可以使用)用戶名密碼保存路徑如下:/usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_internal_users.yml;默認(rèn)管理員用戶為admin;密碼為admin - 修改默認(rèn)的用戶名密碼
1. 生成新的密碼
# root @ elastic in /usr/share/elasticsearch/plugins/search-guard-6/tools
$ cd /usr/share/elasticsearch/plugins/search-guard-6/tools && ls
hash.bat hash.sh install_demo_configuration.sh sgadmin.bat sgadmin_demo.sh sgadmin.sh
$ bash hash.sh -p password
$2y$12$m5..B0RPu6Lwnz2mWbzbm.wvYYmqIKJHjuCLPzOSW9erF01dcK52C
2. 修改 sg_internal_users.yml 配置文件(/usr/share/elasticsearch/plugins/search-guard-6/sgconfi/sg_internal_users.yml)
#######################################################################
#password is: password
admin:
readonly: false # 此選項(xiàng)為 true 時(shí) 不能在kibana中修改密碼
hash: $2y$12$nwfMezsKdWhPMoj5iqZ/6.H9RpXFvDbd59K1mTxqWmH8IY/bFWSXm
roles:
- admin
attributes:
#no dots allowed in attribute names
attribute1: value1
attribute2: value2
attribute3: value3
#######################################################################
3. 重新加載配置文件
# root @ elastic in /usr/share/elasticsearch/plugins/search-guard-6/tools
$ cd /usr/share/elasticsearch/plugins/search-guard-6/tools && ./sgadmin_demo.sh && systemctl restart elasticsearch
二、配置kibana
- 安裝
search-guard-kibana-plugin插件(插件對(duì)應(yīng)版本搜索地址)
cd /usr/share/kibana/bin
./kibana-plugin install \
https://search.maven.org/remotecontent\?filepath\=com/floragunn/search-guard-kibana-plugin/6.4.2-16/search-guard-kibana-plugin-6.4.2-16.zip
- 重新配置 kibana,配置文件配置好如下
server.port: 5601
server.host: "127.0.0.1"
elasticsearch.url: "https://localhost:9200"
elasticsearch.username: "kibanaserver"
elasticsearch.password: "kibanaserver"
elasticsearch.ssl.verificationMode: none
elasticsearch.requestHeadersWhitelist: [ "Authorization", "sgtenant" ]
tilemap.url: 'http://webrd02.is.autonavi.com/appmaptile?lang=zh_cn&size=1&scale=1&style=7&x={x}&y={y}&z={z}'
xpack.monitoring.enabled: false
xpack.graph.enabled: false
xpack.ml.enabled: false
xpack.watcher.enabled: false
xpack.security.enabled: false
-
重新啟動(dòng)kibana螟左,第一次啟動(dòng)時(shí)間有點(diǎn)長(zhǎng)(幾分鐘左右),配置成功后用admin用戶登陸后顯示如下
三、 logstash output 配置
elasticsearch {
codec => json
hosts => ["https://ek:9200"]
user => admin
password => password
ssl => false
ssl_certificate_verification => false
index => "nginx-%{+YYYY_MM}"
}
