一、安装环境
- Centos 7
- es 6.4.2 (全部rpm包安装)
- logstash 6.4.2
- kibana 6.4.2
二、ES 安装 search guard
- 直接使用 ES plugin 插件管理程序进行安装(插件具体对应找对应es版本的下载,插件地址在这)
cd /usr/share/elasticsearch/bin
bash elasticsearch-plugin install -b com.floragunn:search-guard-6:6.4.2-24.0
- 执行脚本自动启用插件
cd /usr/share/elasticsearch/plugins/search-guard-6/tools
bash install_demo_configuration.sh # 连续输入3个 "y" 就行
- 重新启动 es 使插件生效,在浏览器中打开
https://IP:9200进行验证(插件启用后需要输入用户名密码才可以使用)用户名密码保存路径如下:/usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_internal_users.yml;默认管理员用户为admin;密码为admin - 修改默认的用户名密码
1. 生成新的密码
# root @ elastic in /usr/share/elasticsearch/plugins/search-guard-6/tools
$ cd /usr/share/elasticsearch/plugins/search-guard-6/tools && ls
hash.bat hash.sh install_demo_configuration.sh sgadmin.bat sgadmin_demo.sh sgadmin.sh
$ bash hash.sh -p password
$2y$12$m5..B0RPu6Lwnz2mWbzbm.wvYYmqIKJHjuCLPzOSW9erF01dcK52C
2. 修改 sg_internal_users.yml 配置文件(/usr/share/elasticsearch/plugins/search-guard-6/sgconfi/sg_internal_users.yml)
#######################################################################
#password is: password
admin:
readonly: false # 此选项为 true 时 不能在kibana中修改密码
hash: $2y$12$nwfMezsKdWhPMoj5iqZ/6.H9RpXFvDbd59K1mTxqWmH8IY/bFWSXm
roles:
- admin
attributes:
#no dots allowed in attribute names
attribute1: value1
attribute2: value2
attribute3: value3
#######################################################################
3. 重新加载配置文件
# root @ elastic in /usr/share/elasticsearch/plugins/search-guard-6/tools
$ cd /usr/share/elasticsearch/plugins/search-guard-6/tools && ./sgadmin_demo.sh && systemctl restart elasticsearch
二、配置kibana
- 安装
search-guard-kibana-plugin插件(插件对应版本搜索地址)
cd /usr/share/kibana/bin
./kibana-plugin install \
https://search.maven.org/remotecontent\?filepath\=com/floragunn/search-guard-kibana-plugin/6.4.2-16/search-guard-kibana-plugin-6.4.2-16.zip
- 重新配置 kibana,配置文件配置好如下
server.port: 5601
server.host: "127.0.0.1"
elasticsearch.url: "https://localhost:9200"
elasticsearch.username: "kibanaserver"
elasticsearch.password: "kibanaserver"
elasticsearch.ssl.verificationMode: none
elasticsearch.requestHeadersWhitelist: [ "Authorization", "sgtenant" ]
tilemap.url: 'http://webrd02.is.autonavi.com/appmaptile?lang=zh_cn&size=1&scale=1&style=7&x={x}&y={y}&z={z}'
xpack.monitoring.enabled: false
xpack.graph.enabled: false
xpack.ml.enabled: false
xpack.watcher.enabled: false
xpack.security.enabled: false
-
重新启动kibana,第一次启动时间有点长(几分钟左右),配置成功后用admin用户登陆后显示如下
三、 logstash output 配置
elasticsearch {
codec => json
hosts => ["https://ek:9200"]
user => admin
password => password
ssl => false
ssl_certificate_verification => false
index => "nginx-%{+YYYY_MM}"
}
网友评论