在Elasticsearch中使用TLS(传输层安全性)通常是为了确保数据在网络中安全传输。可以使用Elasticsearch官方自带的证书生成工具elasticsearch-certutil生成证书,TLS配置官方指导文档。
二.ES集群开启认证
1.生成证书
#所有节点
#进入ES安装目录
cd /es/softwares/es7/elasticsearch-7.17.5/
#生成证书 指定文件路径 密码为空 证书有效期3650天
./bin/elasticsearch-certutil cert -out config/elastic-certificates.p12 -pass "" --days 3650
#修改证书的所有者和所属组为ES运行用户 这里是es
chown es:es config/elastic-certificates.p12
2.修改ES集群的配置文件
#所有节点
cat >>/es/softwares/es7/elasticsearch-7.17.5/config/elasticsearch.yml<<'EOF'
#开启xpack认证
xpack.security.enabled: true
#开启TLS
xpack.security.transport.ssl.enabled: true
#认证方式 证书
xpack.security.transport.ssl.verification_mode: certificate
#认证文件路径
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
EOF
3.重启ES集群
#所有节点
systemctl restart es7
4.生成随机密码
#进入ES安装目录
cd /es/softwares/es7/elasticsearch-7.17.5/
#自动生成密码
./bin/elasticsearch-setup-passwords auto
#输入y 生成内容如下
Please confirm that you would like to continue [y/N]y
Changed password for user apm_system
PASSWORD apm_system = igHVUo78ZFTfB7CI0o3M
Changed password for user kibana_system
PASSWORD kibana_system = XVdqmeVH0rhHv5mYC3Ur
Changed password for user kibana
PASSWORD kibana = XVdqmeVH0rhHv5mYC3Ur
Changed password for user logstash_system
PASSWORD logstash_system = uASdzDDf2A4AY9qFWNqW
Changed password for user beats_system
PASSWORD beats_system = 4sgwwHJmi3g9tR3NZhvW
Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = 45DxkEodn6kPoW7T44pE
Changed password for user elastic
PASSWORD elastic = SfSnnfYPzBTMMTyUbuRa
5.验证 需要认证
Authorization---Basic Aurh ES用户名 elastic ES口令 SfSnnfYPzBTMMTyUbuRa
浏览器验证 http://192.168.77.177:9200/_cat/nodes?pretty ES用户名 elastic ES口令 SfSnnfYPzBTMMTyUbuRa
三.连接ES配置
1.kibana连接ES 配置
#kibana节点
#修改kibana配置文件
cat >>/etc/kibana/kibana.yml<<'EOF'
elasticsearch.username: "kibana_system"
elasticsearch.password: "XVdqmeVH0rhHv5mYC3Ur"
EOF
#重启kibana
systemctl restart kibana
浏览器验证 http://192.168.77.176:5601/ ES用户名 elastic ES口令 SfSnnfYPzBTMMTyUbuRa
2.filebeat连接ES 配置
#修改filebeat配置文件
cd /es/softwares/filebeat-7.17.5-linux-x86_64/config
#output.elasticsearch:添加认证信息
cat >01-log-to-es.yaml<<'EOF'
filebeat.inputs:
#指定输入类型是log
- type: log
# 指定文件路径
paths:
- /var/log/*.log
- /var/log/**
#指定输出端为ES集群
output.elasticsearch:
hosts: ["http://192.168.77.176:9200","http://192.168.77.177:9200","http://192.168.77.178:9200"]
username: "elastic"
password: "SfSnnfYPzBTMMTyUbuRa"
index: "linux_log_index-%{+yyyy.MM.dd}"
EOF
#启动filebeat实例
filebeat -e -c 01-log-to-es.yaml
3.logstash连接ES 配置
#修改logstash配置文件
cd /es/softwares/logstash-7.17.5/config
#elasticsearch {} 添加认证信息
cat >01-beats-to-es.conf<<'EOF'
# Sample Logstash configuration for creating a simple
# Beats -> Logstash -> Elasticsearch pipeline.
input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => ["http://192.168.77.176:9200"]
index => "nginx-logstash-%{+YYYY.MM.dd}"
user => "elastic"
password => "SfSnnfYPzBTMMTyUbuRa"
}
}
EOF
#启动logstash实例
cd /es/softwares/logstash-7.17.5/config
logstash -rf 01-beats-to-es.conf
4.用户名口令修改和权限控制
elastic口令修改
用户及用户权限设置