听闻少年二字,当与平庸相斥。这篇文章主要讲述ELK开启账户密码认证详细操作相关的知识,希望能为你提供帮助。
环境:
ElasticSearch版本:7.13.2介绍:
kibana只是一个视图页面,真正工作的是Elasticsearch。注意:
下边有关es的操作需要所有节点执行。?
创建es节点之间SSL证书1、在es主节点生成 elastic-stack-ca.p12文件
# ./bin/elasticsearch-certutil ca
Please enter the desired output file [elastic-stack-ca.p12]:#回车
Enter password for elastic-stack-ca.p12 : #CA证书的密码,回车
# ls
binconfigdataelastic-stack-ca.p12jdklibLICENSE.txtlogsmodulesnohup.outNOTICE.txtpluginsREADME.asciidoc
2、在es主节点生成 elastic-certificates.p12文件
./elasticsearch-certutil cert --ca elastic-stack-ca.p12
Enter password for CA (elastic-stack-ca.p12) : # CA证书的密码,直接回车
Please enter the desired output file [elastic-certificates.p12]: # 默认
Enter password for elastic-certificates.p12 : # 证书密码,直接回车
3、复制elastic-stack-ca.p12、elastic-certificates.p12到各节点的config目录
cp elastic-stack-ca.p12 elastic-certificates.p12config/
4、修改elastic-stack-ca.p12 、 elastic-certificates.p12属主
# chown elk. config/elastic-certificates.p12
# chown elk. config/elastic-stack-ca.p12
5、其他节点省略......
配置es1、修改es配置文件:elasticsearch.yml,添加如下配置,其他节点配置相同
# vim ../config/elasticsearch.yml
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
2、重启es
systemctl restart elasticsearch
3、es的bin目录下执行命令设置初始密码,会设置下边六个账户的密码
# ./elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana_system]:
Reenter password for [kibana_system]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
4、修改kibana的配置文件
# vim kibana.yml
elasticsearch.username: "kibana_system"
elasticsearch.password: "kibana_system"# 密码
5、重启kibana服务
# systemctl restart kibana
6、修改logstash配置文件
# vim /opt/logstash-7.13.2/config/new.conf
output
elasticsearch
hosts=> ["xxxx:9200","xxxxxx:9200"]
index => "%[type]-%+YYYY.MM.dd"
user => "elastic"# 新增
password => "elastic"# 新增
7、重启logstash服务
# systemctl restart logstash
8、访问kibana验证
【ELK开启账户密码认证详细操作】
推荐阅读
- 关于 SAP Commerce Cloud Github 仓库需要遵循的规范
- 关于 SAP Commerce Cloud 的 Sample Setup Github 仓库
- 网站上的 breadcrumb 使用场景浅析
- SAP UI5 的自动化测试套件页面的开发步骤介绍
- SAP Commerce Cloud 如何为 Storefront 配置新的应用
- ntpdate[2733]: no server suitable for synchronization found
- SAP Commerce Cloud Github 仓库管理规范
- SAP 订单模型的编排方式概述
- SAP Commerce Cloud 构建环境和最终运行环境的区别