当前位置:   article > 正文

Elastic stack8.10.4搭建、启用安全认证,启用https,TLS,SSL 安全配置详解_es开启http安全认证查询索引

es开启http安全认证查询索引

ELK大家应该很了解了,废话不多说开始部署

kafka在其中作为消息队列解耦和让logstash高可用

kafka和zk 的安装可以参考这篇文章

深入理解Kafka3.6.0的核心概念,搭建与使用-CSDN博客

第一步、官网下载安装包

需要

elasticsearch-8.10.4

logstash-8.10.4

kibana-8.10.4

kafka_2.13-3.6.0

apache-zookeeper-3.9.1-bin.tar

filebeat-8.10.4-linux-x86_64.tar

第二步: 环境配置(每一台都做)

创建es用户
 

useradd es

配置主机名、配置IP地址、每台主机配置/etc/hosts名称解析

192.168.1.1 es1

192.168.1.2 es2

192.168.1.3 es3

将Linux系统的软硬限制最大文件数改为65536,将所有用户的最大线程数修改为65536

打开/etc/security/limits.conf文件,添加以下配置(每一台都做)

  1. vim  /etc/security/limits.conf
  2. * soft nofile 65536
  3. * hard nofile 65536
  4. * soft nproc 65536
  5. * hard nproc 65536
  6. es hard core unlimited #打开生成Core文件
  7. es soft core unlimited
  8. es soft memlock unlimited #允许用户锁定内存
  9. es hard memlock unlimited
  10. soft xxx : 代表警告的设定,可以超过这个设定值,但是超过后会有警告。
  11. hard xxx : 代表严格的设定,不允许超过这个设定的值。
  12. nproc : 是操作系统级别对每个用户创建的进程数的限制
  13. nofile : 是每个进程可以打开的文件数的限制
  14. soft nproc :单个用户可用的最大进程数量(超过会警告);
  15. hard nproc:单个用户可用的最大进程数量(超过会报错);
  16. soft nofile :可打开的文件描述符的最大数(超过会警告);
  17. hard nofile :可打开的文件描述符的最大数(超过会报错);

修改/etc/sysctl.conf文件,添加下面这行,并执行命令sysctl  -p使其生效

  1. vim /etc/sysctl.conf
  2. vm.max_map_count=262144 #限制一个进程可以拥有的VMA(虚拟内存区域)的数量,es要求最低65536
  3. net.ipv4.tcp_retries2=5 #数据重传次数超过 tcp_retries2 会直接放弃重传,关闭 TCP 流

解压安装包,进入config文件夹,修改elasticsearch.yml 配置文件 

  1. cluster.name: elk #集群名称
  2. node.name: node1 #节点名称
  3. node.roles: [ master,data ] #节点角色
  4. node.attr.rack: r1 #机架位置,一般没啥意义这个配置
  5. path.data: /data/esdata
  6. path.logs: /data/eslog
  7. bootstrap.memory_lock: true #允许锁定内存
  8. network.host: 0.0.0.0
  9. http.max_content_length: 200mb
  10. network.tcp.keep_alive: true
  11. network.tcp.no_delay: true
  12. http.port: 9200
  13. http.cors.enabled: true #允许http跨域访问,es_head插件必须开启
  14. http.cors.allow-origin: "*" #允许http跨域访问,es_head插件必须开启
  15. discovery.seed_hosts: ["ypd-dmcp-log01", "ypd-dmcp-log02"]
  16. cluster.initial_master_nodes: ["ypd-dmcp-log01", "ypd-dmcp-log02"]
  17. xpack.monitoring.collection.enabled: true #添加这个配置以后在kibana中才会显示联机状态,否则会显示脱机状态
  18. xpack.security.enabled: true
  19. #xpack.security.enrollment.enabled: true
  20. xpack.security.http.ssl.enabled: true
  21. xpack.security.http.ssl.keystore.path: elastic-certificates.p12 #我把文件都放在config下。所以直接写文件名,放在别处需要写路径
  22. xpack.security.http.ssl.truststore.path: elastic-certificates.p12
  23. xpack.security.transport.ssl.enabled: true
  24. xpack.security.transport.ssl.verification_mode: certificate
  25. xpack.security.transport.ssl.keystore.path: elastic-certificates.p12k
  26. xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

配置jvm内存大小 

  1. 修改 jvm.options
  2. -Xms6g #你服务器内存的一半,最高32G
  3. -Xmx6g #你服务器内存的一半,最高32G

改好文件夹准备生成相关key

 创建ca证书,什么也不用输入,两次回车即可(会在当前目录生成名为elastic-stack-ca.p12的证书文件)

bin/elasticsearch-certutil  ca

 使用之前生成的ca证书创建节点证书,过程三次回车,会在当前目录生成一个名为elastic-certificates.p12的文件

 

bin/elasticsearch-certutil  cert --ca elastic-stack-ca.p12

 生成http证书,根据提示信息进行操作,主要是下面几步

  1. bin/elasticsearch-certutil http
  2. Generate a CSR? [y/N]n
  3. Use an existing CA? [y/N]y
  4. CA Path: /usr/local/elasticsearch-8.10.4/config/certs/elastic-stack-ca.p12
  5. Password for elastic-stack-ca.p12: 直接回车,不使用密码
  6. For how long should your certificate be valid? [5y] 50y#过期时间
  7. Generate a certificate per node? [y/N]n
  8. Enter all the hostnames that you need, one per line. #输入es的节点 两次回车确认
  9. When you are done, press <ENTER> once more to move on to the next step.
  10. es1
  11. es2
  12. es3
  13. You entered the following hostnames.
  14. - es1
  15. - es2
  16. - es3
  17. Is this correct [Y/n]y
  18. When you are done, press <ENTER> once more to move on to the next step. #输入es的ip 两次回车确认
  19. 192.168.1.1
  20. 192.168.1.2
  21. 192.168.1.3
  22. You entered the following IP addresses.
  23. - 192.168.1.1
  24. - 192.168.1.2
  25. - 192.168.1.3
  26. Is this correct [Y/n]y
  27. Do you wish to change any of these options? [y/N]n

接下来一直回车,然后会在当前目录生成名为:elasticsearch-ssl-http.zip的压缩文件

解压缩http证书文件到config下,证书在http文件夹里。名字是http.p12,mv出来到config下

 确保elasticsearch目录下所有文件的归属关系都是es用户

 chown -R es:es /home/es/elasticsearch-8.10.4

启动es

  1. su - es #到es用户下
  2. bin/elasticsearch 初次可以前台启动 没问题就放后台
  3. bin/elasticsearch -d

复制整个es文件夹到es2,es3

只需要修改

  1. node.name: es2 #节点名称
  2. network.host: 192.168.1.2 #节点ip
  3. node.name: es3 #节点名称
  4. network.host: 192.168.1.3 #节点ip

 浏览器访问一下es的web ui

https://192.168.1.1:9200 

 

生成账户密码

 

  1. bin/elasticsearch-setup-passwords interactive
  2. warning: ignoring JAVA_HOME=/usr/local/java/jdk1.8.0_361; using bundled JDK
  3. ******************************************************************************
  4. Note: The 'elasticsearch-setup-passwords' tool has been deprecated. This command will be removed in a future release.
  5. ******************************************************************************
  6. Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
  7. You will be prompted to enter passwords as the process progresses.
  8. Please confirm that you would like to continue [y/N]y
  9. Enter password for [elastic]:
  10. Reenter password for [elastic]:
  11. Enter password for [apm_system]:
  12. Reenter password for [apm_system]:
  13. Enter password for [kibana_system]:
  14. Reenter password for [kibana_system]:
  15. Enter password for [logstash_system]:
  16. Reenter password for [logstash_system]:
  17. Enter password for [beats_system]:
  18. Reenter password for [beats_system]:
  19. Enter password for [remote_monitoring_user]:
  20. Reenter password for [remote_monitoring_user]:
  21. Changed password for user [apm_system]
  22. Changed password for user [kibana_system]
  23. Changed password for user [kibana]
  24. Changed password for user [logstash_system]
  25. Changed password for user [beats_system]
  26. Changed password for user [remote_monitoring_user]
  27. Changed password for user [elastic]
  28. 这个时候就可以使用账号密码访问了

创建一个给kibana使用的用户

  1. bin/elasticsearch-users useradd kibanauser
  2. kibana不能用es超级用户,此处展示一下用法
  3. bin/elasticsearch-users roles -a superuser kibanauser
  4. 加两个角色 不然没有监控权限
  5. bin/elasticsearch-users roles -a kibana_admin kibanauser
  6. bin/elasticsearch-users roles -a monitoring_user kibanauser

 然后配置kibana

解压然后修改kibana.yml

  1. server.port: 5601
  2. server.host: "0.0.0.0"
  3. server.ssl.enabled: true
  4. server.ssl.certificate: /data/elasticsearch-8.10.4/config/client.cer
  5. server.ssl.key: /data/elasticsearch-8.10.4/config/client.key
  6. elasticsearch.hosts: ["https://192.168.1.1:9200"]
  7. elasticsearch.username: "kibanauser"
  8. elasticsearch.password: "kibanauser"
  9. elasticsearch.ssl.certificate: /data/elasticsearch-8.10.4/config/client.cer
  10. elasticsearch.ssl.key: /data/elasticsearch-8.10.4/config/client.key
  11. elasticsearch.ssl.certificateAuthorities: [ "/data/elasticsearch-8.10.4/config/client-ca.cer" ]
  12. elasticsearch.ssl.verificationMode: certificate
  13. i18n.locale: "zh-CN"
  14. xpack.encryptedSavedObjects.encryptionKey: encryptedSavedObjects1234567890987654321
  15. xpack.security.encryptionKey: encryptionKeysecurity1234567890987654321
  16. xpack.reporting.encryptionKey: encryptionKeyreporting1234567890987654321

启动

bin/kibana

访问 https://ip:5601 

 配置logstash

解压后在conf下创建一个配置文件,我取名logstash.conf

  1. input {
  2. kafka {
  3. bootstrap_servers => "192.168.1.1:9092"
  4. group_id => "logstash_test"
  5. client_id => 1 #设置相同topic,设置相同groupid,设置不同clientid,实现LogStash多实例并行消费kafka
  6. topics => ["testlog"]
  7. consumer_threads => 2 #等于 topic分区数
  8. codec => json { #添加json插件,filebeat发过来的是json格式的数据
  9. charset => "UTF-8"
  10. }
  11. decorate_events => false #此属性会将当前topic、offset、group、partition等信息也带到message中
  12. type => "testlog" #跟topics不重合。因为output读取不了topics这个变量
  13. }
  14. }
  15. filter {
  16. mutate {
  17. remove_field => "@version" #去掉一些没用的参数
  18. remove_field => "event"
  19. remove_field => "fields"
  20. }
  21. }
  22. output {
  23. elasticsearch {
  24. cacert => "/data/elasticsearch-8.10.4/config/client-ca.cer"
  25. ssl => true
  26. ssl_certificate_verification => false
  27. user => elastic
  28. password => "123456"
  29. action => "index"
  30. hosts => "https://192.168.1.1:9200"
  31. index => "%{type}-%{+YYYY.MM.dd}"
  32. }
  33. }

修改jvm.options

  1. -Xms6g #你服务器内存的一半,最高32G
  2. -Xmx6g #你服务器内存的一半,最高32G

 

 启动logstash

bin/logstash -f conf/logstash.conf

最后去服务器上部署filebeat 

  1. filebeat.inputs:
  2. - type: filestream 跟以前的log类似。普通的日志选这个就行了
  3. id: testlog1
  4. enabled: true
  5. paths:
  6. - /var/log/testlog1.log
  7. field_under_root: true #让kafka的topic: '%{[fields.log_topic]}'取到变量值
  8. fields:
  9. log_topic: testlog1 #跟id不冲突,id输出取不到变量值
  10. multiline.pattern: '^\d(4)' # 设置多行合并匹配的规则,意思就是不以4个连续数字,比如2023开头的 视为同一条
  11. multiline.negate: true # 如果匹配不上
  12. multiline.match: after # 合并到后面
  13. - type: filestream
  14. id: testlog2
  15. enabled: true
  16. paths:
  17. - /var/log/testlog2
  18. field_under_root: true
  19. fields:
  20. log_topic: testlog2
  21. multiline.pattern: '^\d(4)'
  22. multiline.negate: true
  23. multiline.match: after
  24. filebeat.config.modules:
  25. path: ${path.config}/modules.d/*.yml
  26. reload.enabled: true #开启运行时重载配置
  27. #reload.period: 10s
  28. path.home: /data/filebeat-8.10.4/ #指明filebeat的文件夹。启动多个时需要
  29. path.data: /data/filebeat-8.10.4/data/
  30. path.logs: /data/filebeat-8.10.4/logs/
  31. processors:
  32. - drop_fields: #删除不需要显示的字段
  33. fields: ["agent","event","input","log","type","ecs"]
  34. output.kafka:
  35. enabled: true
  36. hosts: ["10.8.74.35:9092"] #kafka地址,可配置多个用逗号隔开
  37. topic: '%{[fields.log_topic]}' #根据上面添加字段发送不同topic

初步的部署这就完成了。后面的使用才是大头,路漫漫其修远兮 

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/花生_TL007/article/detail/365447
推荐阅读
相关标签
  

闽ICP备14008679号