此文之前,假定讀者已經一次完成了Kibana和elasticsearch的安裝。參考官方文檔,安裝後默認配置已經可以連通kibana和es。
- 系統: centos7
內容: 增加authentication & enable ssl
elastic 技術棧 的另外一個重要的角色是x-pack.
ES安裝xpack插件
參考安裝xpack
Run bin/elasticsearch-plugin install from ES_HOME on each node in your cluster:
bin/elasticsearch-plugin install x-packKibana 安裝xpack 插件
參考安裝xpack
Install X-Pack into Kibana by running bin/kibana-plugin in your Kibana installation directory.
bin/kibana-plugin install x-pack依次啓動elasticsearch 和kibana
修改用戶elastic 和 kibana的密碼
X-Pack security provides a built-in elastic superuser you can use to start setting things up. The default password for the elastic user is changeme.
curl -XPUT -u elastic 'localhost:9200/_xpack/security/user/elastic/_password' -d '{
"password" : "elasticpassword"
}'curl -XPUT -u elastic 'localhost:9200/_xpack/security/user/kibana/_password' -d '{
"password" : "kibanapassword"
}'CURL授權
在訪問需要授權的頁面時,可通過-u選項提供用戶名和密碼進行授權。 通常的做法是在命令行只輸入用戶名,之後會提示輸入密碼,這樣可以保證在查看歷史記錄時不會將密碼泄露
Enable Kibana SSL
Using Kibana in a Production Environment
配置上證書的路徑即可:
# SSL for outgoing requests from the Kibana Server (PEM formatted)
server.ssl.key: /path/to/your/server.key
server.ssl.cert: /path/to/your/server.crt修改了超級用戶的密碼,enable ssl後,就可以放心的去使用kibana的Dev Tools 或者chrome插件(sense)進行大部分API 的操作。 (在此之前需要ssh到服務器通過curl來操作以保證安全)
創建用戶logstash_writer
官方參考
上面步驟完成後會發現logstash推送給es報錯了。因爲現在ES需要用戶名和密碼了。 這裏我們需要創建一個用戶擁有write, delete, and create_index的權限。
[2016-12-23T20:42:19,350][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>#<URI::HTTP:0x17b5a1bd URL:http://localhost:9200>, :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :error=>"Got response code '401' contact Elasticsearch at URL 'http://localhost:9200/'"}
[2016-12-23T20:42:20,132][WARN ][logstash.shutdownwatcher ] {}
- 先創建一個role:logstash_writer
POST _xpack/security/role/logstash_writer
{
"cluster": ["manage_index_templates", "monitor"],
"indices": [
{
"names": [ "logstash-*","business-index-*"],
"privileges": ["write","delete","create_index"]
}
]
}- 再創建一個用戶:logstash_internal擁有Role:logstash_writer
POST /_xpack/security/user/logstash_internal
{
"password" : "changeme",
"roles" : [ "logstash_writer"],
"full_name" : "Internal Logstash User"
}上面的操作也可以通過Kibana的Management UI來操作
- 配置logstash.conf
output {
elasticsearch {
...
user => logstash_internal
password => changeme
}logstash, elasticsearch, kibana 如果在同一網絡,而暴露出去的只有kibana的話,logstash和elasticsearch 之前是無需授權的。可以參考Enabling Anonymous Access 另外,logstash和elasticsearch之間如果需要授權,會不會有性能的影響?
給Kibana用戶加上index的讀的權限
Kibana安裝xpack後默認就需要登錄了。也可以用超級用戶elastic登錄
登錄後打開DevTools進行ES API的操作。
修改後停掉kibana服務。修改kibana的配置:
Once you change the password, you need to specify it with the elasticsearch.password property in kibana.yml:
elasticsearch.password: "s0m3th1ngs3cr3t"坑 (Tricky Part)
- /etc/logstash/conf.d 下不要有多餘的文件。比如logstash.conf.bak, 似乎logstash會讀這個文件夾下的不止logstash.conf這個文件配置。logstash.conf.bak 會導致死循環一樣的重啓。elastic community
