ES集羣配置安全認證

首先打開Kibana的管理界面，在許可管理中升級爲白金試用版。
其次，每個ES節點的配置文件里加上：

xpack.security.enabled: true
xpack.ml.enabled: true
xpack.license.self_generated.type: trial#意爲試用版

然後重啓所有ES節點，重啓完成後，訪問http://192.168.1.3:9200/_cat/health?v，可以看到要求輸入用戶名密碼。而此時我們還沒設置密碼，下面開始設置密碼：

[root@es1 ~]# cd /usr/share/elasticsearch/bin
[root@es1 bin]# ./elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y


Enter password for [elastic]: 
Reenter password for [elastic]: 
Enter password for [apm_system]: 
Reenter password for [apm_system]: 
Enter password for [kibana]: 
Reenter password for [kibana]: 
Enter password for [logstash_system]: 
Reenter password for [logstash_system]: 
Enter password for [beats_system]: 
Reenter password for [beats_system]: 
Enter password for [remote_monitoring_user]: 
Reenter password for [remote_monitoring_user]: 
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
 

可以看到，我們修改了6個用戶的密碼，設置完成後，再次訪問http://192.168.1.3:9200/_cat/health?v，輸入用戶名elastic，密碼123456，就能看到集羣健康狀態了。這個時候如果訪問kibana的話，也是要輸入用戶名和密碼的，我們在kibana的配置文件也打開安全設置。

下面開始修改Kibana配置文件：
只需要在配置文件中加上下面兩行內容即可：

[root@kibana ~]# vim /etc/kibana/kibana.yml 
......
elasticsearch.username: "elastic"
elasticsearch.password: "123456"#這個密碼一定要跟ES集羣配置的用戶名密碼一致。

然後重啓Kibana，重新訪問192.168.1.9:5601：
此時輸入用戶名elastic和密碼123456即可登錄。

登陸後發現我們的索引是沒數據的，檢查logstash的日誌可以看到有報錯：

192168110[2020-04-03T14:29:04,598][ERROR][logstash.outputs.elasticsearch][main] Encountered a retryable error. Will Retry with exponential backoff  {:code=>401, :url=>"http://192.168.1.7:9200/_bulk"}
[2020-04-03T14:29:07,045][ERROR][logstash.outputs.elasticsearch][main] Encountered a retryable error. Will Retry with exponential backoff  {:code=>401, :url=>"http://192.168.1.6:9200/_bulk"}
[2020-04-03T14:29:11,118][ERROR][logstash.outputs.elasticsearch][main] Encountered a retryable error. Will Retry with exponential backoff  {:code=>401, :url=>"http://192.168.1.7:9200/_bulk"}
[2020-04-03T14:29:19,137][ERROR][logstash.outputs.elasticsearch][main] Encountered a retryable error. Will Retry with exponential backoff  {:code=>401, :url=>"http://192.168.1.7:9200/_bulk"}

這是因爲我們的logstash的配置文件output部分是輸出到ES集羣的，我們剛剛給ES集羣設置了安全認證，所以現在需要在output部分配置ES集羣的用戶名和密碼：

output {
    elasticsearch {
        hosts => ["192.168.1.8:9200","192.168.1.6:9200","192.168.1.7:9200"]
        index =>  'nginx'
        user => 'elastic'
        password => '123456'

注意是user而不是username，用戶名和密碼都要用英文的單引號括起來。
配置完成後，再次啓動logstash，可以正常啓動了，Kibana中索引也有數據了。