(十三) ES7.4集羣搭建+Kibana安全認證登錄

本文爲學習筆記，主要用於記錄本人學習過程。部分內容爲轉載！！！！.

一、ES集羣搭建

0.前期準備

三臺linux服務器

1.下載相關軟件包

到官網上下載最新版本ElasticSearch 7.4, https://www.elastic.co/cn/downloads/elasticsearch

2.修復系統配置

vi /etc/security/limits.conf
新增內容如下：
* hard nofile 65536
* soft nproc 2048
* hard nproc 4096
* soft memlock unlimited
* hard memlock unlimited

vi /etc/sysctl.conf
新增內容如下：
vm.max_map_count=655360
fs.file-max=655360
執行 sysctl -p 讓其生效

3.安裝軟件

[book@BOOK-CENTOS01 soft]$ pwd
/home/book/soft
[book@BOOK-CENTOS01 soft]$ ls
elasticsearch-7.4.0  elasticsearch-7.4.0-linux-x86_64.tar.gz

4.修改配置文件

[book@BOOK-CENTOS01 soft]$ pwd
/home/book/soft
[book@BOOK-CENTOS01 soft]$ ls
elasticsearch-7.4.0  elasticsearch-7.4.0-linux-x86_64.tar.gz

備份 /home/book/soft/elasticsearch-7.4.0/config/elasticsearch.yml

主節點配置信息：

#集羣名稱
cluster.name: ES-Cluster
#節點名稱
node.name: ES-node1
#是否是master節點
node.master: true
#是否允許該節點存儲索引數據
node.data: true
#日誌目錄
path.logs: /var/log/elasticsearch
#綁定地址
network.host: 0.0.0.0
#http端口
http.port: 9200
#集羣主機列表
discovery.seed_hosts: [“10.45.154.236”,“10.45.154.70”]
#啓動全新的集羣時需要此參數，再次重新啓動時此參數可免
#cluster.initial_master_nodes: [“10.45.154.236”]
#集羣內同時啓動的數據任務個數，默認是2個
cluster.routing.allocation.cluster_concurrent_rebalance: 32
#添加或刪除節點及負載均衡時併發恢復的線程個數，默認4個
cluster.routing.allocation.node_concurrent_recoveries: 32
#初始化數據恢復時，併發恢復線程的個數，默認4個
cluster.routing.allocation.node_initial_primaries_recoveries: 32
#存儲位置
path.data: /data
#是否開啓跨域訪問
http.cors.enabled: true
#開啓跨域訪問後的地址限制，*表示無限制
http.cors.allow-origin: “*”



## 認證使用的
xpack.security.transport.ssl.enabled: true
xpack.security.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

第二個節點配置如下:

#集羣名稱
cluster.name: ES-Cluster
#節點名稱
node.name: ES-node2
#是否是master節點
node.master: false
#是否允許該節點存儲索引數據
node.data: true
#日誌目錄
path.logs: /var/log/elasticsearch
#綁定地址
network.host: 0.0.0.0
#http端口
http.port: 9200
#集羣主機列表
discovery.seed_hosts: [“10.45.154.236”,“10.45.154.70”]
#啓動全新的集羣時需要此參數，再次重新啓動時此參數可免
#cluster.initial_master_nodes: [“10.45.154.236”]
#集羣內同時啓動的數據任務個數，默認是2個
cluster.routing.allocation.cluster_concurrent_rebalance: 32
#添加或刪除節點及負載均衡時併發恢復的線程個數，默認4個
cluster.routing.allocation.node_concurrent_recoveries: 32
#初始化數據恢復時，併發恢復線程的個數，默認4個
cluster.routing.allocation.node_initial_primaries_recoveries: 32
#存儲位置
path.data: /data
#是否開啓跨域訪問
http.cors.enabled: true
#開啓跨域訪問後的地址限制，*表示無限制
http.cors.allow-origin: “*”


## 認證使用的
xpack.security.transport.ssl.enabled: true
xpack.security.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

5.創建存儲目錄

mkdir -p /data/nodes
chown elasticsearch:elasticsearch /data/nodes

6.開放防火牆端口

firewall-cmd --zone=public --add-port=9300/tcp --permanent
firewall-cmd --zone=public --add-port=9200/tcp --permanent
systemctl restart firewalld.service

7.啓動ES

前臺啓動：/home/book/soft/elasticsearch-7.4.0/bin/elasticsearch 

後臺啓動：/home/book/soft/elasticsearch-7.4.0/bin/elasticsearch -d

停止 
lsof -i:9200
netstat -tunlp|grep 9200

kill - 9 xxxx

二.kibana配置

1 安裝kibana

下載壓縮包  解壓

2 配置kibana

server.port: 5601
server.host: "192.168.1.95"
elasticsearch.hosts: ["http://192.168.1.96:9200","http://192.168.1.97:9200","http://192.168.1.98:9200"]
i18n.locale: "zh-CN"

3 啓動kibana

前臺啓動 ./bin/kibana
後臺啓動 nohup ./bin/kibana &

三、設置用戶名和密碼

0 在集羣上配置TLS(單臺跳過)

1.生成CA證書 :

bin/elasticsearch-certutil ca

將產生新文件 elastic-stack-ca.p12。
該 elasticsearch-certutil 命令還會提示你輸入密碼以保護文件和密鑰，請保留該文件的副本並記住其密碼，此處我們設置爲空

2.爲集羣中的每個節點生成證書和私鑰 
bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
mv elastic-certificates.p12 config/

將產生新文件 elastic-certificates.p12。系統還會提示你輸入密碼，你可以輸入證書和密鑰的密碼，也可以按Enter鍵將密碼留空。默認情況下 elasticsearch-certutil 生成沒有主機名信息的證書，這意味着你可以將證書用於集羣中的每個節點，另外要關閉主機名驗證。
將 elastic-certificates.p12 文件複製到每個節點上Elasticsearch配置目錄中
無需將 elastic-stack-ca.p12 文件複製到此目錄。

3.配置集羣中的每個節點以使用其簽名證書標識自身並在傳輸層上啓用TLS
啓用TLS並指定訪問節點證書所需的信息，將以下信息添加到每個節點的 elasticsearch.yml 文件中：

xpack.security.transport.ssl.enabled: true
xpack.security.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

1、修改elasticsearch.yml

http.cors.enabled: true
http.cors.allow-origin: "*"

xpack.security.transport.ssl.enabled: true
xpack.security.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

2、修改password

elasticsearch-setup-passwords interactive

Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y

Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

3、訪問elasticsearch

4、Kibana  config\kibana.yml

elasticsearch.username: "elastic"
elasticsearch.password: "密碼".

http://localhost:5601  登錄用戶爲 elastic

四.遇見的錯誤

1 Cause: Cluster state has not been recovered yet, cannot write to the [null] index

[elastic@szyyelk01t elasticsearch-7.4.2]$ bin/elasticsearch-setup-passwords interactive

Failed to determine the health of the cluster running at http://10.10.18.90:19200
Unexpected response code [503] from calling GET http://10.10.18.90:19200/_cluster/health?pretty
Cause: master_not_discovered_exception

It is recommended that you resolve the issues with your cluster before running elasticsearch-setup-passwords.
It is very likely that the password changes will fail when run against an unhealthy cluster.

Do you want to continue with the password setup process [y/N]y

Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y               


Enter password for [elastic]: 
Reenter password for [elastic]: 
Enter password for [apm_system]: 
Reenter password for [apm_system]: 
Enter password for [kibana]: 
Reenter password for [kibana]: 
Enter password for [logstash_system]: 
Reenter password for [logstash_system]: 
Enter password for [beats_system]: 
Reenter password for [beats_system]: 
Enter password for [remote_monitoring_user]: 
Reenter password for [remote_monitoring_user]: 

Unexpected response code [503] from calling PUT http://10.10.18.90:19200/_security/user/apm_system/_password?pretty
Cause: Cluster state has not been recovered yet, cannot write to the [null] index

Possible next steps:
* Try running this tool again.
* Try running with the --verbose parameter for additional messages.
* Check the elasticsearch logs for additional error details.
* Use the change password API manually. 

ERROR: Failed to set password for user [apm_system].

解決：集羣中的三臺服務器需要同時設置，並重新啓動

http.cors.enabled: true
http.cors.allow-origin: "*"

xpack.security.transport.ssl.enabled: true
xpack.security.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

2  max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

解決：
切換到root用戶
執行命令：
sysctl -w vm.max_map_count=262144
查看結果：
sysctl -a|grep vm.max_map_count
顯示：
vm.max_map_count = 262144


上述方法修改之後，如果重啓虛擬機將失效，所以：
解決辦法：
在   /etc/sysctl.conf文件最後添加一行
vm.max_map_count=262144
即可永久修改

3  max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]

每個進程最大同時打開文件數太小，可通過下面2個命令查看當前數量

ulimit -Hn
ulimit -Sn
　　
修改/etc/security/limits.conf文件，增加配置，用戶退出後重新登錄生效

*               soft    nofile          65536
*               hard    nofile          65536

4、max number of threads [3818] for user [es] is too low, increase to at least [4096]

問題同上，最大線程個數太低。修改配置文件/etc/security/limits.conf（和問題1是一個文件），增加配置

*               soft    nproc           4096
*               hard    nproc           4096
　　
可通過命令查看

ulimit -Hu
ulimit -Su

 

修改後的文件：

 

5、Exception in thread "main" java.nio.file.AccessDeniedException: /usr/local/elasticsearch/elasticsearch-6.2.2-1/config/jvm.options

elasticsearch用戶沒有該文件夾的權限，執行命令

chown -R es:es /usr/local/elasticsearch/

 

 

————————————————
原文鏈接：https://blog.csdn.net/goodsirlee/article/details/102589354
原文鏈接：https://blog.csdn.net/chengyuqiang/article/details/102935955

原文鏈接：https://www.cnblogs.com/yidiandhappy/p/7714489.html

原文鏈接：https://www.cnblogs.com/zhi-leaf/p/8484337.html