在es下安裝 (es版本6.5.4) 以下操作針對每臺服務器
####服務器hosts增加記錄對應 認證的域名: dn: CN=node3.yibai.com,OU=Ops,O=yibai Com\, Inc.,DC=yibai,DC=com
192.168.10.61 node1.yibai.com
192.168.10.62 node2.yibai.com
192.168.10.63 node3.yibai.com
集羣配置參數,"/"號,按照不同服務器用“/”隔開的參數配置每個節點
cluster.name: yb-op
node.name: es01/es02/es03
path.data: /data/elasticsearch/data
path.logs: /data/elasticsearch/logs
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
network.host: 192.168.10.61/192.168.10.62/192.168.10.63,localhost
http.port: 9200
discovery.zen.ping.unicast.hosts: ["es02", "es03"]/discovery.zen.ping.unicast.hosts: ["es01", "es03"]/discovery.zen.ping.unicast.hosts: ["es01", "es02"]
discovery.zen.minimum_master_nodes: 2
下載插件
<ES directory>/bin/elasticsearch-plugin install -b com.floragunn:search-guard-6:<guard version>./elasticsearch-plugin install -b com.floragunn:search-guard-6:6.5.4-24.0進入到searchguard安裝目錄
cd <ES directory>/plugins/search-guard-/tools運行安裝
<ES directory>/install_demo_configuration.sh
生成的文件 <ES directory>/config/elasticsearch.yml
Install demo certificates? [y/N] y
Initialize Search Guard? [y/N] y
Enable cluster mode? [y/N] y ###單點直接選N
驗證安裝
https://<es ip>:9200 輸入admin\admin賬號密碼訪問測試安裝
https://<es ip>:9200/_searchguard/authinfo 通過訪問顯示有關當前登錄用戶的信息curl https://192.168.71.172:9200 -k -u admin:admin修改默認賬號密碼
生成hash新密碼
sh hash.sh -p Z5bwom2Yy9或chenfh5
修改<ES directory>/plugins/search-guard-6/sgconfig/sg_internal_users.yml
####
#password is: admin
admin:
readonly: true
# hash: $2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG
hash: $2y$12$rjNSVy7WGPhP379BzsrKRuSts0TWWcsKFrst9MgBk4jeD2h.sVzye
roles:
- admin
attributes:
#no dots allowed in attribute names
attribute1: value1
attribute2: value2
attribute3: value3
分發新配置到es集羣
cd <ES directory>/plugins/search-guard-6/tools
./sgadmin.sh -cd ../sgconfig/ -icl -nhnv \
-cacert /etc/elasticsearch/root-ca.pem \
-cert /etc/elasticsearch/kirk.pem \
-key /etc/elasticsearch/kirk-key.pem
kibana 安裝SearchGuard (kibana版本6.5.4)
運行安裝
<kibana directory>/bin/kibana-plugin install https://search.maven.org/remotecontent?filepath=com/floragunn/search-guard-kibana-plugin/6.5.4-17/search-guard-kibana-plugin-6.5.4-17.zip修改kibana配置
vim <kibana directory>/config/kibana.yml
# 關閉xpack安全認證
xpack.security.enabled: false
#xpack.monitoring.enabled: false
network.host: 0.0.0.0
<kibana directory>/bin/kibana 啓動報錯
Browserslist: caniuse-lite is outdated. Please run next command `npm update caniuse-lite browserslist`
原因是沒有node的browserslist沒更新,如果直接更新會報錯,只能手動下載包再蓋到原安裝目錄
# 安裝npm工具,如果有就不用安裝
yum install npm
# 新建目錄下載新文件
mkdir <npmdown>
cd <npmdown>
npm intall caniuse-lite browserslist
cd <kibana directory>/node_modules
# 新建目錄保存原副本
mv <kibana directory>/node_modules/browserslist <backlib>
mv <kibana directory>/node_modules/caniuse-lite <backlib>
mv <kibana directory>/node_modules/electron-to-chromium <backlib>
mv <kibana directory>/node_modules/node-releases <backlib>
mv <kibana directory>/node_modules/semver <backlib>
cd <npmdown>
mv <npmdown>/* <kibana directory>/kibana-6.5.4-linux-x86_64/node_modules
重新啓動/bin/kibana 等待node編譯完成
[error][admin][elasticsearch] Request error, retrying 報錯
編輯 kibana.yml
# 關閉xpack安全認證
xpack.security.enabled: false
#xpack.spaces.enabled: false
# 連接
elasticsearch.url: "https://192.168.71.246:9200"
瀏覽器打開 https://: 輸入admin帳號密碼打開管理頁面