在es下安装 (es版本6.5.4) 以下操作针对每台服务器
####服务器hosts增加记录对应 认证的域名: dn: CN=node3.yibai.com,OU=Ops,O=yibai Com\, Inc.,DC=yibai,DC=com
192.168.10.61 node1.yibai.com
192.168.10.62 node2.yibai.com
192.168.10.63 node3.yibai.com
集群配置参数,"/"号,按照不同服务器用“/”隔开的参数配置每个节点
cluster.name: yb-op
node.name: es01/es02/es03
path.data: /data/elasticsearch/data
path.logs: /data/elasticsearch/logs
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
network.host: 192.168.10.61/192.168.10.62/192.168.10.63,localhost
http.port: 9200
discovery.zen.ping.unicast.hosts: ["es02", "es03"]/discovery.zen.ping.unicast.hosts: ["es01", "es03"]/discovery.zen.ping.unicast.hosts: ["es01", "es02"]
discovery.zen.minimum_master_nodes: 2
下载插件
<ES directory>/bin/elasticsearch-plugin install -b com.floragunn:search-guard-6:<guard version>./elasticsearch-plugin install -b com.floragunn:search-guard-6:6.5.4-24.0进入到searchguard安装目录
cd <ES directory>/plugins/search-guard-/tools运行安装
<ES directory>/install_demo_configuration.sh
生成的文件 <ES directory>/config/elasticsearch.yml
Install demo certificates? [y/N] y
Initialize Search Guard? [y/N] y
Enable cluster mode? [y/N] y ###单点直接选N
验证安装
https://<es ip>:9200 输入admin\admin账号密码访问测试安装
https://<es ip>:9200/_searchguard/authinfo 通过访问显示有关当前登录用户的信息curl https://192.168.71.172:9200 -k -u admin:admin修改默认账号密码
生成hash新密码
sh hash.sh -p Z5bwom2Yy9或chenfh5
修改<ES directory>/plugins/search-guard-6/sgconfig/sg_internal_users.yml
####
#password is: admin
admin:
readonly: true
# hash: $2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG
hash: $2y$12$rjNSVy7WGPhP379BzsrKRuSts0TWWcsKFrst9MgBk4jeD2h.sVzye
roles:
- admin
attributes:
#no dots allowed in attribute names
attribute1: value1
attribute2: value2
attribute3: value3
分发新配置到es集群
cd <ES directory>/plugins/search-guard-6/tools
./sgadmin.sh -cd ../sgconfig/ -icl -nhnv \
-cacert /etc/elasticsearch/root-ca.pem \
-cert /etc/elasticsearch/kirk.pem \
-key /etc/elasticsearch/kirk-key.pem
kibana 安装SearchGuard (kibana版本6.5.4)
运行安装
<kibana directory>/bin/kibana-plugin install https://search.maven.org/remotecontent?filepath=com/floragunn/search-guard-kibana-plugin/6.5.4-17/search-guard-kibana-plugin-6.5.4-17.zip修改kibana配置
vim <kibana directory>/config/kibana.yml
# 关闭xpack安全认证
xpack.security.enabled: false
#xpack.monitoring.enabled: false
network.host: 0.0.0.0
<kibana directory>/bin/kibana 启动报错
Browserslist: caniuse-lite is outdated. Please run next command `npm update caniuse-lite browserslist`
原因是没有node的browserslist没更新,如果直接更新会报错,只能手动下载包再盖到原安装目录
# 安装npm工具,如果有就不用安装
yum install npm
# 新建目录下载新文件
mkdir <npmdown>
cd <npmdown>
npm intall caniuse-lite browserslist
cd <kibana directory>/node_modules
# 新建目录保存原副本
mv <kibana directory>/node_modules/browserslist <backlib>
mv <kibana directory>/node_modules/caniuse-lite <backlib>
mv <kibana directory>/node_modules/electron-to-chromium <backlib>
mv <kibana directory>/node_modules/node-releases <backlib>
mv <kibana directory>/node_modules/semver <backlib>
cd <npmdown>
mv <npmdown>/* <kibana directory>/kibana-6.5.4-linux-x86_64/node_modules
重新启动/bin/kibana 等待node编译完成
[error][admin][elasticsearch] Request error, retrying 报错
编辑 kibana.yml
# 关闭xpack安全认证
xpack.security.enabled: false
#xpack.spaces.enabled: false
# 连接
elasticsearch.url: "https://192.168.71.246:9200"
浏览器打开 https://: 输入admin帐号密码打开管理页面