关于elk:为ELK提供SSL访问

44次阅读

共计 5607 个字符,预计需要花费 15 分钟才能阅读完成。

五、设置 ELK 明码(可选)

  1. 开启 elasticsearch 明码
    vim /data/elk/elasticsearch/config/elasticsearch.yml
    开端减少两行

    # 开启明码
    xpack.security.transport.ssl.enabled: true
    xpack.security.enabled: true
  2. 为 kibana 配置拜访明码
    vim /data/elk/kibana/config/kibana.yml
    开端减少用户名明码配置

    # elk 体系有很多的用户组,elastic 是默认的用户组之一,能够应用默认的用户,也能够自定义用户
    elasticsearch.username: "elastic" 
    elasticsearch.password: "1qaz@WSX3edc"
  3. 重启 ELK
    docker restart elk
    重启可能报错.

    [elk] Exception
    org.elasticsearch.ElasticsearchSecurityException: invalid SSL configuration for xpack.security.transport.ssl - server ssl configuration requires a key and certificate, but these have not been configured; you must set either [xpack.security.transport.ssl.keystore.path], or both [xpack.security.transport.ssl.key] and [xpack.security.transport.ssl.certificate]
     at org.elasticsearch.xpack.core.ssl.SSLService.validateServerConfiguration(SSLService.java:635) ~[?:?]
     at org.elasticsearch.xpack.core.ssl.SSLService.loadSslConfigurations(SSLService.java:612) ~[?:?]
     at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:156) ~[?:?]
     at org.elasticsearch.xpack.core.XPackPlugin.createSSLService(XPackPlugin.java:461) ~[?:?]
     at org.elasticsearch.xpack.core.XPackPlugin.createComponents(XPackPlugin.java:310) ~[?:?]
     at org.elasticsearch.node.Node.lambda$new$14(Node.java:668) ~[elasticsearch-8.3.3.jar:?]
     at org.elasticsearch.plugins.PluginsService.lambda$flatMap$0(PluginsService.java:235) ~[elasticsearch-8.3.3.jar:?]
     at java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:273) ~[?:?]
     at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197) ~[?:?]
     at java.util.AbstractList$RandomAccessSpliterator.forEachRemaining(AbstractList.java:720) ~[?:?]
     at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509) ~[?:?]
     at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499) ~[?:?]
     at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:575) ~[?:?]
     at java.util.stream.AbstractPipeline.evaluateToArrayNode(AbstractPipeline.java:260) ~[?:?]
     at java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:616) ~[?:?]
     at java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:622) ~[?:?]
     at java.util.stream.ReferencePipeline.toList(ReferencePipeline.java:627) ~[?:?]
     at org.elasticsearch.node.Node.<init>(Node.java:681) ~[elasticsearch-8.3.3.jar:?]
     at org.elasticsearch.node.Node.<init>(Node.java:300) ~[elasticsearch-8.3.3.jar:?]
     at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:230) ~[elasticsearch-8.3.3.jar:?]
     at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:230) ~[elasticsearch-8.3.3.jar:?]
     at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:333) [elasticsearch-8.3.3.jar:?]
     at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:224) [elasticsearch-8.3.3.jar:?]
     at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:67) [elasticsearch-8.3.3.jar:?]
    [2022-09-05T19:41:12,778][ERROR][o.e.b.Elasticsearch] [elk] fatal exception while booting Elasticsearch
    org.elasticsearch.bootstrap.StartupException: org.elasticsearch.ElasticsearchSecurityException: invalid SSL configuration for xpack.security.transport.ssl - server ssl configuration requires a key and certificate, but these have not been configured; you must set either [xpack.security.transport.ssl.keystore.path], or both [xpack.security.transport.ssl.key] and [xpack.security.transport.ssl.certificate]
     at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:228) [elasticsearch-8.3.3.jar:?]
     at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:67) [elasticsearch-8.3.3.jar:?]
    Caused by: org.elasticsearch.ElasticsearchSecurityException: invalid SSL configuration for xpack.security.transport.ssl - server ssl configuration requires a key and certificate, but these have not been configured; you must set either [xpack.security.transport.ssl.keystore.path], or both [xpack.security.transport.ssl.key] and [xpack.security.transport.ssl.certificate]

    较新的版本开启明码须要 SSL 证书, 如果报以上谬误,还原下面五 - 第一步的操作,再重启 ELK 生成证书;如果 ELK 失常重启,跳过以下步骤。
    3.1 重启 ELK
    docker restart elk
    3.2 进入 docker
    docker exec -it elk /bin/bash
    3.3 生成 elastic-stack-ca.p12 文件

    cd /opt/elasticsearch
    ./bin/elasticsearch-certutil ca
    Please enter the desired output file [elastic-stack-ca.p12]:  #回车
    Enter password for elastic-stack-ca.p12 : #CA 证书的明码, 回车
    # ls     
    bin  config  data  elastic-stack-ca.p12  jdk  lib  LICENSE.txt  logs  modules  nohup.out  NOTICE.txt  plugins  README.asciidoc

    3.4 生成 elastic-certificates.p12 文件

    ./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
    Enter password for CA (elastic-stack-ca.p12) : # CA 证书的明码,间接回车
    Please enter the desired output file [elastic-certificates.p12]: # 默认
    Enter password for elastic-certificates.p12 : # 证书明码,间接回车

    3.5 回到宿主机,复制 elastic-stack-ca.p12、elastic-certificates.p12 到 elaticsearch/config 目录

    docker cp elk:/opt/elasticsearch/elastic-certificates.p12 /data/elk/elasticsearch/config/
    docker cp elk:/opt/elasticsearch/elastic-stack-ca.p12 /data/elk/elasticsearch/config/
    
    # 批改权限
    cd /data/elk
    chown -R 991:991 elasticsearch*

    3.6 再次编辑 ES 配置
    vim /data/elk/elasticsearch/config/elasticsearch.yml

    # 开启明码
    xpack.security.transport.ssl.enabled: true
    xpack.security.enabled: true
    xpack.license.self_generated.type: basic
    xpack.security.transport.ssl.verification_mode: certificate
    xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
    xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

    3.7 重启 ELK
    docker restart elk

  4. 设置 elasticsearch 明码(启动容器后)

    # 进入 elk 容器
    docker exec -it elk /bin/bash
    cd /opt/elasticsearch/bin
    # 手动设置明码
    ./elasticsearch-setup-passwords interactive
    # Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
    # You will be prompted to enter passwords as the process progresses.
    # Please confirm that you would like to continue [y/N] 按 Y 持续
    # 在前面的提醒中配置明码,配置明码即可, 会有很多个明码,都配成跟上一步一样的明码: 1qaz@WSX3edc
  5. 重启 ELK
    docker restart elk

正文完
 0