五、设置 ELK 明码(可选)
-
开启 elasticsearch 明码
vim /data/elk/elasticsearch/config/elasticsearch.yml
开端减少两行# 开启明码 xpack.security.transport.ssl.enabled: true xpack.security.enabled: true -
为 kibana 配置拜访明码
vim /data/elk/kibana/config/kibana.yml
开端减少用户名明码配置# elk 体系有很多的用户组,elastic 是默认的用户组之一,能够应用默认的用户,也能够自定义用户 elasticsearch.username: "elastic" elasticsearch.password: "1qaz@WSX3edc" -
重启 ELK
docker restart elk
重启可能报错.[elk] Exception org.elasticsearch.ElasticsearchSecurityException: invalid SSL configuration for xpack.security.transport.ssl - server ssl configuration requires a key and certificate, but these have not been configured; you must set either [xpack.security.transport.ssl.keystore.path], or both [xpack.security.transport.ssl.key] and [xpack.security.transport.ssl.certificate] at org.elasticsearch.xpack.core.ssl.SSLService.validateServerConfiguration(SSLService.java:635) ~[?:?] at org.elasticsearch.xpack.core.ssl.SSLService.loadSslConfigurations(SSLService.java:612) ~[?:?] at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:156) ~[?:?] at org.elasticsearch.xpack.core.XPackPlugin.createSSLService(XPackPlugin.java:461) ~[?:?] at org.elasticsearch.xpack.core.XPackPlugin.createComponents(XPackPlugin.java:310) ~[?:?] at org.elasticsearch.node.Node.lambda$new$14(Node.java:668) ~[elasticsearch-8.3.3.jar:?] at org.elasticsearch.plugins.PluginsService.lambda$flatMap$0(PluginsService.java:235) ~[elasticsearch-8.3.3.jar:?] at java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:273) ~[?:?] at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197) ~[?:?] at java.util.AbstractList$RandomAccessSpliterator.forEachRemaining(AbstractList.java:720) ~[?:?] at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509) ~[?:?] at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499) ~[?:?] at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:575) ~[?:?] at java.util.stream.AbstractPipeline.evaluateToArrayNode(AbstractPipeline.java:260) ~[?:?] at java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:616) ~[?:?] at java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:622) ~[?:?] at java.util.stream.ReferencePipeline.toList(ReferencePipeline.java:627) ~[?:?] at org.elasticsearch.node.Node.<init>(Node.java:681) ~[elasticsearch-8.3.3.jar:?] at org.elasticsearch.node.Node.<init>(Node.java:300) ~[elasticsearch-8.3.3.jar:?] at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:230) ~[elasticsearch-8.3.3.jar:?] at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:230) ~[elasticsearch-8.3.3.jar:?] at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:333) [elasticsearch-8.3.3.jar:?] at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:224) [elasticsearch-8.3.3.jar:?] at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:67) [elasticsearch-8.3.3.jar:?] [2022-09-05T19:41:12,778][ERROR][o.e.b.Elasticsearch] [elk] fatal exception while booting Elasticsearch org.elasticsearch.bootstrap.StartupException: org.elasticsearch.ElasticsearchSecurityException: invalid SSL configuration for xpack.security.transport.ssl - server ssl configuration requires a key and certificate, but these have not been configured; you must set either [xpack.security.transport.ssl.keystore.path], or both [xpack.security.transport.ssl.key] and [xpack.security.transport.ssl.certificate] at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:228) [elasticsearch-8.3.3.jar:?] at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:67) [elasticsearch-8.3.3.jar:?] Caused by: org.elasticsearch.ElasticsearchSecurityException: invalid SSL configuration for xpack.security.transport.ssl - server ssl configuration requires a key and certificate, but these have not been configured; you must set either [xpack.security.transport.ssl.keystore.path], or both [xpack.security.transport.ssl.key] and [xpack.security.transport.ssl.certificate]较新的版本开启明码须要 SSL 证书, 如果报以上谬误,还原下面五 - 第一步的操作,再重启 ELK 生成证书;如果 ELK 失常重启,跳过以下步骤。
3.1 重启 ELKdocker restart elk
3.2 进入 dockerdocker exec -it elk /bin/bash
3.3 生成 elastic-stack-ca.p12 文件cd /opt/elasticsearch ./bin/elasticsearch-certutil ca Please enter the desired output file [elastic-stack-ca.p12]: #回车 Enter password for elastic-stack-ca.p12 : #CA 证书的明码, 回车 # ls bin config data elastic-stack-ca.p12 jdk lib LICENSE.txt logs modules nohup.out NOTICE.txt plugins README.asciidoc3.4 生成 elastic-certificates.p12 文件
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 Enter password for CA (elastic-stack-ca.p12) : # CA 证书的明码,间接回车 Please enter the desired output file [elastic-certificates.p12]: # 默认 Enter password for elastic-certificates.p12 : # 证书明码,间接回车3.5 回到宿主机,复制 elastic-stack-ca.p12、elastic-certificates.p12 到 elaticsearch/config 目录
docker cp elk:/opt/elasticsearch/elastic-certificates.p12 /data/elk/elasticsearch/config/ docker cp elk:/opt/elasticsearch/elastic-stack-ca.p12 /data/elk/elasticsearch/config/ # 批改权限 cd /data/elk chown -R 991:991 elasticsearch*3.6 再次编辑 ES 配置
vim /data/elk/elasticsearch/config/elasticsearch.yml# 开启明码 xpack.security.transport.ssl.enabled: true xpack.security.enabled: true xpack.license.self_generated.type: basic xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: elastic-certificates.p123.7 重启 ELK
docker restart elk -
设置 elasticsearch 明码(启动容器后)
# 进入 elk 容器 docker exec -it elk /bin/bash cd /opt/elasticsearch/bin # 手动设置明码 ./elasticsearch-setup-passwords interactive # Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user. # You will be prompted to enter passwords as the process progresses. # Please confirm that you would like to continue [y/N] 按 Y 持续 # 在前面的提醒中配置明码,配置明码即可, 会有很多个明码,都配成跟上一步一样的明码: 1qaz@WSX3edc - 重启 ELK
docker restart elk