五、设置ELK明码(可选)
开启elasticsearch明码
vim /data/elk/elasticsearch/config/elasticsearch.yml
开端减少两行# 开启明码xpack.security.transport.ssl.enabled: truexpack.security.enabled: true为kibana配置拜访明码
vim /data/elk/kibana/config/kibana.yml
开端减少用户名明码配置# elk体系有很多的用户组,elastic是默认的用户组之一,能够应用默认的用户,也能够自定义用户elasticsearch.username: "elastic" elasticsearch.password: "1qaz@WSX3edc"重启ELK
docker restart elk
重启可能报错.[elk] Exceptionorg.elasticsearch.ElasticsearchSecurityException: invalid SSL configuration for xpack.security.transport.ssl - server ssl configuration requires a key and certificate, but these have not been configured; you must set either [xpack.security.transport.ssl.keystore.path], or both [xpack.security.transport.ssl.key] and [xpack.security.transport.ssl.certificate] at org.elasticsearch.xpack.core.ssl.SSLService.validateServerConfiguration(SSLService.java:635) ~[?:?] at org.elasticsearch.xpack.core.ssl.SSLService.loadSslConfigurations(SSLService.java:612) ~[?:?] at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:156) ~[?:?] at org.elasticsearch.xpack.core.XPackPlugin.createSSLService(XPackPlugin.java:461) ~[?:?] at org.elasticsearch.xpack.core.XPackPlugin.createComponents(XPackPlugin.java:310) ~[?:?] at org.elasticsearch.node.Node.lambda$new$14(Node.java:668) ~[elasticsearch-8.3.3.jar:?] at org.elasticsearch.plugins.PluginsService.lambda$flatMap$0(PluginsService.java:235) ~[elasticsearch-8.3.3.jar:?] at java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:273) ~[?:?] at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197) ~[?:?] at java.util.AbstractList$RandomAccessSpliterator.forEachRemaining(AbstractList.java:720) ~[?:?] at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509) ~[?:?] at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499) ~[?:?] at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:575) ~[?:?] at java.util.stream.AbstractPipeline.evaluateToArrayNode(AbstractPipeline.java:260) ~[?:?] at java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:616) ~[?:?] at java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:622) ~[?:?] at java.util.stream.ReferencePipeline.toList(ReferencePipeline.java:627) ~[?:?] at org.elasticsearch.node.Node.<init>(Node.java:681) ~[elasticsearch-8.3.3.jar:?] at org.elasticsearch.node.Node.<init>(Node.java:300) ~[elasticsearch-8.3.3.jar:?] at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:230) ~[elasticsearch-8.3.3.jar:?] at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:230) ~[elasticsearch-8.3.3.jar:?] at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:333) [elasticsearch-8.3.3.jar:?] at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:224) [elasticsearch-8.3.3.jar:?] at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:67) [elasticsearch-8.3.3.jar:?][2022-09-05T19:41:12,778][ERROR][o.e.b.Elasticsearch ] [elk] fatal exception while booting Elasticsearchorg.elasticsearch.bootstrap.StartupException: org.elasticsearch.ElasticsearchSecurityException: invalid SSL configuration for xpack.security.transport.ssl - server ssl configuration requires a key and certificate, but these have not been configured; you must set either [xpack.security.transport.ssl.keystore.path], or both [xpack.security.transport.ssl.key] and [xpack.security.transport.ssl.certificate] at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:228) [elasticsearch-8.3.3.jar:?] at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:67) [elasticsearch-8.3.3.jar:?]Caused by: org.elasticsearch.ElasticsearchSecurityException: invalid SSL configuration for xpack.security.transport.ssl - server ssl configuration requires a key and certificate, but these have not been configured; you must set either [xpack.security.transport.ssl.keystore.path], or both [xpack.security.transport.ssl.key] and [xpack.security.transport.ssl.certificate]较新的版本开启明码须要SSL证书, 如果报以上谬误, 还原下面五-第一步的操作, 再重启ELK生成证书; 如果ELK失常重启, 跳过以下步骤。
3.1 重启ELKdocker restart elk
3.2 进入dockerdocker exec -it elk /bin/bash
3.3 生成elastic-stack-ca.p12文件cd /opt/elasticsearch./bin/elasticsearch-certutil caPlease enter the desired output file [elastic-stack-ca.p12]: #回车Enter password for elastic-stack-ca.p12 : #CA证书的明码,回车# ls bin config data elastic-stack-ca.p12 jdk lib LICENSE.txt logs modules nohup.out NOTICE.txt plugins README.asciidoc3.4 生成elastic-certificates.p12文件
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12Enter password for CA (elastic-stack-ca.p12) : # CA证书的明码,间接回车Please enter the desired output file [elastic-certificates.p12]: # 默认Enter password for elastic-certificates.p12 : # 证书明码,间接回车3.5 回到宿主机,复制elastic-stack-ca.p12、elastic-certificates.p12到elaticsearch/config目录
docker cp elk:/opt/elasticsearch/elastic-certificates.p12 /data/elk/elasticsearch/config/docker cp elk:/opt/elasticsearch/elastic-stack-ca.p12 /data/elk/elasticsearch/config/# 批改权限cd /data/elkchown -R 991:991 elasticsearch*3.6 再次编辑ES配置
vim /data/elk/elasticsearch/config/elasticsearch.yml# 开启明码xpack.security.transport.ssl.enabled: truexpack.security.enabled: truexpack.license.self_generated.type: basicxpack.security.transport.ssl.verification_mode: certificatexpack.security.transport.ssl.keystore.path: elastic-certificates.p12xpack.security.transport.ssl.truststore.path: elastic-certificates.p123.7 重启ELK
docker restart elk设置elasticsearch明码(启动容器后)
# 进入elk容器docker exec -it elk /bin/bashcd /opt/elasticsearch/bin# 手动设置明码./elasticsearch-setup-passwords interactive# Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.# You will be prompted to enter passwords as the process progresses.# Please confirm that you would like to continue [y/N] 按Y持续# 在前面的提醒中配置明码,配置明码即可, 会有很多个明码, 都配成跟上一步一样的明码: 1qaz@WSX3edc- 重启ELK
docker restart elk