本文主要是介绍Elastic Stack--ES集群加密及Kibana的RBAC实战,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
前言:本博客仅作记录学习使用,部分图片出自网络,如有侵犯您的权益,请联系删除
学习B站博主教程笔记:
最新版适合自学的ElasticStack全套视频(Elk零基础入门到精通教程)Linux运维必备—ElasticSearch+Logstash+Kibana精讲_哔哩哔哩_bilibilihttps://www.bilibili.com/video/BV1VMW3e6Ezk/?spm_id_from=333.1007.tianma.1-1-1.click&vd_source=e539f90574cdb0bc2bc30a8b5cb3fc00
1、基于nginx反向代理控制kibana
(1)部署Nginx服务
# Nginx安装详见前文yum -y install httpd-tools
(2)编写Nginx的配置文件
cat > /etc/nginx/conf.d/kibana.conf <<'EOF'server {listen 80;server_name kibana.elk.com;location / {proxy_pass http://192.168.1.12:5601$request_uri;auth_basic "ELk kibana web!";auth_basic_user_file conf/htpasswd;}}EOF
(3)创建账号文件
mkdir -pv /etc/nginx/confhtpasswd -c -b /etc/nginx/conf/htpasswd admin cluster
(4)启动Nginx服务
nginx -tsystemctl restart nginx
(5)访问Nginx验证Kibana访问
2、配置ES集群TSL认证
# (1)生成证书文件cd /cluster/softwares/es/elasticsearch-certutil cert -out config/elastic-certificates.p12 -pass ""# (2)为证书文件修改属主和属组chown elsearch:elsearch config/elastic-certificates.p12 # (3)同步证书文件到其他节点data_rsync.sh `pwd`/config/elastic-certificates.p12 # (4)修改ES集群的配置文件vim /cluster/softwares/es/config/elasticsearch.yml...# 在最后一行添加以下内容xpack.security.enabled: truexpack.security.transport.ssl.enabled: truexpack.security.transport.ssl.verification_mode: certificatexpack.security.transport.ssl.keystore.path: elastic-certificates.p12xpack.security.transport.ssl.truststore.path: elastic-certificates.p12# (5)同步ES配置文件到其他节点data_rsync.sh `pwd`/config/elasticsearch.yml # (6)所有节点重启ES集群systemctl restart es# (7)生成随机密码elasticsearch-setup-passwords auto...Changed password for user kibana_systemPASSWORD kibana_system = X1fvzVFyZRyE8Vly8iPvChanged password for user elasticPASSWORD elastic = ZtnXmiPLLTZXvcgLArPq
测试访问:
3、kibana添加ES认证
# (1)修改kibana的配置文件vim /cluster/softwares/kibana/config/kibana.yml...elasticsearch.username: "kibana_system"elasticsearch.password: "X1fvzVFyZRyE8Vly8iPv"# (2)重启kibana访问su -c "kibana" elsearch
4、Kibana的RBAC
5、logstash写入ES加密集群案例
input {stdin {}}output {stdout { }elasticsearch {index => "cluster-linux-logstash-666"hosts => "192.168.1.10:9200"user => "logstash-linux"password => "123456"}}
建议不要使用elastic管理员用户给logstash程序使用,而是创建一个普通用户,并为该用户细化权限。
6、filebeat写入ES加密集群案例
filebeat.inputs:- type: stdinoutput.elasticsearch:enabled: truehosts: ["http://192.168.1.10:9200","http://192.168.1.11:9200","http://192.168.1.12:9200"] index: "cluster-linux-stdin-%{+yyyy.MM.dd}"username: "filebeat-linux"password: "123456"setup.ilm.enabled: falsesetup.template.name: "cluster-linux"setup.template.pattern: "cluster-linux*"setup.template.overwrite: truesetup.template.settings:index.number_of_shards: 3index.number_of_replicas: 0
致谢
在此,我要对所有为知识共享做出贡献的个人和机构表示最深切的感谢。同时也感谢每一位花时间阅读这篇文章的读者,如果文章中有任何错误,欢迎留言指正。
学习永无止境,让我们共同进步!!
这篇关于Elastic Stack--ES集群加密及Kibana的RBAC实战的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!