ELK集群设置密码

一、软件安装清单

• elasticsearch7.17.22
• logstash7.17.22
• kibana:7.17.22
• filebeat7.17.22
• elasticsearch-head:5

二、配置

1. 生成证书

进入elasticsearch容器

bin/elasticsearch-certutil cert -out /usr/share/elasticsearch/config/elastic-certificates.p12 -pass

2. 将证书拷贝至其他容器后重启集群
3. 设置密码

进入容器设置密码

bin/elasticsearch-setup-passwords interactive

5. 设置elasticsearch

elasticsearch.yml

# 安全认证
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
http.cors.allow-headers: "Authorization"

xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

4. 设置logstash

logstash.yml

xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: elastic
xpack.monitoring.elasticsearch.password: xxxxxx

logstash-filebeat.conf

output {
    # 选择elasticsearch
    elasticsearch {
        hosts => ["http://es-master:9200"]
        user => "elastic"
        password => "xxxxxx"
        index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
    }
}

5. 设置kibana

kibana.yml

elasticsearch.username: "elastic"
elasticsearch.password: "xxxxxx"
xpack.security.enabled: true

6. 验证

访问地址 http://kibana服务IP:5601

参考

https://www.elastic.co/guide/en/elasticsearch/reference/7.17/security-basic-setup.html