1. 下载elasticsearch
curl -L -O https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.11.1-linux-x86_64.tar.gz
tar -xzvf elasticsearch-7.11.1-linux-x86_64.tar.gz
cd elasticsearch-7.11.1
./bin/elasticsearch 2.启动elasticsearch
2.1 创建专用用户组和用户,root无法启动
groupadd es
useradd esuser -g es
passwd esuser 2.2更改文件夹及内部文件的所属用户及组
chown -R esuser:es /usr/local/elasticsearch-7.11.1 2.3 切换用户 到esuser
su esuser 2.4 elasticsearch 配置
vim /usr/local/elasticsearch-7.11.1/config/elasticsearch.yml
添加两行,注意:冒号后面要带一个空格
network.host: 0.0.0.0
cluster.initial_master_nodes: ["node-1"]
2.5 设置elasticsearch用户拥有的内存权限,至少需要262144
su root
vim /etc/sysctl.conf 末尾添加一行:
vm.max_map_count=262144
#立即生效
/sbin/sysctl -p 2.6 jvm内存调小一些
vim /usr/local/elasticsearch-7.11.1/config/jvm.options 新增两行,将内存调整至512m
-Xms512m
-Xmx512m
2.7 自定义管理脚本
vim /etc/init.d/elasticsearch在其中输入下方的脚本代码 #!/bin/bash #chkconfig: 2345 80 90
#description:elasticsearch export ES_HOME=/usr/local/elasticsearch-7.11.1
case $1 in
start)
su esuser<<!
cd $ES_HOME
./bin/elasticsearch -d -p pid
exit
!
echo "elasticsearch is started"
;;
stop)
pid=`cat $ES_HOME/pid`
kill -9 $pid
echo "elasticsearch is stopped"
;;
restart)
pid=`cat $ES_HOME/pid`
kill -9 $pid
echo "elasticsearch is stopped"
sleep 1
su esuser<<!
cd $ES_HOME
./bin/elasticsearch -d -p pid
exit
!
echo "elasticsearch is started"
;;
*)
echo "start|stop|restart"
;;
esac
exit 0 #在命令行执行下面命令,赋予脚本执行权限
chmod +x elasticsearch 命令:
#启动
/etc/init.d/elasticsearch start
#停止
/etc/init.d/elasticsearch stop
#重启
/etc/init.d/elasticsearch restart 启动后,命令行输入curl -XGET http://localhost:9200,得到以下响应说明启动成功
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | |
4、kibana安装
curl -L -O https://artifacts.elastic.co/downloads/kibana/kibana-7.11.1-linux-x86_64.tar.gz
tar xzvf kibana-7.11.1-linux-x86_64.tar.gz
cd kibana-7.11.1-linux-x86_64/
./bin/kibana 都是开箱即用,建议手动移动目录到/usr/local/下
启动kibana
4.1 创建专用用户组和用户,root无法启动
Kibana should not be run as root. Use --allow-root to continue.
useradd kibana -g es
passwd kibana 4.2更改文件夹及内部文件的所属用户及组
chown -R esuser:es /usr/local/kibana-7.11.1-linux-x86_64 仿照搞一个kibana的启动脚本
#!/bin/bash
#chkconfig: 2345 80 90
#description:kibana
export KB_HOME=/usr/local/kibana-7.11.1-linux-x86_64
case $1 in
start)
su kibana<<!
cd $KB_HOME
nohup ./bin/kibana &
exit
!
echo "kibana is started"
;;
stop)
pid=`cat $KB_HOME/pid`
kill -9 $pid
echo "kibana is stopped"
;;
restart)
pid=`cat $KB_HOME/pid`
kill -9 $pid
echo "kibana is stopped"
sleep 1
su kibana<<!
cd $KB_HOME
nohup ./bin/kibana &
exit
!
echo "kibana is started"
;;
*)
echo "start|stop|restart"
;;
esac
exit 0
赋予权限:
#在命令行执行下面命令,赋予脚本执行权限
chmod +x elasticsearch
脚本启动命令
#启动
/etc/init.d/kibana start
#停止
/etc/init.d/kibana stop
#重启
/etc/init.d/kibana restart
此处停止、重启命令都不好使,需要使用查找进程、杀死进程的方法,不然运行停止、重启命令不好使还找不到哪里的问题!!
至此,本可以通过/etc/init.d/kibana运行,但是报错,所以修改上面脚本中的启动命令为:
nohup ./bin/kibana & 至此,可以启动kibana了 ,然后需要开放5601端口
在浏览器中输入ip:5601显示无法打开,应该是端口没开放的原因,查看端口状态命令:firewall-cmd --query-port=5601/tcp
开启端口命令:firewall-cmd --zone=public --add-port=5601/tcp --permanent
重新加载防火墙:firewall-cmd --reload
再输入地址端口号,可以正确显示页面
5
Setting built-in user passwords
You must set the passwords for all built-in users.
The
elasticsearch-setup-passwords
tool is the simplest method to set the built-in users' passwords for the first time. It uses the
elastic
user’s bootstrap password to run user management API requests. For example, you can run the command in an "interactive" mode, which prompts you to enter new passwords for the
elastic
,
kibana_system
,
logstash_system
,
beats_system
,
apm_system
, and
remote_monitoring_user
users:
elasticsearch-setup-passwords
tool 命令只能输入一次,设置过密码再次输入会报错,Alternatively, you can set the initial passwords for the built-in users by using the Management > Users page in Kibana or the Change Password API. These methods are more complex. You must supply the
elastic
user and its bootstrap password to log into Kibana or run the API. This requirement means that you cannot use the default bootstrap password that is derived from the
keystore.seed
setting. Instead, you must explicitly set a
bootstrap.password
setting in the keystore before you start Elasticsearch. For example, the following command prompts you to enter a new bootstrap password:
安全加固
我们刚刚部署的Kibana是不需要密码就可以登录的,这样谁都可以kibana访问并且更改索引数据,在生产环境中为了保证数据的安全,我们必须得给kibana加上密码,保证用户登录后可进行操作。
主要是利用elasticsearch自带的xpack作为权限验证功能。操作步骤如下:
5.1. 修改ES配置开启
X-PACK
修改ElasticSearch的配置文件,
/app/elasticsearch/elasticsearch-7.13.4/config/elasticsearch.yml
,开启x-pack
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
5.2. 重启ElasticSearch
./bin/elasticsearch -d
5.3. 初始化用户密码
cd /app/elasticsearch/elasticsearch-7.13.4/bin
./elasticsearch-setup-passwords interactive
执行后会出现下面的内容,让你设置对应的密码,输入 y 继续
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
...
Changed password for user [apm_system]
Changed password for user [kibana_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
5.4. 设置证书
启用x-pack后ElasticSearch的启动日志会报
Caused by: javax.net.ssl.SSLHandshakeException: No available authentication scheme
的异常,原因是因为缺少CA证书,所以我们需要给其生成一个。
./bin/elasticsearch-certutil ca
看到提示后直接回车即可,不用设置密码
If you elect to generate PEM format certificates (the -pem option), then the output will
be a zip file containing individual files for the CA certificate and private key
Please enter the desired output file [elastic-stack-ca.p12]: # 直接回车
Enter password for elastic-stack-ca.p12 : # 直接回车
之后我们在ElasticSearch的安装目录下会看到这个证书文件 elastic-stack-ca.p12 现在我们借助生成的这个证书文件生成p12秘钥
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
看到提示后还是直接回车,不设置密码
Enter password for CA (elastic-stack-ca.p12) : # 直接回车
Please enter the desired output file [elastic-certificates.p12]: # 回车
Enter password for elastic-certificates.p12 : # 回车
# 文件路径
Certificates written to /app/elasticserach/elasticsearch-7.13.4/elastic-certificates.p12
此时文件如下: 在config目录下创建
certs
目录,并将生成的秘钥文件拷贝进去
mkdir certs
cp ../elastic-certificates.p12 certs/elastic-certificates.p12
再次修改ElasticSearch的配置文件
elasticsearch.yml
中xpack相关配置
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
接着再次重启ElasticSearch,报错
uncaught exception in thread [main]
ElasticsearchSecurityException[failed to load SSL configuration [xpack.security.transport.ssl]]; nested: ElasticsearchException[failed to initialize SSL TrustManager
- not permitted to read truststore file [/usr/local/elasticsearch-7.11.1/config/certs/elastic-certificates.p12]]; nested: AccessDeniedException
[/usr/local/elasticsearch-7.11.1/config/certs/elastic-certificates.p12];
Likely root cause: java.nio.file.AccessDeniedException: /usr/local/elasticsearch-7.11.1/config/certs/elastic-certificates.p12
给该文件授权 chmod 777 /usr/local/elasticsearch-7.11.1/config/certs/elastic-certificates.p12
再次重启elasticsearch,不再报错。
但是登陆时候登不上,报错,登陆命令curl -u esuser http://localhost:9200/
报错信息:
Enter host password for user 'esuser':
{"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [esuser] for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"unable to authenticate user [esuser] for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}[root@localhost bin]# curl -u esuser http://localhost:9200/
查看日志报错信息如下:】
[2022-02-25T08:14:11,003][WARN ][o.e.t.TcpTransport ] [localhost.localdomain] exception caught on transport layer [Netty4TcpChannel{localAddress=0.0.0.0/0.0.0.0:9300, remoteAddress=/0:0:0:0:0:0:0:1:43658}], closing connection
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: No available authentication scheme
搞不定了,去官网再看看
Getting started with the Elastic Stack | Getting Started [7.11] | Elastic
Security overview | Elasticsearch Guide [7.11] | Elastic
文档讲有默认内置用户,elastic就是,那就用elastic用户来登陆试试,这个地方的密码就是上面interactive命令设置的密码,居然成功了,说明自己添加的esuser用户没有权限啊,看看怎么扩大权限。
curl -u elastic localhost:9200
Enter host password for user 'elastic':
{
"name" : "node-1",
"cluster_name" : "elk-application",
"cluster_uuid" : "xsAt7B-HQC29uS4bgcSw8Q",
"version" : {
"number" : "7.11.1",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "ff17057114c2199c9c1bbecc727003a907c0db7a",
"build_date" : "2021-02-15T13:44:09.394032Z",
"build_snapshot" : false,
"lucene_version" : "8.7.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
重新来一遍吧!!!!!!!!!!!