ELK5.4安装Xpack
X-Pack是一个Elastic Stack的扩展,将安全,警报,监控,报告和图形功能包含在一个易于安装的软件包中。在Elasticsearch 5.0.0之前,必须安装单独的Shield、Watcher和Marvel插件才能获得在X-Pack中所有的功能。
1、Run bin/elasticsearch-plugin install from ES_HOME on each node in your cluster.
# cd /usr/share/elasticsearch/
# bin/elasticsearch-plugin install x-pack
-> Downloading x-pack from elastic
[=================================================] 100%
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: plugin requires additional permissions @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
* java.io.FilePermission \\.\pipe\* read,write
* java.lang.RuntimePermission accessClassInPackage.com.sun.activation.registries
* java.lang.RuntimePermission getClassLoader
* java.lang.RuntimePermission setContextClassLoader
* java.lang.RuntimePermission setFactory
* java.security.SecurityPermission createPolicy.JavaPolicy
* java.security.SecurityPermission getPolicy
* java.security.SecurityPermission putProviderProperty.BC
* java.security.SecurityPermission setPolicy
* java.util.PropertyPermission * read,write
* java.util.PropertyPermission sun.nio.ch.bugLevel write
* javax.net.ssl.SSLPermission setHostnameVerifier
See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
for descriptions of what these permissions allow and the associated risks.
Continue with installation? [y/N]y
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: plugin forks a native controller @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
This plugin launches a native controller that is not subject to the Java
security manager nor to system call filters.
Continue with installation? [y/N]y
-> Installed x-pack
2、Start Elasticsearch.
bin/elasticsearch
3、Install X-Pack into Kibana by running bin/kibana-plugin in your Kibana installation directory.
# cd /usr/share/kibana/
# bin/kibana-plugin install x-pack 这里会比较慢,耐心等待
4、Start Kibana.
bin/kibana
5、Install X-Pack on your Logstash nodes by running bin/logstash-plugin in the Logstash installation directory.
# cd /usr/share/logstash/
# bin/logstash-plugin install x-pack
To verify X-Pack installation, point your web browser at http://localhost:5601/ to open Kibana. You should be prompted to log in to Kibana. To log in, you can use the built-in elastic
user and the password changeme
.
装完x-pack之后,kibana就有了身份验证功能,那有了用户自然想到的第一件事情就是如何管理用户,比如增加一个新用户、修改用户密码等。这些在kibana的图形UI上就可以完成。
也可以使用shell终端进行管理:
修改elastic用户的密码:
# curl -XPUT -u elastic 'localhost:9200/_xpack/security/user/elastic/_password' -d '{
"password" : "123456"
}'
修改kibana用户的密码:
# curl -XPUT -u elastic 'localhost:9200/_xpack/security/user/kibana/_password' -d '{
"password" : "123456"
}'
监控界面
ES、Kibana、Logstash的状态都能看到:
需要注意的地方:
1、elasticsearch和kibana是分别安装x-pack的,如果启用了x-pack的secure功能,查看ES将需要验证,这会导致head插件无法连接ES集群。
2、需要修改kibana的配置文件,添加ES的认证信息,不然会报错 "too many redirects",记得重启服务。
# vim /etc/kibana/kibana.yml
elasticsearch.username: "elastic"
elasticsearch.password: "supersecretpassword"
# service restart kibana
参考这里:https://github.com/elastic/kibana/issues/10335
3、当然logstash也需要添加ES的认证信息。
# vim /etc/logstash/conf.d/nginx_access.conf
output {
elasticsearch {
hosts => ["192.168.3.56:9200","192.168.3.49:9200","192.168.3.57:9200"]
index => "logstash-nginx-access-%{+YYYY.MM.dd}"
user => elastic
password => supersecretpassword
}
}