Docker部署ELK后配置search guard认证模块
Docker部署ELK参考
https://www.cnblogs.com/minseo/p/12956563.html
安装search guard参考
https://www.cnblogs.com/minseo/p/10576126.html
在线生成证书
https://search-guard.com/tls-certificate-generator/
在线生成证书本次只输入一个地址192.168.1.227生成证书,使用邮箱接收生成的证书
启动elasticsearch
docker run -d --name elasticsearch -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -v /nas/nas/scripts/docker_es_kibana/elasticsearch/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml -v /usr/share/elasticsearch/data:/usr/share/elasticsearch/data docker.elastic.co/elasticsearch/elasticsearch:6.6.2
把证书及search guard模块拷贝至容器内
docker cp search-guard-6-6.6.2-24.2.zip elasticsearch:/opt/ docker cp search-guard-certificates elasticsearch:/opt/
登录容器
docker exec -it elasticsearch bash
安装search guard模块
模块最好下载成文件使用file安装,否则网络速度较慢安装时间比较长
/usr/share/elasticsearch/bin/elasticsearch-plugin install file:///opt/search-guard-6-6.6.2-24.2.zip
安装输入y确认
查看是否安装成功
# /usr/share/elasticsearch/bin/elasticsearch-plugin list ingest-geoip ingest-user-agent search-guard-6
创建证书目录,因为容器配置文件在目录/usr/share/elasticsearch/config配置文件使用相对路径所以创建的key目录也在改目录下
mkdir /usr/share/elasticsearch/config/key
把解压后的证书拷贝至此目录
mv /opt/search-guard-certificates/* /usr/share/elasticsearch/config/key/
设置目录权限为elasticsearch,因为使用用户elasticsearch启动,不设置权限会导致启动失败
chown -R elasticsearch:elasticsearch key/
修改配置文件添加search guard配置
# cat /usr/share/elasticsearch/config/elasticsearch.yml cluster.name: myes #node.name: node-1 path.data: /usr/share/elasticsearch/data #path.logs: /var/log/elasticsearch bootstrap.memory_lock: false network.host: 0.0.0.0 http.port: 9200 #search guard config start searchguard.ssl.transport.pemcert_filepath: key/node-certificates/CN=IP-192.168.1.227.crtfull.pem searchguard.ssl.transport.pemkey_filepath: key/node-certificates/CN=IP-192.168.1.227.key.pem searchguard.ssl.transport.pemkey_password: c7c81d49530b771b415f searchguard.ssl.transport.pemtrustedcas_filepath: key/chain-ca.pem searchguard.ssl.transport.enforce_hostname_verification: false searchguard.ssl.http.enabled: true searchguard.ssl.http.pemcert_filepath: key/node-certificates/CN=IP-192.168.1.227.crtfull.pem searchguard.ssl.http.pemkey_filepath: key/node-certificates/CN=IP-192.168.1.227.key.pem searchguard.ssl.http.pemkey_password: c7c81d49530b771b415f searchguard.ssl.http.pemtrustedcas_filepath: key/chain-ca.pem searchguard.authcz.admin_dn: - CN=sgadmin searchguard.audit.type: internal_elasticsearch searchguard.enable_snapshot_restore_privilege: true searchguard.check_snapshot_restore_write_privileges: true searchguard.restapi.roles_enabled: ["sg_all_access"] cluster.routing.allocation.disk.threshold_enabled: false node.max_local_storage_nodes: 3 xpack.security.enabled: false #search guard config end
退出容器重启容器生效
docker restart elasticsearch
验证安装是否成功,在web页面访问,默认用户名和密码都是admin
https://192.168.1.227:9200/_searchguard/authinfo
出现以下json格式代表安装正常
设置权限因子
登录容器操作
拷贝证书
cd /usr/share/elasticsearch/config/key cp root-ca.pem client-certificates/CN\=sgadmin.key.pem client-certificates/CN\=sgadmin.crtfull.pem /usr/share/elasticsearch/plugins/search-guard-6/tools/
设置权限因子,该命令可以在证书的README.txt找到
cd /usr/share/elasticsearch/plugins/search-guard-6/tools/ chmod +x sgadmin.sh ./sgadmin.sh -cacert root-ca.pem -cert CN=sgadmin.crtfull.pem -key CN=sgadmin.key.pem -keypass e569191697316c8f6711 -nhnv -icl -cd ../sgconfig/
初始化搜索保护设置
cd /usr/share/elasticsearch/config/key cp truststore.jks client-certificates/CN\=sgadmin-keystore.jks /usr/share/elasticsearch/plugins/search-guard-6/tools/ cd /usr/share/elasticsearch/plugins/search-guard-6/tools/ ./sgadmin.sh -ts truststore.jks -tspass 4246ab5a580067d6b361 -ks CN=sgadmin-keystore.jks -kspass e569191697316c8f6711 -nhnv -icl -cd ../sgconfig/
该命令也在README.txt中
配置kibana
启动kibana容器
docker run -d --name kibana -p 5601:5601 -v /nas/nas/scripts/docker_es_kibana/kibana/kibana.yml:/usr/share/kibana/config/kibana.yml docker.elastic.co/kibana/kibana:6.6.2
拷贝search guard模块至容器中
docker cp search-guard-kibana-plugin-6.6.2-18.1.zip kibana:/opt/
登录容器安装模块
docker exec -it kibana bash
/usr/share/kibana/bin/kibana-plugin install file:///opt/search-guard-kibana-plugin-6.6.2-18.1.zip
安装查看
$ /usr/share/kibana/bin/kibana-plugin list searchguard@6.6.2-18.1
修改挂载的kibana配置文件kibana.yml添加配置
注意无法在容器中修改该文件,需要修改挂载的配置文件然后重启容器
# cat kibana.yml server.port: 5601 server.host: "0.0.0.0" elasticsearch.url: "https://192.168.1.227:9200" kibana.index: ".kibana" elasticsearch.username: "kibanaserver" elasticsearch.password: "kibanaserver" elasticsearch.ssl.verificationMode: none elasticsearch.requestHeadersWhitelist: [ "Authorization", "sgtenant" ] xpack.monitoring.enabled: false xpack.graph.enabled: false xpack.ml.enabled: false xpack.watcher.enabled: false xpack.security.enabled: false
重启容器
docker restart kibana
登录kibana需要输入用户名和密码admin
使用Dockerfile配置
以上配置如果重新启动容器又需要重新配置,下面使用Dockerfile一次性配置
elasticsearch配置文件
# cat elasticsearch.yml cluster.name: myes #node.name: node-1 path.data: /usr/share/elasticsearch/data #path.logs: /var/log/elasticsearch bootstrap.memory_lock: false network.host: 0.0.0.0 http.port: 9200 #search guard config start searchguard.ssl.transport.pemcert_filepath: key/node-certificates/CN=IP-192.168.1.227.crtfull.pem searchguard.ssl.transport.pemkey_filepath: key/node-certificates/CN=IP-192.168.1.227.key.pem searchguard.ssl.transport.pemkey_password: c7c81d49530b771b415f searchguard.ssl.transport.pemtrustedcas_filepath: key/chain-ca.pem searchguard.ssl.transport.enforce_hostname_verification: false searchguard.ssl.http.enabled: true searchguard.ssl.http.pemcert_filepath: key/node-certificates/CN=IP-192.168.1.227.crtfull.pem searchguard.ssl.http.pemkey_filepath: key/node-certificates/CN=IP-192.168.1.227.key.pem searchguard.ssl.http.pemkey_password: c7c81d49530b771b415f searchguard.ssl.http.pemtrustedcas_filepath: key/chain-ca.pem searchguard.authcz.admin_dn: - CN=sgadmin searchguard.audit.type: internal_elasticsearch searchguard.enable_snapshot_restore_privilege: true searchguard.check_snapshot_restore_write_privileges: true searchguard.restapi.roles_enabled: ["sg_all_access"] cluster.routing.allocation.disk.threshold_enabled: false node.max_local_storage_nodes: 3 xpack.security.enabled: false #search guard config end
Dockerfile
# cat Dockerfile FROM docker.elastic.co/elasticsearch/elasticsearch:6.6.2 MAINTAINER liuym #添加search模块 ADD search-guard-6-6.6.2-24.2.zip /opt/search-guard-6-6.6.2-24.2.zip #安装模块,需要交互输入y RUN sh -c '/bin/echo -e "y"|/usr/share/elasticsearch/bin/elasticsearch-plugin install -s file:///opt/search-guard-6-6.6.2-24.2.zip' #创建证书文件夹 RUN mkdir /usr/share/elasticsearch/config/key #添加生成的证书文件,tar文件会在文件夹自动解压 ADD search-guard-certificates.tar /opt #把证书复制到对应证书目录 RUN mv /opt/search-guard-certificates/* /usr/share/elasticsearch/config/key #设置证书权限 RUN chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/config/key #添加配置文件 ADD elasticsearch.yml /usr/share/elasticsearch/config/elasticsearch.yml
文件夹下放置证书以及search guard文件,目录下有以下文件
# tree . ├── Dockerfile ├── elasticsearch.yml ├── search-guard-6-6.6.2-24.2.zip └── search-guard-certificates.tar 0 directories, 4 files
使用Dockerfile生成镜像
# docker build -t elasticsearch:6.6.2 . Sending build context to Docker daemon 27MB Step 1/9 : FROM docker.elastic.co/elasticsearch/elasticsearch:6.6.2 ---> 1bca39c5a102 Step 2/9 : MAINTAINER liuym ---> Using cache ---> ddf98d53d79f Step 3/9 : ADD search-guard-6-6.6.2-24.2.zip /opt/search-guard-6-6.6.2-24.2.zip ---> Using cache ---> ded97929bfae Step 4/9 : RUN sh -c '/bin/echo -e "y"|/usr/share/elasticsearch/bin/elasticsearch-plugin install -s file:///opt/search-guard-6-6.6.2-24.2.zip' ---> Using cache ---> 514b9328f86b Step 5/9 : RUN mkdir /usr/share/elasticsearch/config/key ---> Using cache ---> 301d21f14bbd Step 6/9 : ADD search-guard-certificates.tar /opt ---> Using cache ---> 321a70d3ca47 Step 7/9 : RUN mv /opt/search-guard-certificates/* /usr/share/elasticsearch/config/key ---> Using cache ---> d5996471ed8e Step 8/9 : RUN chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/config/key ---> Using cache ---> aa1a06cce611 Step 9/9 : ADD elasticsearch.yml /usr/share/elasticsearch/config/elasticsearch.yml ---> 7f40dd51a36f Successfully built 7f40dd51a36f Successfully tagged elasticsearch:6.6.2
查看新镜像
使用新镜像启动
docker run -d --name elasticsearch -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -v /usr/share/elasticsearch/data:/usr/share/elasticsearch/data elasticsearch:6.6.2
因为生成镜像已经把配置文件加入所以不需要挂载配置文件,只需要挂载数据文件
访问测试,需要输入用户名和密码,出现json格式文件代表正常
https://192.168.1.227:9200/_searchguard/authinfo
kibana配置文件
# cat kibana.yml server.port: 5601 server.host: "0.0.0.0" elasticsearch.url: "https://192.168.1.227:9200" kibana.index: ".kibana" elasticsearch.username: "kibanaserver" elasticsearch.password: "kibanaserver" elasticsearch.ssl.verificationMode: none elasticsearch.requestHeadersWhitelist: [ "Authorization", "sgtenant" ] xpack.monitoring.enabled: false xpack.graph.enabled: false xpack.ml.enabled: false xpack.watcher.enabled: false xpack.security.enabled: false
Dockerfile文件
# cat Dockerfile FROM docker.elastic.co/kibana/kibana:6.6.2 MAINTAINER liuym #添加search模块 ADD search-guard-kibana-plugin-6.6.2-18.1.zip /opt/search-guard-kibana-plugin-6.6.2-18.1.zip #安装模块,需要交互输入y RUN sh -c '/bin/echo -e "y"|/usr/share/kibana/bin/kibana-plugin install -s file:///opt/search-guard-kibana-plugin-6.6.2-18.1.zip' #添加配置文件 ADD kibana.yml /usr/share/kibana/config/kibana.yml
生成新镜像
docker build -t kibana:6.6.2 ./
查看
使用新镜像启动,同理不需要挂载配置文件
docker run -d --name kibana -p 5601:5601 kibana:6.6.2
查看
页面访问,需要输入用户名和密码admin及代表配置成功
