3.5.1 HTTP认证

elasticsearch配置

来到EK服务器(192.168.1.201),在/etc/elasticsearch/elasticsearch.yml文件最下面添加如下内容:

xpack.security.enabled: true
xpack.security.audit.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true

重启elasticsearch服务,systemctl restart elasticsearch

使用/usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto命令随机生成密码。

[root@EK ~]# /usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
The passwords will be randomly generated and printed to the console.
Please confirm that you would like to continue [y/N]y

Changed password for user apm_system
PASSWORD apm_system = K7W9XpwwZpd34nv1Y5tX

Changed password for user kibana_system
PASSWORD kibana_system = Y4wdQp7L4CUP2iA8eSYq

Changed password for user kibana
PASSWORD kibana = Y4wdQp7L4CUP2iA8eSYq

Changed password for user logstash_system
PASSWORD logstash_system = m1vbJ61QAinBRqnDzhCW

Changed password for user beats_system
PASSWORD beats_system = Pw18gPqAJ5mf2taTQv0A

Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = tEzdeJZ9LbUGfZqrTE1Z

Changed password for user elastic
PASSWORD elastic = chtfAvPcIIjZyps2Qw70

使用curl命令测试elastic账号和密码是否可以能够与elasticsearch通信。

filebeat配置

ES设置密码之后,filebeat也需要设置权限认证,在filebeat配置文件最下面添加以下内容:

重启filebeat服务,service filebeat restart。测试Filebeat设置账号和密码之后,是否可以成功与ES通信。

logstash配置

如果使用logstash的话,filebeat则不需要做鉴权机制,所以filebeat的三行鉴权配置就可以注释,只需添加一行配置即可。修改完成之后,重启filebeat服务。

logstash设置鉴权机制的话,只需要添加output.elasticsearch.usernameoutput.elasticsearch.password参数。

配置完成之后,需重启logstash服务:systemctl restart logstash

查看日志logstash连接ES成功,说明鉴权机制正常。

kibana配置

kibana鉴权机制配置比较容易,只需在/etc/kibana/kibana.yml配置文件添加两行记录。

配置完成之后,需重启kibana服务:systemctl restart kibana

在浏览器打开http://192.168.1.201:5601,输入账号和密码elastic/chtfAvPcIIjZyps2Qw70登录进去。

点击Log in登录成功。

上一页3.5 ELK鉴权机制下一页3.5.2 HTTPS认证

最后更新于

这有帮助吗?