elasticsearch 6.0.0 安装插件x-pack
来源:原创
时间:2021-03-30
作者:脚本小站
分类:Linux
elasticsearch 6.3 版本之前的添加认证需安装x-pack插件,之后直接在配置中启用就行。
插件下载地址:修改版本号即可得到相应的版本。
https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-6.0.0.zip
参考文档:
jianshu.com/p/802c5d803a95 pianshen.com/article/9193681216/
查看集群相关信息:
curl -XGET 'http://10.1.55.73:9200/_cat/nodes' curl -XGET 'http://10.1.55.73:9200/_cat/indices'
安装x-pack:
cd /usr/share/elasticsearch/ ./bin/elasticsearch-plugin install file:///root/x-pack-6.0.0.zip
设置密码:设置密码的时候要注意密码需要有复杂度
cd ./elasticsearch/bin/x-pack/ ./setup-passwords interactive
修改配置:追加如下配置
vim /etc/elasticsearch/elasticsearch.yml http.cors.enabled: true http.cors.allow-origin: '*' http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
平滑重启集群:
禁止分片分配:
curl -H "Content-Type: application/json" -XPUT http://10.1.55.73:9200/_cluster/settings -d '{ "transient" : { "cluster.routing.allocation.enable" : "none" }}'重启节点:对节点进行一些操作之后。
systemctl restart elasticsearch.service
重启分片分配:
curl -H "Content-Type: application/json" -XPUT http://10.1.55.73:9200/_cluster/settings -d '{ "transient" : { "cluster.routing.allocation.enable" : "all" }}'关于平滑重启es的参考文档:
cnblogs.com/bonelee/p/7458374.html
重启好集群之后访问集群要加密码:之后的本地curl操作都需要加上 -u 选项。
curl -XGET -u elastic:password123456 'http://10.1.55.73:9200/_cat/nodes'
配置kibana:
vim /etc/kibana/kibana.yml elasticsearch.username: "kibana" elasticsearch.password: "password123456"
重启kibana:
systemctl restart kibana
logstash密码配置:
开启认证之后无论是kibana还是本地的curl都要密码才能访问包括logstash:下面的配置是7.x之后的。
xpack.monitoring.enabled: true xpack.monitoring.elasticsearch.username: logstash_system xpack.monitoring.elasticsearch.password: ***** xpack.monitoring.elasticsearch.hosts: ["http://ip:9200"]
filebeat密码配置:
output.elasticsearch: hosts: ["192.168.0.30:9200"] #protocol: "https" username: "elastic" password: "password123456"
这其中涉及到要创建有权限的账号来创建索引,否者默认的elastic账号只能查看不能创建索引。
示例一:
创建角色:
curl -H "Content-Type: application/json" -XPOST -u elastic:password123456 192.168.0.30:9200/_xpack/security/role/filebeat_writer -d '{
"cluster": ["manage_index_templates", "monitor"],
"indices": [
{
"names": [ "filebeat-*" ],
"privileges": ["write","create_index"]
}
]
}'
{"role":{"created":true}}创建用户:
curl -H "Content-Type: application/json" -XPOST -u elastic:password123456 192.168.0.30:9200/_xpack/security/user/filebeat_internal -d '{
"password" : "x-pack-test-password",
"roles" : [ "filebeat_writer"],
"full_name" : "Internal Filebeat User"
}'
{"user":{"created":true}}示例二:
创建admin角色:
curl -H "Content-Type: application/json" -XPOST -u elastic:password123456 192.168.0.30:9200/_xpack/security/role/admin -d '{
"cluster":["all"],
"indices":[
{
"names":["*"],
"privileges":["all"]
}
]
}'创建admin用户:
curl -H "Content-Type: application/json" -XPOST -u elastic:password123456 192.168.0.30:9200/_xpack/security/user/admin -d '{
"password" : "password123456",
"roles" : [ "admin"],
"full_name" : "Internal Filebeat User"
}'
{"user":{"created":true}}参考:
elastic.co/guide/en/beats/filebeat/6.0/beats-basic-auth.html elasticsearch.cn/question/4397