網(wǎng)站后臺(tái)的形成有做網(wǎng)站的嗎
1 用戶認(rèn)證介紹
默認(rèn)ES是沒(méi)有設(shè)置用戶認(rèn)證訪問(wèn)的,所以每次訪問(wèn)時(shí),直接調(diào)相關(guān)API就能查詢和寫入數(shù)據(jù)?,F(xiàn)在做一個(gè)認(rèn)證,只有通過(guò)認(rèn)證的用戶才能訪問(wèn)和操作ES。
2 開(kāi)啟加密設(shè)置
1.生成證書(shū)文件
/usr/share/elasticsearch/bin/elasticsearch-certutil \
cert --days 3650 \
-out /etc/elasticsearch/config/elastic-certificates.p12 \
-pass ""輸入 Y 確認(rèn)
2.修改證書(shū)權(quán)限,可以發(fā)現(xiàn)是沒(méi)有讀權(quán)限的
[root@elk91~]# ll /etc/elasticsearch/config/
-rw------- 1 root elasticsearch 3596 Nov 22 10:54 elastic-certificates.p12
[root@elk91~]# chmod +r /etc/elasticsearch/config/elastic-certificates.p12
[root@elk91~]#
3.elk91節(jié)點(diǎn)同步證書(shū)文件到其他節(jié)點(diǎn)
scp -r /etc/elasticsearch/config/ 10.0.0.92:/etc/elasticsearch/
scp -r /etc/elasticsearch/config/ 10.0.0.93:/etc/elasticsearch/
4.所有節(jié)點(diǎn)修改ES集群的配置文件 **/etc/elasticsearch/elasticsearch.yml **,在最后一行添加以下內(nèi)容
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: config/elastic-certificates.p12
5.所有節(jié)點(diǎn)重啟ES集群
systemctl restart elasticsearch.service
6.所有節(jié)點(diǎn)檢查集群節(jié)點(diǎn)端口是否監(jiān)聽(tīng)
[root@elk91~]# ss -ntl | grep '9[2|3]00'
LISTEN 0 4096 *:9300 *:*
LISTEN 0 4096 *:9200 *:*
7.測(cè)試訪問(wèn)ES集群生效。ES集群加密成功,用戶無(wú)法直接訪問(wèn),直接會(huì)拒絕,狀態(tài)碼為401
curl 10.0.0.93:9200
{“error”:{“root_cause”:[{“type”:“security_exception”,“reason”:“missing authentication credentials for REST request [/]”,“header”:{“WWW-Authenticate”:"Basic realm=“security” charset=“UTF-8"”}}],“type”:“security_exception”,“reason”:“missing authentication credentials for REST request [/]”,“header”:{“WWW-Authenticate”:"Basic realm=“security” charset=“UTF-8"”}},“status”:401}
3 設(shè)置客戶端訪問(wèn)ES
3.1 生成訪問(wèn)ES所需密碼
如果手動(dòng)輸入密碼非常繁瑣,要輸入8次。自動(dòng)生成比較省事
1.自動(dòng)生成ES的隨機(jī)密碼
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto# 輸入 yChanged password for user apm_system
PASSWORD apm_system = LwZaR33f7BKl2vYK49zyChanged password for user kibana_system
PASSWORD kibana_system = ZR1gDykyGk50t55Dq7w9Changed password for user kibana
PASSWORD kibana = ZR1gDykyGk50t55Dq7w9Changed password for user logstash_system
PASSWORD logstash_system = Zx45S9uCJ4bSHmL3Hc4vChanged password for user beats_system
PASSWORD beats_system = Oi4DFzsFkFPx45g3MOa0Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = u7MupRNtSLZ5K6lpz7qxChanged password for user elastic
PASSWORD elastic = KZ0smMuIXcLEBfxGcqWW
2.使用用戶+密碼訪問(wèn)ES
[root@elk91~]# curl -u elastic:KZ0smMuIXcLEBfxGcqWW 10.0.0.93:9200/_cat/nodes
10.0.0.92 39 56 0 0.52 0.57 0.55 cdfhilmrstw - elk92
10.0.0.93 37 53 0 0.14 0.43 0.49 cdfhilmrstw - elk93
10.0.0.91 65 75 2 0.24 0.36 0.35 cdfhilmrstw * elk91
3.2 kibana訪問(wèn)ES
1.修改kibana的配置文件:/etc/kibana/kibana.yml,增加以下配置
elasticsearch.username: "kibana_system"
elasticsearch.password: "ZR1gDykyGk50t55Dq7w9"
2.重啟kibana
systemctl restart kibana.service
3.再次訪問(wèn)kibana,輸入 elastic + 密碼 即可登錄
3.3 filebeat訪問(wèn)ES
1.編寫filebeat配置文件后,在 output.elasticsearch 增加用戶認(rèn)證即可
cat > 17-tcp-to-es.yaml <<EOF
filebeat.inputs:
- type: tcphost: "0.0.0.0:9000"output.elasticsearch:hosts: - "http://10.0.0.91:9200"- "http://10.0.0.92:9200"- "http://10.0.0.93:9200"index: "zhiyong18-luckyboy-log-es-tls"# 在這里添加用戶認(rèn)證username: "elastic"password: "KZ0smMuIXcLEBfxGcqWW"setup.ilm.enabled: false
setup.template.name: "zhiyong18-luckyboy-modules"
setup.template.pattern: "zhiyong18-luckyboy-log*"
setup.template.overwrite: false
EOF
2.測(cè)試filebeat寫入成功
# 發(fā)送冊(cè)數(shù)數(shù)據(jù)
echo 'name: wzy' | nc 10.0.0.92 9000
可以查看到這條文檔
3.也可以在kibana上給es修改密碼
3.4 logstash訪問(wèn)ES
cat > 08-tcp-to-es_tls.conf <<EOF
input {tcp {port => 8888}
}output {stdout {}elasticsearch {hosts => ["http://10.0.0.91:9200","http://10.0.0.92:9200","http://10.0.0.93:9200"]index => "zhiyong18-luckyboy-es-tls-logstash-%{+yyyy.MM.dd}"user => "elastic"password => "123456"}
}
EOF
3.5 postman訪問(wèn)ES
:9200","http://10.0.0.93:9200"]index => "zhiyong18-luckyboy-es-tls-logstash-%{+yyyy.MM.dd}"user => "elastic"password => "123456"}
}
EOF