$ /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
-
interactive:给用户一一设置密码。
-
auto:自动生成密码。
如果这个地方报如下错误:
Failed to determine the health of the cluster running at http://192.168.3.42:9200
Unexpected response code [503] from calling GET http://192.168.3.42:9200/_cluster/health?pretty
Cause: master_not_discovered_exception
It is recommended that you resolve the issues with your cluster before running elasticsearch-setup-passwords.
It is very likely that the password changes will fail when run against an unhealthy cluster.
Do you want to continue with the password setup process [y/N]y
可能是有脏数据导致,此时可以停掉es,删除 data 数据目录,然后重新启动在进行操作。
配置完毕之后,可以通过如下方式访问es服务:
curl -XGET -u elastic ‘localhost:9200/_xpack/security/user?pretty’
curl 127.0.0.1:9200 -u elastic
3,配置kibana连接。
开启了安全认证之后,kibana连接es以及访问es都需要认证。
变更kibana的配置,一共有两种方法,一种明文的,一种密文的。
1,明文配置
server.port: 5601
server.host: “0.0.0.0”
server.name: “es-node1”
elasticsearch.hosts: [“http://192.168.3.42:9200”]
kibana.index: “.kibana”
i18n.locale: “zh-CN”
elasticsearch.username: “kibana”
elasticsearch.password: “kibana_passwd”
xpack.reporting.encryptionKey: “a_random_string”
xpack.security.encryptionKey: “something_at_least_32_characters”
-
elasticsearch.username:连接es的用户名。
-
elasticsearch.password
:连接es的密码。 -
xpack.reporting.encryptionKey
:如果不添加这条配置,将会报错Generating a random key for xpack.reporting.encryptionKey. To prevent pending reports from failing on restart, please set xpack.reporting.encryptionKey in kibana.yml
。 -
xpack.security.encryptionKey
:如果不配置这条,将会报错Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in kibana.yml
。
2,密文配置
当然肯定推荐使用这种密文的方式进行认证,认证之前,需要首先将用户名密码保存到内置的ketstore里。
/usr/share/kibana/bin/kibana-keystore --allow-root create
/usr/share/kibana/bin/kibana-keystore --allow-root add elasticsearch.username
/usr/share/kibana/bin/kibana-keystore --allow-root add elasticsearch.password
原封不动执行如上三条命令,用户名的时候输入kibana,密码写入对应密码,接着调整kibana的配置:
server.port: 5601
server.host: “0.0.0.0”
server.name: “es-node1”
elasticsearch.hosts: [“http://192.168.3.42:9200”]
kibana.index: “.kibana”
i18n.locale: “zh-CN”
xpack.reporting.encryptionKey: “a_random_string”
xpack.security.encryptionKey: “something_at_least_32_characters”
然后重启kibana即可访问,访问的时候使用elastic的用户密码登入,将是全局管理权限,如果需要创建kibana的只读用户,则可以通过管理–用户–新建用户,对用户进行角色授权即可。
3,logstash配置认证。
打开自定义的logstash的配置文件logstash.conf,在output中增加elasticsearch的用户名和密码
[root@ELK1 ~]# vim /home/elk/logstash-7.2.1/config/logstash.conf
input {
beats {
port => 5044
}
}
output {
stdout {
codec => rubydebug
}
elasticsearch {
hosts => [“192.168.3.42:9200”]
user => “elastic”
password => “123456”
}
}
4,集群配置。
在我配置过程中,发现集群认证需要首先配置秘钥才行,否则在给内置用户创建秘钥的时候将会报错。
1,证书。
如下操作在其中一个node节点执行即可,生成完证书传到集群其他节点即可。
/usr/share/elasticsearch/bin/elasticsearch-certutil ca
/usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
两条命令均一路回车即可,不需要给秘钥再添加密码。
证书创建完成之后,默认在es的数据目录,这里统一放到etc下:
$ ls elastic-*
elastic-certificates.p12 elastic-stack-ca.p12
mv elastic-* /etc/elasticsearch/
chown elasticsearch.elasticsearch elastic*
同样,将如上命令生成的两个证书文件拷贝到另外两台机器作为通信依据。
2,配置。
三台机器配置文件如下:
cluster.name: test-search
node.name: es-node-1
path.data: /data/elasticsearch/data
path.logs: /data/elasticsearch/log
network.host: 0.0.0.0
http.port: 9200
transport.tcp.port: 9300
discovery.seed_hosts: [“192.168.3.3:9300”,“192.168.3.4:9300”,“192.168.3.5:9300”]
cluster.initial_master_nodes: [“192.168.3.3:9300”,“192.168.3.4:9300”,“192.168.3.5:9300”]
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/elastic-certificates.p12
除了node.name使用各自主机名之外,其他配置都一样。
如上配置无误,则可以启动es。
3,为内置账号添加密码
ES中内置了几个管理其他集成组件的账号即:apm_system
, beats_system
, elastic
, kibana
, logstash_system
, remote_monitoring_user
,使用之前,首先需要添加一下密码。
$ /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
自我介绍一下,小编13年上海交大毕业,曾经在小公司待过,也去过华为、OPPO等大厂,18年进入阿里一直到现在。
深知大多数Java工程师,想要提升技能,往往是自己摸索成长或者是报班学习,但对于培训机构动则几千的学费,着实压力不小。自己不成体系的自学效果低效又漫长,而且极易碰到天花板技术停滞不前!
因此收集整理了一份《2024年Java开发全套学习资料》,初衷也很简单,就是希望能够帮助到想自学提升又不知道该从何学起的朋友,同时减轻大家的负担。
既有适合小白学习的零基础资料,也有适合3年以上经验的小伙伴深入学习提升的进阶课程,基本涵盖了95%以上Java开发知识点,真正体系化!
由于文件比较大,这里只是将部分目录截图出来,每个节点里面都包含大厂面经、学习笔记、源码讲义、实战项目、讲解视频,并且会持续更新!
如果你觉得这些内容对你有帮助,可以扫码获取!!(备注:Java)
总结
阿里伤透我心,疯狂复习刷题,终于喜提offer 哈哈~好啦,不闲扯了
1、JAVA面试核心知识整理(PDF):包含JVM,JAVA集合,JAVA多线程并发,JAVA基础,Spring原理,微服务,Netty与RPC,网络,日志,Zookeeper,Kafka,RabbitMQ,Hbase,MongoDB,Cassandra,设计模式,负载均衡,数据库,一致性哈希,JAVA算法,数据结构,加密算法,分布式缓存,Hadoop,Spark,Storm,YARN,机器学习,云计算共30个章节。
2、Redis学习笔记及学习思维脑图
3、数据面试必备20题+数据库性能优化的21个最佳实践
《互联网大厂面试真题解析、进阶开发核心学习笔记、全套讲解视频、实战项目源码讲义》点击传送门即可获取!
DB**,Cassandra,设计模式,负载均衡,数据库,一致性哈希,JAVA算法,数据结构,加密算法,分布式缓存,Hadoop,Spark,Storm,YARN,机器学习,云计算共30个章节。
[外链图片转存中…(img-26K5OInM-1713838145154)]
2、Redis学习笔记及学习思维脑图
[外链图片转存中…(img-wrJ0iy55-1713838145155)]
3、数据面试必备20题+数据库性能优化的21个最佳实践
[外链图片转存中…(img-JjuIAcbF-1713838145155)]
《互联网大厂面试真题解析、进阶开发核心学习笔记、全套讲解视频、实战项目源码讲义》点击传送门即可获取!