x-pack为elasticsearch, logstash, kibana提供了监控,报警,用户认证等功能,属于一个集成的插件。如果不使用X-PACK,自己来监控的话通常是使用zabbix+ API监控和报警。 但是ES默认不需要用户和密码登入,如果ES环境比较大,权限控制还是比较重要,也算是穿了件衣服,不那么容易曝光。
X-PACK的安装不做具体介绍,参考官网:https://www.elastic.co/guide/en/x-pack/current/installing-xpack.html,写的很详细了。
x-pack分4种license,basic和商业版,好像都是收费的。
1. ES增加的参数大致如下:
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,Content-Type
2. logstash.yml 增加的参数:
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: logstash_system
xpack.monitoring.elasticsearch.url: ["http://10.215.4.166:9200", "http://10.215.4.167:9200"]
xpack.management.logstash.poll_interval: 5s
xpack.monitoring.elasticsearch.sniffing: true
pipeline.yml, 添加user和 password:
elasticsearch {
hosts => ["10.215.4.166:9200", "10.215.4.167:9200"]
index => "slow_log"
user => elastic
password => elastic
}
3. kibana参加参数:
elasticsearch.username: "kibana"
elasticsearch.password: "kibana"
这里需要提一下,使用了x-pack之后,默认plugin-head是连接不上ES的,因为需要用户认证。添加下面这行即可。
http.cors.allow-headers: Authorization,Content-Type
plugin-head访问的时候带上用户名和密码:
http://10.10.192.88:9100/?auth_user=elastic&auth_password=elastic