每个ES节点的配置文件里加上:
xpack.security.enabled: true
然后重启所有ES节点,重启完成后,访问http://192.168.1.3:9200/_cat/health?v,可以看到要求输入用户名密码。而此时我们还没设置密码,下面开始设置密码:
[root@es1 ~]# cd /usr/share/elasticsearch/bin
[root@es1 bin]# ./elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
可以看到,我们修改了6个用户的密码,设置完成后,再次访问http://192.168.1.3:9200/_cat/health?v,输入用户名elastic,密码123456,就能看到集群健康状态了。这个时候如果访问kibana的话,也是要输入用户名和密码的,我们在kibana的配置文件也打开安全设置。
下面开始修改Kibana配置文件:
只需要在配置文件中加上下面两行内容即可:
[root@kibana ~]# vim /etc/kibana/kibana.yml
......
elasticsearch.username: "elastic"
elasticsearch.password: "123456"#这个密码一定要跟ES集群配置的用户名密码一致。
然后重启Kibana,重新访问192.168.1.9:5601:
此时输入用户名elastic和密码123456即可登录。
登陆后发现我们的索引是没数据的,检查logstash的日志可以看到有报错:
192168110[2020-04-03T14:29:04,598][ERROR][logstash.outputs.elasticsearch][main] Encountered a retryable error. Will Retry with exponential backoff {:code=>401, :url=>"http://192.168.1.7:9200/_bulk"}
[2020-04-03T14:29:07,045][ERROR][logstash.outputs.elasticsearch][main] Encountered a retryable error. Will Retry with exponential backoff {:code=>401, :url=>"http://192.168.1.6:9200/_bulk"}
[2020-04-03T14:29:11,118][ERROR][logstash.outputs.elasticsearch][main] Encountered a retryable error. Will Retry with exponential backoff {:code=>401, :url=>"http://192.168.1.7:9200/_bulk"}
[2020-04-03T14:29:19,137][ERROR][logstash.outputs.elasticsearch][main] Encountered a retryable error. Will Retry with exponential backoff {:code=>401, :url=>"http://192.168.1.7:9200/_bulk"}
这是因为我们的logstash的配置文件output部分是输出到ES集群的,我们刚刚给ES集群设置了安全认证,所以现在需要在output部分配置ES集群的用户名和密码:
output {
elasticsearch {
hosts => ["192.168.1.8:9200","192.168.1.6:9200","192.168.1.7:9200"]
index => 'nginx'
user => 'elastic'
password => '123456'
注意是user而不是username,用户名和密码都要用英文的单引号括起来。
配置完成后,再次启动logstash,可以正常启动了,Kibana中索引也有数据了。