目录
一 yml文件配置
在我的上一篇文章中打开ELK集群并没有密码,安全性有所降低,所以新增登录界面
version: '2.2' services: es01: image: elasticsearch:7.17.9 container_name: es01 environment: - node.name=es01 - cluster.name=es-docker-cluster - discovery.seed_hosts=es02,es03 - cluster.initial_master_nodes=es01,es02,es03 - bootstrap.memory_lock=true - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - xpack.security.enabled=true - xpack.security.transport.ssl.enabled=true - xpack.security.transport.ssl.verification_mode=certificate - xpack.security.transport.ssl.keystore.path=/usr/share/elasticsearch/config/elastic-certificates.p12 - xpack.security.transport.ssl.truststore.path=/usr/share/elasticsearch/config/elastic-certificates.p12 ulimits: memlock: soft: -1 hard: -1 volumes: - data01:/usr/share/elasticsearch/data - /root/elk_docker/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12 ports: - 9200:9200 networks: - elastic restart: always es02: image: elasticsearch:7.17.9 container_name: es02 environment: - node.name=es02 - cluster.name=es-docker-cluster - discovery.seed_hosts=es01,es03 - cluster.initial_master_nodes=es01,es02,es03 - bootstrap.memory_lock=true - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - xpack.security.enabled=true - xpack.security.transport.ssl.enabled=true - xpack.security.transport.ssl.verification_mode=certificate - xpack.security.transport.ssl.keystore.path=/usr/share/elasticsearch/config/elastic-certificates.p12 - xpack.security.transport.ssl.truststore.path=/usr/share/elasticsearch/config/elastic-certificates.p12 ulimits: memlock: soft: -1 hard: -1 volumes: - data02:/usr/share/elasticsearch/data - /root/elk_docker/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12 networks: - elastic restart: always kibana: depends_on: - es01 container_name: kibana image: kibana:7.17.9 ulimits: memlock: soft: -1 hard: -1 volumes: - /root/elk_docker/kibana.yml:/usr/share/kibana/config/kibana.yml - data03:/usr/share/kibana/data ports: - 5601:5601 environment: - SERVER_NAME=kibana networks: - elastic mem_limit: 2G restart: always filebeat: image: filebeat:7.17.9 user: root container_name: filebeat volumes: - /var/log/audit/audit.log:/message.log - /root/elk_docker/filebeat.yml:/usr/share/filebeat/filebeat.yml networks: - elastic restart: always volumes: data01: driver: local data02: driver: local data03: driver: local networks: elastic: driver: bridge
二 配置文件
2.1 SSL密钥文件
docker exec -it es01 bash ##进入容器 ./bin/elasticserch-setup-passwords auto ##生成自动密码 ,也可以自己设置 ************************************************ Changed password for user apm_system PASSWORD apm_system = QUHGJHaaNE8IYmFGYvjm Changed password for user kibana_system PASSWORD kibana_system = So2XAdkEuFMDcfLmNbcA Changed password for user kibana PASSWORD kibana = So2XAdkEuFMDcfLmNbcA Changed password for user logstash_system PASSWORD logstash_system = UxooDfCKMxj29TuxHYQj Changed password for user beats_system PASSWORD beats_system = ELaDkdsg7Q1hMgJf3HiW Changed password for user remote_monitoring_user PASSWORD remote_monitoring_user = uE91OmlMhWtw6aEM59iW Changed password for user elastic PASSWORD elastic = fqSfBC7ZEHI3tZB1c2fH **************************************************
2.2 kibna.yml文件
elasticsearch.username: "kibana_system" elasticsearch.password: "So2XAdkEuFMDcfLmNbcA"
新增两行用于登录elastic
2.3 filebeat文件
elasticsearch.username: "elastic" elasticsearch.password: "fqSfBC7ZEHI3tZB1c2fH"
用于输出到es集群不报错