五、设置ELK密码(可选)
开启elasticsearch密码
vim /data/elk/elasticsearch/config/elasticsearch.yml
末尾增加两行# 开启密码 xpack.security.transport.ssl.enabled: true xpack.security.enabled: true为kibana配置访问密码
vim /data/elk/kibana/config/kibana.yml
末尾增加用户名密码配置# elk体系有很多的用户组,elastic是默认的用户组之一,可以使用默认的用户,也可以自定义用户 elasticsearch.username: "elastic" elasticsearch.password: "1qaz@WSX3edc"重启ELK
docker restart elk
重启可能报错.[elk] Exception org.elasticsearch.ElasticsearchSecurityException: invalid SSL configuration for xpack.security.transport.ssl - server ssl configuration requires a key and certificate, but these have not been configured; you must set either [xpack.security.transport.ssl.keystore.path], or both [xpack.security.transport.ssl.key] and [xpack.security.transport.ssl.certificate] at org.elasticsearch.xpack.core.ssl.SSLService.validateServerConfiguration(SSLService.java:635) ~[?:?] at org.elasticsearch.xpack.core.ssl.SSLService.loadSslConfigurations(SSLService.java:612) ~[?:?] at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:156) ~[?:?] at org.elasticsearch.xpack.core.XPackPlugin.createSSLService(XPackPlugin.java:461) ~[?:?] at org.elasticsearch.xpack.core.XPackPlugin.createComponents(XPackPlugin.java:310) ~[?:?] at org.elasticsearch.node.Node.lambda$new$14(Node.java:668) ~[elasticsearch-8.3.3.jar:?] at org.elasticsearch.plugins.PluginsService.lambda$flatMap$0(PluginsService.java:235) ~[elasticsearch-8.3.3.jar:?] at java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:273) ~[?:?] at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197) ~[?:?] at java.util.AbstractList$RandomAccessSpliterator.forEachRemaining(AbstractList.java:720) ~[?:?] at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509) ~[?:?] at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499) ~[?:?] at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:575) ~[?:?] at java.util.stream.AbstractPipeline.evaluateToArrayNode(AbstractPipeline.java:260) ~[?:?] at java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:616) ~[?:?] at java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:622) ~[?:?] at java.util.stream.ReferencePipeline.toList(ReferencePipeline.java:627) ~[?:?] at org.elasticsearch.node.Node.<init>(Node.java:681) ~[elasticsearch-8.3.3.jar:?] at org.elasticsearch.node.Node.<init>(Node.java:300) ~[elasticsearch-8.3.3.jar:?] at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:230) ~[elasticsearch-8.3.3.jar:?] at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:230) ~[elasticsearch-8.3.3.jar:?] at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:333) [elasticsearch-8.3.3.jar:?] at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:224) [elasticsearch-8.3.3.jar:?] at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:67) [elasticsearch-8.3.3.jar:?] [2022-09-05T19:41:12,778][ERROR][o.e.b.Elasticsearch ] [elk] fatal exception while booting Elasticsearch org.elasticsearch.bootstrap.StartupException: org.elasticsearch.ElasticsearchSecurityException: invalid SSL configuration for xpack.security.transport.ssl - server ssl configuration requires a key and certificate, but these have not been configured; you must set either [xpack.security.transport.ssl.keystore.path], or both [xpack.security.transport.ssl.key] and [xpack.security.transport.ssl.certificate] at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:228) [elasticsearch-8.3.3.jar:?] at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:67) [elasticsearch-8.3.3.jar:?] Caused by: org.elasticsearch.ElasticsearchSecurityException: invalid SSL configuration for xpack.security.transport.ssl - server ssl configuration requires a key and certificate, but these have not been configured; you must set either [xpack.security.transport.ssl.keystore.path], or both [xpack.security.transport.ssl.key] and [xpack.security.transport.ssl.certificate]较新的版本开启密码需要SSL证书, 如果报以上错误, 还原上面五-第一步的操作, 再重启ELK生成证书; 如果ELK正常重启, 跳过以下步骤。
3.1 重启ELKdocker restart elk
3.2 进入dockerdocker exec -it elk /bin/bash
3.3 生成elastic-stack-ca.p12文件cd /opt/elasticsearch ./bin/elasticsearch-certutil ca Please enter the desired output file [elastic-stack-ca.p12]: #回车 Enter password for elastic-stack-ca.p12 : #CA证书的密码,回车 # ls bin config data elastic-stack-ca.p12 jdk lib LICENSE.txt logs modules nohup.out NOTICE.txt plugins README.asciidoc3.4 生成elastic-certificates.p12文件
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 Enter password for CA (elastic-stack-ca.p12) : # CA证书的密码,直接回车 Please enter the desired output file [elastic-certificates.p12]: # 默认 Enter password for elastic-certificates.p12 : # 证书密码,直接回车3.5 回到宿主机,复制elastic-stack-ca.p12、elastic-certificates.p12到elaticsearch/config目录
docker cp elk:/opt/elasticsearch/elastic-certificates.p12 /data/elk/elasticsearch/config/ docker cp elk:/opt/elasticsearch/elastic-stack-ca.p12 /data/elk/elasticsearch/config/ # 修改权限 cd /data/elk chown -R 991:991 elasticsearch*3.6 再次编辑ES配置
vim /data/elk/elasticsearch/config/elasticsearch.yml# 开启密码 xpack.security.transport.ssl.enabled: true xpack.security.enabled: true xpack.license.self_generated.type: basic xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: elastic-certificates.p123.7 重启ELK
docker restart elk设置elasticsearch密码(启动容器后)
# 进入elk容器 docker exec -it elk /bin/bash cd /opt/elasticsearch/bin # 手动设置密码 ./elasticsearch-setup-passwords interactive # Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user. # You will be prompted to enter passwords as the process progresses. # Please confirm that you would like to continue [y/N] 按Y继续 # 在后面的提示中配置密码,配置密码即可, 会有很多个密码, 都配成跟上一步一样的密码: 1qaz@WSX3edc- 重启ELK
docker restart elk
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。