elk-加密es账号密码 - 少年老余

1.加密kibana服务配置es的账号密码

进入/usr/share/kibana

[root@ansible kibana]# bin/kibana-keystore create
Created Kibana keystore in /var/lib/kibana/kibana.keystore
[root@ansible kibana]# bin/kibana-keystore add elasticsearch.username
Enter value for elasticsearch.username: ******   #输入es的kibana账号
[root@ansible kibana]# bin/kibana-keystore add elasticsearch.password
Enter value for elasticsearch.password: ******  #输入kibana账号对应密码

在kibana.yml 里不需输入es的账号密码，与下面logstash有所不同，logstash对应还需使用对应变量

2.加密logstash 里输出到es账号密码

[root@elk logstash]# set +o history
[root@elk logstash]# export LOGSTASH_KEYSTORE_PASS=mypassword
[root@elk logstash]# set -o history

[root@elk logstash]# ./bin/logstash-keystore create --path.settings /etc/logstash/

Created Logstash keystore at /etc/logstash/logstash.keystore

[root@elk logstash]# ./bin/logstash-keystore add ES_USER --path.settings /etc/logstash/
Enter value for ES_USER: 输入es账号

[root@elk logstash]# ./bin/logstash-keystore add ES_PASS --path.settings /etc/logstash/
Enter value for ES_PASS:输入es密码
查看结果：
[root@elk logstash]# ./bin/logstash-keystore list --path.settings /etc/logstash/

es_pass
es_user

如下必须有，不然logstash会报错： 

echo "LOGSTASH_KEYSTORE_PASS=mypassword" > /etc/sysconfig/logstash

不加报错信息：

4][ERROR][logstash.agent           ] Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Found a file at /etc/logstash/logstash.keystore, but it is not a valid Logstash keystore.", :backtrace=>["org.logstash.secret.store.backend.JavaKeyStore.load(org/logstash/secret/store/backend/JavaKeyStore.java:268)", "org.logstash.secret.store.backend.JavaKeyStore.load(org/logstash/secret/store/backend/JavaKeyStore.java:40)", "org.logstash.secret.store.SecretStoreFactory.doIt(org/logstash/secret/store/SecretStoreFactory.java:109)", "org.logstash.secret.store.SecretStoreFactory.load(org/logstash/secret/store/SecretStoreFactory.java:95)", "org.logstash.secret.store.SecretStoreExt.getIfExists(org/logstash/secret/store/SecretStoreExt.java:37)", "java.lang.reflect.Method.invoke(java/lang/reflect/Method.java:498)", "org.jruby.javasupport.JavaMethod.invokeDirectWithExceptionHandling(org/jruby/javasupport/JavaMethod.java:425)", "org.jruby.javasupport.JavaMethod.invokeStaticDirect(org/jruby/javasupport/JavaMethod.java:357)", "usr.share.logstash.logstash_minus_core.lib.logstash.util.substitution_variables.replace_placeholders(/usr/share/logstash/logstash-core/lib/logstash/util/substitution_variables.rb:45)", "org.jruby.RubyString.gsubCommon19(org/jruby/RubyString.java:3150)", "org.jruby.RubyString.gsubCommon19(org/jruby/RubyString.java:3105)", "org.jruby.RubyString.gsub(org/jruby/RubyString.java:3060)", "usr.share.logstash.logstash_minus_core.lib.logstash.util.substitution_variables.replace_placeholders(/usr/share/logstash/logstash-core/lib/logstash/util/substitution_variables.rb:35)", "usr.share.logstash.logstash_minus_core.lib.logstash.util.substitution_variables.deep_replace(/usr/share/logstash/logstash-core/lib/logstash/util/substitution_variables.rb:23)", "usr.share.logstash.logstash_minus_core.lib.logstash.config.mixin.config_init(/usr/share/logstash/logstash-core/lib/logstash/config/mixin.rb:82)", "org.jruby.RubyHash$12.visit(org/jruby/RubyHash.java:1438)", "org.jruby.RubyHash$12.visit(org/jruby/RubyHash.java:1435)", "org.jruby.RubyHash.visitLimited(org/jruby/RubyHash.java:690)", "org.jruby.RubyHash.visitAll(org/jruby/RubyHash.java:675)", "org.jruby.RubyHash.iteratorVisitAll(org/jruby/RubyHash.java:1395)", "org.jruby.RubyHash.each_pairCommon(org/jruby/RubyHash.java:1430)", "org.jruby.RubyHash.each(org/jruby/RubyHash.java:1419)", "usr.share.logstash.logstash_minus_core.lib.logstash.config.mixin.config_init(/usr/share/logstash/logstash-core/lib/logstash/config/mixin.rb:81)", "usr.share.logstash.logstash_minus_core.lib.logstash.config.mixin.RUBY$method$config_init$0$__VARARGS__(usr/share/logstash/logstash_minus_core/lib/logstash/config//usr/share/logstash/logstash-core/lib/logstash/config/mixin.rb)", "usr.share.logstash.logstash_minus_core.lib.logstash.outputs.base.initialize(/usr/share/logstash/logstash-core/lib/logstash/outputs/base.rb:60)", "org.jruby.RubyClass.newInstance(org/jruby/RubyClass.java:894)", "org.jruby.RubyClass$INVOKER$i$newInstance.call(org/jruby/RubyClass$INVOKER$i$newInstance.gen)", "org.jruby.RubyClass.finvoke(org/jruby/RubyClass.java:798)", "org.jruby.RubyBasicObject.callMethod(org/jruby/RubyBasicObject.java:363)", "org.logstash.config.ir.compiler.OutputStrategyExt$SimpleAbstractOutputStrategyExt.initialize(org/logstash/config/ir/compiler/OutputStrategyExt.java:232)", "org.logstash.config.ir.compiler.OutputStrategyExt$SimpleAbstractOutputStrategyExt$INVOKER$i$1$0$initialize.call(org/logstash/config/ir/compiler/OutputStrategyExt$SimpleAbstractOutputStrategyExt$INVOKER$i$1$0$initialize.gen)", "org.jruby.RubyClass.newInstance(org/jruby/RubyClass.java:915)", "org.logstash.config.ir.compiler.OutputDelegatorExt.initialize(org/logstash/config/ir/compiler/OutputDelegatorExt.java:48)", "org.logstash.config.ir.compiler.OutputDelegatorExt.initialize(org/logstash/config/ir/compiler/OutputDelegatorExt.java:30)", "org.logstash.plugins.PluginFactoryExt$Plugins.plugin(org/logstash/plugins/PluginFactoryExt.java:239)", "org.logstash.plugins.PluginFactoryExt$Plugins.buildOutput(org/logstash/plugins/PluginFactoryExt.java:137)", "org.logstash.config.ir.CompiledPipeline.lambda$setupOutputs$0(org/logstash/config/ir/CompiledPipeline.java:115)", "java.util.ArrayList.forEach(java/util/ArrayList.java:1257)", "org.logstash.config.ir.CompiledPipeline.setupOutputs(org/logstash/config/ir/CompiledPipeline.java:112)", "org.logstash.config.ir.CompiledPipeline.<init>(org/logstash/config/ir/CompiledPipeline.java:82)", "org.logstash.execution.JavaBasePipelineExt.initialize(org/logstash/execution/JavaBasePipelineExt.java:50)", "org.logstash.execution.JavaBasePipelineExt$INVOKER$i$1$0$initialize.call(org/logstash/execution/JavaBasePipelineExt$INVOKER$i$1$0$initialize.gen)", "org.jruby.RubyClass.newInstance(org/jruby/RubyClass.java:915)", "org.jruby.RubyClass$INVOKER$i$newInstance.call(org/jruby/RubyClass$INVOKER$i$newInstance.gen)", "usr.share.logstash.logstash_minus_core.lib.logstash.pipeline_action.reload.execute(/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/reload.rb:37)", "usr.share.logstash.logstash_minus_core.lib.logstash.pipeline_action.reload.RUBY$method$execute$0$__VARARGS__(usr/share/logstash/logstash_minus_core/lib/logstash/pipeline_action//usr/share/logstash/logstash-core/lib/logstash/pipeline_action/reload.rb)", "usr.share.logstash.logstash_minus_core.lib.logstash.agent.converge_state(/usr/share/logstash/logstash-core/lib/logstash/agent.rb:325)", "org.jruby.RubyProc.call(org/jruby/RubyProc.java:295)", "org.jruby.RubyProc.call(org/jruby/RubyProc.java:274)", "org.jruby.RubyProc.call(org/jruby/RubyProc.java:270)", "java.lang.Thread.run(java/lang/Thread.java:748)"]}

View Code

logstash 使用变量

output {
  elasticsearch {
    hosts => "localhost:9200"
    manage_template => false
    index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
    user => "${ES_USER}"
    password => "${ES_PASS}"
  }
}

参考官网：用于安全设置|的秘密密钥库参考日志 [7.1] |弹性的 (elastic.co)

发表于 2022-04-22 22:19 少年老余阅读(572) 评论(0) 收藏举报