ELK 基本认证

在一台es上面生成文件http.p12证书

/usr/share/elasticsearch/bin/elasticsearch-certutil cert -out /etc/elasticsearch/elastic-certificates.p12 --pass ""

将证书改变权限

chown elasticsearch:elasticsearch /etc/elasticsearch/elastic-certificates.p12 

后将将证书同步到其他es节点，并设置权限

所有es节点修改es配置文件 并重启es

cat >> /etc/elasticsearch/elasticsearch.yml << eof
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
eof

systemctl restart elasticsearch.service 

起来后es集群已经起用了认证了

生成默认帐号,在一个es节点执行即可

 /usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto 

在kibana里面添加对应的帐号及密码

用上一步命令生成的kibana_system及对应的密码

server.publicBaseUrl: "http://x.x.x.x:5601"
elasticsearch.username: "kibana_system"
elasticsearch.password: "xxxxxxxxxxxxx"

然后重启kibana

systemctl restart kibana.service

对应的其他组件添加认证

metric

这个在所有的metric 上面都添加
在对应的logstash 处添加

output.elasticsearch:
  hosts: ["http://es01:9200","http://es02:9200","http://es03:9200"]
  username: "logstash_system1"
  password: "aNCxreH82W7ROkncOaJl"

注：权限给的在些，否则权限太小了可能 会失败
然后重启

logstash 对应的elactic 添加

output {
#   stdout {} 
  elasticsearch {
    hosts => ["http://es01:9200","http://es02:9200","http://es03:9200"]
    user => "xxxxxxxxxxxxxxxxxx"
   password => "xxxxxxxxxxxxxxxxxx"
    index => "bih_tha_flow-%{+YYYY.MM.dd}"

 }